Skip to content

Commit

Permalink
Generate SBOM for AR images
Browse files Browse the repository at this point in the history 
Signed-off-by: Jeffrey Kinard <[email protected]>
  • Loading branch information
@Polber
Polber committed Sep 23, 2024
1 parent 2e0b521 commit 83d8e6b
Show file tree
Hide file tree
Showing 2 changed files with 189 additions and 158 deletions.
318 changes: 168 additions & 150 deletions .github/workflows/java-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,155 +52,173 @@ env:
permissions: read-all

jobs:
spotless_check:
name: Spotless
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Spotless
run: ./cicd/run-spotless
checkstyle_check:
name: Checkstyle
timeout-minutes: 10
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Checkstyle
run: ./cicd/run-checkstyle
java_build:
name: Build
timeout-minutes: 60
test:
name: Test
runs-on: [self-hosted, it]
timeout-minutes: 30
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Build
run: ./cicd/run-build
- name: Cleanup Java Environment
uses: ./.github/actions/cleanup-java-env
java_unit_tests:
name: Unit Tests
needs: [java_build]
timeout-minutes: 60
runs-on: [self-hosted, it]
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Unit Tests
run: ./cicd/run-unit-tests
- name: Upload Unit Tests Report
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: always() # always run even if the previous step fails
with:
name: surefire-test-results
path: '**/surefire-reports/TEST-*.xml'
retention-days: 1
- name: Upload coverage reports to Codecov
uses: codecov/[email protected]
with:
token: ${{ secrets.CODECOV_TOKEN }}
slug: GoogleCloudPlatform/DataflowTemplates
files: 'target/site/jacoco-aggregate/jacoco.xml'
# Temp fix for https://github.com/codecov/codecov-action/issues/1487
version: v0.6.0
- name: Cleanup Java Environment
uses: ./.github/actions/cleanup-java-env
if: always()
java_integration_smoke_tests_templates:
name: Dataflow Templates Integration Smoke Tests
needs: [spotless_check, checkstyle_check, java_build, java_unit_tests]
timeout-minutes: 60
# Run on any runner that matches all the specified runs-on values.
runs-on: [self-hosted, it]
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Integration Smoke Tests
run: |
./cicd/run-it-smoke-tests \
--modules-to-build="DEFAULT" \
--it-region="us-central1" \
--it-project="cloud-teleport-testing" \
--it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
--it-private-connectivity="datastream-private-connect-us-central1"
- name: Upload Smoke Tests Report
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: always() # always run even if the previous step fails
with:
name: surefire-test-results
path: '**/surefire-reports/TEST-*.xml'
retention-days: 1
- name: Cleanup Java Environment
uses: ./.github/actions/cleanup-java-env
if: always()
java_integration_tests_templates:
name: Dataflow Templates Integration Tests
needs: [java_integration_smoke_tests_templates]
timeout-minutes: 240
# Run on any runner that matches all the specified runs-on values.
runs-on: [self-hosted, it]
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Integration Tests
run: |
./cicd/run-it-tests \
--modules-to-build="DEFAULT" \
--it-region="us-central1" \
--it-project="cloud-teleport-testing" \
--it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
--it-private-connectivity="datastream-private-connect-us-central1"
- name: Upload Integration Tests Report
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if: always() # always run even if the previous step fails
with:
name: surefire-test-results
path: '**/surefire-reports/TEST-*.xml'
retention-days: 1
- name: Cleanup Java Environment
uses: ./.github/actions/cleanup-java-env
if: always()
java_load_tests_templates:
if: contains(github.event.pull_request.labels.*.name, 'run-load-tests')
name: Dataflow Templates Load Tests
needs: [spotless_check, checkstyle_check, java_build, java_unit_tests, java_integration_tests_templates]
timeout-minutes: 600
# Run on any runner that matches all the specified runs-on values.
runs-on: [self-hosted, perf]
steps:
- name: Checkout Code
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Environment
id: setup-env
uses: ./.github/actions/setup-env
- name: Run Load Tests
run: |
./cicd/run-load-tests \
--it-region="us-central1" \
--it-project="cloud-teleport-testing" \
--it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
--it-private-connectivity="datastream-private-connect-us-central1"
- name: Cleanup Java Environment
uses: ./.github/actions/cleanup-java-env
if: always()
- name: Test staging
run: |
mvn compile package \
-f /home/runner/actions-runner/_work/DataflowTemplates/DataflowTemplates/pom.xml \
-pl metadata,v2/common,v2/mongodb-to-googlecloud,plugins/templates-maven-plugin \
-am -PtemplatesStage,pluginOutputDir \
-DpluginRunId=frfWSWvgSepxmqsj -DskipShade=true -DskipTests -Dmaven.test.skip \
