Merge pull request #311 from cnlkl/issue_197

feat: 增加体验镜像制品分析初始化数据 #197

scripts/bk-repo-all-in-one-startup.sh

@@ -29,7 +29,7 @@ $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_H
 $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#vhosts#bkrepo.docker.server.conf
 $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#server.common.conf
 $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#lua#init.lua
-$BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/frontend#ui#index.html
+$BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env -E BK_REPO_SHOW_ANALYST_MENU=true $BK_REPO_HOME/support-files/templates/frontend#ui#index.html
 
 ##启动网关程序
 echo "启动网关..."

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/configuration/ScannerConfiguration.kt

@@ -89,7 +89,7 @@ class ScannerConfiguration {
         temporaryScanTokenService: TemporaryScanTokenService,
         @Qualifier(STATE_MACHINE_ID_SUB_SCAN_TASK)
         subtaskStateMachine: StateMachine,
-        executorClient: ExecutorClient
+        executorClient: ObjectProvider<ExecutorClient>
     ): SubtaskPoller {
         return SubtaskPoller(
             dispatcher, scanService, scannerService, temporaryScanTokenService, subtaskStateMachine, executorClient

src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dispatcher/SubtaskPoller.kt

@@ -41,6 +41,7 @@ import com.tencent.bkrepo.common.analysis.pojo.scanner.SubScanTaskStatus.PULLED
 import com.tencent.bkrepo.statemachine.Event
 import com.tencent.bkrepo.statemachine.StateMachine
 import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.ObjectProvider
 import org.springframework.context.event.EventListener
 import org.springframework.scheduling.annotation.Async
 import org.springframework.scheduling.annotation.Scheduled
@@ -51,7 +52,7 @@ open class SubtaskPoller(
     private val scannerService: ScannerService,
     private val temporaryScanTokenService: TemporaryScanTokenService,
     private val subtaskStateMachine: StateMachine,
-    private val executorClient: ExecutorClient
+    private val executorClient: ObjectProvider<ExecutorClient>
 ) {
     @Scheduled(initialDelay = POLL_INITIAL_DELAY, fixedDelay = POLL_DELAY)
     open fun dispatch() {
@@ -82,7 +83,7 @@ open class SubtaskPoller(
         }
         if (SubScanTaskStatus.finishedStatus(event.subtask.status) && event.dispatcher.isNullOrEmpty()) {
             val subtaskId = event.subtask.latestSubScanTaskId!!
-            val result = executorClient.stop(subtaskId)
+            val result = executorClient.ifAvailable?.stop(subtaskId)
             logger.info("stop subtask[$subtaskId] executor result[$result]")
         }
     }

src/backend/boot-assembly/src/main/resources/application.yml

@@ -51,6 +51,7 @@ auth:
     enablePrefix: true
 
 scanner:
+  defaultDispatcher: docker
   dispatcher:
     docker:
       enabled: ${BK_REPO_ANALYST_DISPATCHER_DOCKER_ENABLED:false}

src/frontend/.eslintrc.js

@@ -21,7 +21,8 @@ module.exports = {
         MODE_CONFIG: true,
         RELEASE_MODE: true,
         DEVOPS_SITE_URL: true,
-        SHOW_PROJECT_CONFIG_MENU: true
+        SHOW_PROJECT_CONFIG_MENU: true,
+        SHOW_ANALYST_MENU: true
     },
     // add your custom rules hered
     rules: {

src/frontend/devops-repository/index.html

@@ -61,6 +61,9 @@
         var MODE_CONFIG = '__BK_REPO_DEPLOY_MODE__' || 'standalone'
         // 是否显示项目设置菜单
         var SHOW_PROJECT_CONFIG_MENU = MODE_CONFIG !== 'ci'
+        // 是否显示制品分析菜单
+        var SHOW_ANALYST_MENU = '__BK_REPO_SHOW_ANALYST_MENU__' || 'false'
+        SHOW_ANALYST_MENU = SHOW_ANALYST_MENU === 'true'
         // 区分社区版与内部版  community -> 社区   tencent -> 内部
         var RELEASE_MODE = '__BK_REPO_RELEASE_MODE__' || 'community'
     </script>

src/frontend/devops-repository/src/components/PackageCard/index.vue

@@ -69,7 +69,8 @@
                 return RELEASE_MODE === 'community'
             },
             showRepoScan () {
-                return this.isEnterprise && !this.community && !this.cardData.type && /\.(ipa)|(apk)|(jar)$/.test(this.cardData.name)
+                const show = this.isEnterprise && !this.community && !this.cardData.type && /\.(ipa)|(apk)|(jar)$/.test(this.cardData.name)
+                return show || SHOW_ANALYST_MENU
             }
         },
         methods: {

