github.com/GoogleContainerTools/skaffold@v1.39.18/deploy/lts-vuln-monitor/report.sh

github.com/GoogleContainerTools/skaffold@v1.39.18/deploy/lts-vuln-monitor/report.sh (about)

     1  #!/bin/bash
     2  # Copyright 2021 The Skaffold Authors
     3  #
     4  # Licensed under the Apache License, Version 2.0 (the "License");
     5  # you may not use this file except in compliance with the License.
     6  # You may obtain a copy of the License at
     7  #
     8  #     http://www.apache.org/licenses/LICENSE-2.0
     9  #
    10  # Unless required by applicable law or agreed to in writing, software
    11  # distributed under the License is distributed on an "AS IS" BASIS,
    12  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  # See the License for the specific language governing permissions and
    14  # limitations under the License.
    15  
    16  # This script creates a github issue if it hasn't been created when there
    17  # are vulnerabilities found in the LTS image.
    18  
    19  set -xeo pipefail
    20  
    21  # Variables that will be substituted in cloudbuild.yaml.
    22  if [ -z "$_OS_VULN_LABEL" ]; then
    23    _OS_VULN_LABEL="lts os vuln"
    24  fi
    25  if [ -z "$_REPO" ]; then
    26    _REPO="GoogleContainerTools/skaffold"
    27  fi
    28  
    29  if [ -z "$_REF_ISSUE" ]; then
    30    _REF_ISSUE="7169"
    31  fi
    32  
    33  TITLE_OS="LTS image has OS vulnerability!"
    34  OS_VULN_FILE=/workspace/os_vuln.txt
    35  IMAGES_TO_REPORT_FILE=/workspace/images_to_report.txt
    36  
    37  append() {
    38    echo -e $1 >> $2
    39  }
    40  
    41  check_existing_issue() {
    42    label=$1
    43    # Returns the open issues. There should be only one issue opened at a time.
    44    issue_num=$(gh issue list --label="$label" --repo="$_REPO" --json number | grep -oP 'number":\s*\K\d+' | head -n 1)
    45  
    46    if [ "$issue_num" ]; then
    47      echo >&2 "There is already an issue opened for the detected vulnerabilities in the LTS images." && echo "$issue_num"
    48    else
    49      echo "-1"
    50    fi
    51  }
    52  
    53  init_body_file(){
    54   append "Please patch the below images with instructions mentioned [here](https://docs.google.com/document/d/1gYJVoBCZiRzUTQs_-wKsfhHdskiMtJtWWQyI-t0mhC8/edit?resourcekey=0-NdLapTumfpzxH_bri0fLZQ#heading=h.p4mphzyz8m7y).\n" "$IMAGES_TO_REPORT_FILE"
    55  
    56   # Only pick the last patched version.
    57   cat "$OS_VULN_FILE" |sort -nr | awk -F'[:.]' '$3$4!=p&&p=$3$4' >> "$IMAGES_TO_REPORT_FILE"
    58  
    59   append "\nOnce the patched images are available, please ping Cloud Deploy team until there is an automated way to notify (issue#$_REF_ISSUE)." "$IMAGES_TO_REPORT_FILE"
    60  }
    61  
    62  create_issue() {
    63    title="$1"
    64    body_file="$2"
    65    label="$3"
    66    gh issue create --title="${title}" --label="${label}" --body-file="$body_file" --repo="$_REPO"
    67  }
    68  
    69  update_issue() {
    70    num="$1"
    71    body_file="$2"
    72    gh issue edit "$num" --body-file="$body_file" --repo="$_REPO"
    73  }
    74  
    75  gh auth login --with-token <token.txt
    76  issue_num=$(check_existing_issue "$_OS_VULN_LABEL")
    77  
    78  init_body_file
    79  if [ "$issue_num" -eq "-1" ]; then
    80    echo "Creating an issue..."
    81    create_issue "$TITLE_OS" "$IMAGES_TO_REPORT_FILE" "$_OS_VULN_LABEL"
    82  else
    83    echo "Updating issue: #""$issue_num"
    84    update_issue "$issue_num" "$IMAGES_TO_REPORT_FILE"
    85  fi