-Dcheckstyle.skip -Dmdep.analyze.skip -Dspotless.check.skip -Denforcer.skip \
-DprojectId=cloud-teleport-testing -Dregion=us-central1 \
-DbucketName=cloud-teleport-testing-it-gitactions \
-DgcpTempLocation=cloud-teleport-testing-it-gitactions \
-DstagePrefix=2024-09-23-00-00-00_IT -DtemplateName=MongoDB_to_BigQuery \
-DunifiedWorker=null -e
# spotless_check:
# name: Spotless
# timeout-minutes: 10
# runs-on: ubuntu-latest
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Spotless
# run: ./cicd/run-spotless
# checkstyle_check:
# name: Checkstyle
# timeout-minutes: 10
# runs-on: ubuntu-latest
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Checkstyle
# run: ./cicd/run-checkstyle
# java_build:
# name: Build
# timeout-minutes: 60
# runs-on: [self-hosted, it]
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Build
# run: ./cicd/run-build
# - name: Cleanup Java Environment
# uses: ./.github/actions/cleanup-java-env
# java_unit_tests:
# name: Unit Tests
# needs: [java_build]
# timeout-minutes: 60
# runs-on: [self-hosted, it]
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Unit Tests
# run: ./cicd/run-unit-tests
# - name: Upload Unit Tests Report
# uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
# if: always() # always run even if the previous step fails
# with:
# name: surefire-test-results
# path: '**/surefire-reports/TEST-*.xml'
# retention-days: 1
# - name: Upload coverage reports to Codecov
# uses: codecov/[email protected]
# with:
# token: ${{ secrets.CODECOV_TOKEN }}
# slug: GoogleCloudPlatform/DataflowTemplates
# files: 'target/site/jacoco-aggregate/jacoco.xml'
# # Temp fix for https://github.com/codecov/codecov-action/issues/1487
# version: v0.6.0
# - name: Cleanup Java Environment
# uses: ./.github/actions/cleanup-java-env
# if: always()
# java_integration_smoke_tests_templates:
# name: Dataflow Templates Integration Smoke Tests
# needs: [spotless_check, checkstyle_check, java_build, java_unit_tests]
# timeout-minutes: 60
# # Run on any runner that matches all the specified runs-on values.
# runs-on: [self-hosted, it]
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Integration Smoke Tests
# run: |
# ./cicd/run-it-smoke-tests \
# --modules-to-build="DEFAULT" \
# --it-region="us-central1" \
# --it-project="cloud-teleport-testing" \
# --it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
# --it-private-connectivity="datastream-private-connect-us-central1"
# - name: Upload Smoke Tests Report
# uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
# if: always() # always run even if the previous step fails
# with:
# name: surefire-test-results
# path: '**/surefire-reports/TEST-*.xml'
# retention-days: 1
# - name: Cleanup Java Environment
# uses: ./.github/actions/cleanup-java-env
# if: always()
# java_integration_tests_templates:
# name: Dataflow Templates Integration Tests
# needs: [java_integration_smoke_tests_templates]
# timeout-minutes: 240
# # Run on any runner that matches all the specified runs-on values.
# runs-on: [self-hosted, it]
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Integration Tests
# run: |
# ./cicd/run-it-tests \
# --modules-to-build="DEFAULT" \
# --it-region="us-central1" \
# --it-project="cloud-teleport-testing" \
# --it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
# --it-private-connectivity="datastream-private-connect-us-central1"
# - name: Upload Integration Tests Report
# uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
# if: always() # always run even if the previous step fails
# with:
# name: surefire-test-results
# path: '**/surefire-reports/TEST-*.xml'
# retention-days: 1
# - name: Cleanup Java Environment
# uses: ./.github/actions/cleanup-java-env
# if: always()
# java_load_tests_templates:
# if: contains(github.event.pull_request.labels.*.name, 'run-load-tests')
# name: Dataflow Templates Load Tests
# needs: [spotless_check, checkstyle_check, java_build, java_unit_tests, java_integration_tests_templates]
# timeout-minutes: 600
# # Run on any runner that matches all the specified runs-on values.
# runs-on: [self-hosted, perf]
# steps:
# - name: Checkout Code
# uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# - name: Setup Environment
# id: setup-env
# uses: ./.github/actions/setup-env
# - name: Run Load Tests
# run: |
# ./cicd/run-load-tests \
# --it-region="us-central1" \
# --it-project="cloud-teleport-testing" \
# --it-artifact-bucket="cloud-teleport-testing-it-gitactions" \
# --it-private-connectivity="datastream-private-connect-us-central1"
# - name: Cleanup Java Environment
# uses: ./.github/actions/cleanup-java-env
# if: always()
29 changes: 21 additions & 8 deletions ...maven-plugin/src/main/java/com/google/cloud/teleport/plugin/maven/TemplatesStageMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,12 +197,7 @@ public void execute() throws MojoExecutionException {
}