src/frontend/devops-repository/src/views/index.vue

@@ -52,12 +52,13 @@
             ...mapState(['userInfo', 'projectList']),
             menuList () {
                 if (MODE_CONFIG === 'ci' || this.projectList.length) {
+                    const showRepoScan = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU
                     return {
                         project: [
                             'repoList',
                             'repoSearch',
                             MODE_CONFIG === 'ci' && 'repoToken',
-                            RELEASE_MODE !== 'community' && (this.userInfo.admin || this.userInfo.manage) && 'repoScan',
+                            showRepoScan && (this.userInfo.admin || this.userInfo.manage) && 'repoScan',
                             SHOW_PROJECT_CONFIG_MENU && (!this.userInfo.admin && this.userInfo.manage) && 'projectConfig' // 仅项目管理员
                         ].filter(Boolean),
                         global: [

src/frontend/devops-repository/src/views/repoCommon/commonPackageDetail.vue

@@ -142,13 +142,14 @@
                 return this.versionList.find(version => version.name === this.version)
             },
             showRepoScan () {
-                return RELEASE_MODE !== 'community' && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType)
+                const show = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU
+                return show && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType)
             }
         },
         created () {
             this.getPackageInfoHandler()
             this.handlerPaginationChange()
-            if (RELEASE_MODE !== 'community') {
+            if (RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU) {
                 this.refreshSupportPackageTypeList()
             }
         },

src/frontend/devops-repository/src/views/repoCommon/commonVersionDetail.vue

@@ -227,7 +227,8 @@
                 }, {})
             },
             showRepoScan () {
-                return RELEASE_MODE !== 'community' && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType)
+                const show = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU
+                return show && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType)
             },
             operationBtns () {
                 const basic = this.detail.basic

src/frontend/devops-repository/src/views/repoGeneric/index.vue

@@ -293,7 +293,7 @@
         created () {
             this.getRepoListAll({ projectId: this.projectId })
             this.initPage()
-            if (!this.community) {
+            if (!this.community || SHOW_ANALYST_MENU) {
                 this.refreshSupportFileNameExtList()
             }
         },
@@ -327,7 +327,8 @@
                 } else {
                     supportFileNameExt = this.scannerSupportFileNameExt.includes(node.name.substring(indexOfLastDot + 1))
                 }
-                return !node.folder && !this.community && supportFileNameExt
+                const show = !this.community || SHOW_ANALYST_MENU
+                return !node.folder && show && supportFileNameExt
             },
             tooltipContent ({ forbidType, forbidUser }) {
                 switch (forbidType) {

support-files/sql/init-data.js

@@ -211,3 +211,138 @@ db.repository.updateOne(
     { upsert: true }
 );
 