LOG.info("Staging template {}...", currentTemplateName);

if (definition.isFlex()) {
stageFlexTemplate(definition, imageSpec, pluginManager);
} else {
stageClassicTemplate(definition, imageSpec, pluginManager);
}
stageTemplate(definition, imageSpec, pluginManager);
}

} catch (DependencyResolutionRequiredException e) {
Expand All @@ -222,11 +217,17 @@ public void execute() throws MojoExecutionException {
public String stageTemplate(
TemplateDefinitions definition, ImageSpec imageSpec, BuildPluginManager pluginManager)
throws MojoExecutionException, IOException, InterruptedException, TemplateException {
String stagedTemplate;
if (definition.isClassic()) {
return stageClassicTemplate(definition, imageSpec, pluginManager);
stagedTemplate = stageClassicTemplate(definition, imageSpec, pluginManager);
} else {
return stageFlexTemplate(definition, imageSpec, pluginManager);
stagedTemplate = stageFlexTemplate(definition, imageSpec, pluginManager);
}

LOG.info("Generating SBOM for {}...", imageSpec.getImage());
generateSBOM(imageSpec.getImage());

return stagedTemplate;
}

/**
Expand Down Expand Up @@ -886,6 +887,18 @@ private void stageXlangUsingDockerfile(String imagePath, String dockerfile)
}
}

private static void generateSBOM(String imagePath) throws IOException, InterruptedException {
Process stageProcess =
runCommand(
new String[] {"gcloud", "artifacts", "sbom", "export", "--uri", imagePath + ":latest"},
null);

if (stageProcess.waitFor() != 0) {
LOG.warn(
"Possible error building SBOM for container image using gcloud. Check logs for details.");
}
}

private static Process runCommand(String[] gcloudBuildsCmd, File directory) throws IOException {
LOG.info("Running: {}", String.join(" ", gcloudBuildsCmd));

Expand Down

0 comments on commit 83d8e6b

Please sign in to comment.