+db.scanner.updateOne(
+    {
+        name: "bkrepo-trivy"
+    },
+    {
+        $setOnInsert: {
+            name: "bkrepo-trivy",
+            type: "standard",
+            version: "0.0.35",
+            description: "",
+            config: "{\n  \"name\" : \"bkrepo-trivy\",\n  \"image\" : \"ghcr.io/tencentblueking/ci-repoanalysis/bkrepo-trivy:0.0.35\",\n  \"cmd\" : \"/bkrepo-trivy\",\n  \"version\" : \"0.0.35\",\n  \"args\" : [ {\n    \"type\" : \"BOOLEAN\",\n    \"key\" : \"scanSensitive\",\n    \"value\" : \"true\",\n    \"des\" : \"\"\n  } ],\n  \"type\" : \"standard\",\n  \"description\" : \"\",\n  \"rootPath\" : \"/standard\",\n  \"cleanWorkDir\" : true,\n  \"maxScanDurationPerMb\" : 6000,\n  \"supportFileNameExt\" : [],\n  \"supportPackageTypes\" : [ \"DOCKER\" ],\n  \"supportDispatchers\" : [ \"docker\", \"k8s\" ],\n  \"supportScanTypes\" : [ \"SENSITIVE\", \"SECURITY\" ]\n}",
+            supportFileNameExt: [],
+            supportPackageTypes: ["DOCKER"],
+            supportScanTypes: ["SECURITY", "SENSITIVE"],
+            createdBy: "admin",
+            createdDate: new Date(),
+            lastModifiedBy: "admin",
+            lastModifiedDate: new Date()
+        }
+    },
+    { upsert: true }
+);
+
+db.scanner.updateOne(
+    {
+        name: "bkrepo-dependency-check"
+    },
+    {
+        $setOnInsert: {
+            name: "bkrepo-dependency-check",
+            type: "standard",
+            version: "0.0.5",
+            description: "dependency-check分析工具",
+            config: "{\n  \"name\" : \"bkrepo-dependency-check\",\n  \"image\" : \"ghcr.io/tencentblueking/ci-repoanalysis/bkrepo-dependency-check:0.0.5\",\n  \"cmd\" : \"/bkrepo-dependency-check\",\n  \"version\" : \"0.0.5\",\n  \"args\" : [ {\n    \"type\" : \"BOOLEAN\",\n    \"key\" : \"offline\",\n    \"value\" : \"false\",\n    \"des\" : \"\"\n  } ],\n  \"type\" : \"standard\",\n  \"description\" : \"dependency-check\",\n  \"rootPath\" : \"/standard\",\n  \"cleanWorkDir\" : true,\n  \"maxScanDurationPerMb\" : 6000,\n  \"supportFileNameExt\" : [ \"tar\", \"zip\", \"exe\", \"jar\" ],\n  \"supportPackageTypes\" : [ \"GENERIC\", \"MAVEN\" ],\n  \"supportScanTypes\" : [ \"SECURITY\" ],\n  \"supportDispatchers\" : [ \"docker\", \"k8s\" ],\n  \"memory\" : 34359738368\n}",
+            supportFileNameExt: ["tar", "zip", "exe", "jar"],
+            supportPackageTypes: ["GENERIC", "MAVEN"],
+            supportScanTypes: ["SECURITY"],
+            createdBy: "admin",
+            createdDate: new Date(),
+            lastModifiedBy: "admin",
+            lastModifiedDate: new Date()
+        }
+    },
+    { upsert: true }
+);
+
+db.scan_plan.updateOne(
+    {
+        projectId: "blueking",
+        name: "ImageScan",
+        type: "DOCKER"
+    },
+    {
+        $setOnInsert: {
+            projectId: "blueking",
+            name: "ImageScan",
+            type: "DOCKER",
+            repoNames: [],
+            scanner: "bkrepo-trivy",
+            scanTypes: ["SENSITIVE", "SECURITY"],
+            description: "",
+            scanOnNewArtifact: false,
+            rule: "{\n  \"rules\" : [ {\n    \"field\" : \"projectId\",\n    \"value\" : \"blueking\",\n    \"operation\" : \"EQ\"\n  }, {\n    \"field\" : \"type\",\n    \"value\" : \"DOCKER\",\n    \"operation\" : \"EQ\"\n  } ],\n  \"relation\" : \"AND\"\n}",
+            scanResultOverview: {},
+            scanQuality: {},
+            readOnly: false,
+            latestScanTaskId: null,
+            createdBy: "admin",
+            createdDate: new Date(),
+            lastModifiedBy: "admin",
+            lastModifiedDate: new Date()
+        }
+    },
+    { upsert: true }
+);
+
+db.scan_plan.updateOne(
+    {
+        projectId: "blueking",
+        name: "MavenScan",
+        type: "MAVEN"
+    },
+    {
+        $setOnInsert: {
+            projectId: "blueking",
+            name: "MavenScan",
+            type: "MAVEN",
+            repoNames: [],
+            scanner: "bkrepo-dependency-check",
+            scanTypes: ["SECURITY"],
+            description: "",
+            scanOnNewArtifact: false,
+            rule: "{\n  \"rules\" : [ {\n    \"field\" : \"projectId\",\n    \"value\" : \"blueking\",\n    \"operation\" : \"EQ\"\n  }, {\n    \"field\" : \"type\",\n    \"value\" : \"MAVEN\",\n    \"operation\" : \"EQ\"\n  } ],\n  \"relation\" : \"AND\"\n}",
+            scanResultOverview: {},
+            scanQuality: {},
+            readOnly: false,
+            latestScanTaskId: null,
+            createdBy: "admin",
+            createdDate: new Date(),
+            lastModifiedBy: "admin",
+            lastModifiedDate: new Date()
+        }
+    },
+    { upsert: true }
+);
+
+db.scan_plan.updateOne(
+    {
+        projectId: "blueking",
+        name: "GenericScan",
+        type: "MAVEN"
+    },
+    {
+        $setOnInsert: {
+            projectId: "blueking",
+            name: "GenericScan",
+            type: "GENERIC",
+            repoNames: [],
+            scanner: "bkrepo-dependency-check",
+            scanTypes: ["SECURITY"],
+            description: "",
+            scanOnNewArtifact: false,
+            rule: "{\n  \"rules\" : [ {\n    \"field\" : \"projectId\",\n    \"value\" : \"blueking\",\n    \"operation\" : \"EQ\"\n  }, {\n    \"field\" : \"type\",\n    \"value\" : \"GENERIC\",\n    \"operation\" : \"EQ\"\n  } ],\n  \"relation\" : \"AND\"\n}",
+            scanResultOverview: {},
+            scanQuality: {},
+            readOnly: false,
+            latestScanTaskId: null,
+            createdBy: "admin",
+            createdDate: new Date(),
+            lastModifiedBy: "admin",
+            lastModifiedDate: new Date()
+        }
+    },
+    { upsert: true }
+);