diff --git a/scripts/bk-repo-all-in-one-startup.sh b/scripts/bk-repo-all-in-one-startup.sh index c807c9b542..ec13613859 100644 --- a/scripts/bk-repo-all-in-one-startup.sh +++ b/scripts/bk-repo-all-in-one-startup.sh @@ -29,7 +29,7 @@ $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_H $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#vhosts#bkrepo.docker.server.conf $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#server.common.conf $BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/gateway#lua#init.lua -$BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env $BK_REPO_HOME/support-files/templates/frontend#ui#index.html +$BK_REPO_HOME/scripts/render_tpl -u -p $BK_REPO_HOME -m . -e repo.env -E BK_REPO_SHOW_ANALYST_MENU=true $BK_REPO_HOME/support-files/templates/frontend#ui#index.html ##启动网关程序 echo "启动网关..." diff --git a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/configuration/ScannerConfiguration.kt b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/configuration/ScannerConfiguration.kt index 78cb86c362..466de27ce0 100644 --- a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/configuration/ScannerConfiguration.kt +++ b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/configuration/ScannerConfiguration.kt @@ -89,7 +89,7 @@ class ScannerConfiguration { temporaryScanTokenService: TemporaryScanTokenService, @Qualifier(STATE_MACHINE_ID_SUB_SCAN_TASK) subtaskStateMachine: StateMachine, - executorClient: ExecutorClient + executorClient: ObjectProvider ): SubtaskPoller { return SubtaskPoller( dispatcher, scanService, scannerService, temporaryScanTokenService, subtaskStateMachine, executorClient diff --git a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dispatcher/SubtaskPoller.kt b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dispatcher/SubtaskPoller.kt index 15c640c124..2466cd9af6 100644 --- a/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dispatcher/SubtaskPoller.kt +++ b/src/backend/analyst/biz-analyst/src/main/kotlin/com/tencent/bkrepo/analyst/dispatcher/SubtaskPoller.kt @@ -41,6 +41,7 @@ import com.tencent.bkrepo.common.analysis.pojo.scanner.SubScanTaskStatus.PULLED import com.tencent.bkrepo.statemachine.Event import com.tencent.bkrepo.statemachine.StateMachine import org.slf4j.LoggerFactory +import org.springframework.beans.factory.ObjectProvider import org.springframework.context.event.EventListener import org.springframework.scheduling.annotation.Async import org.springframework.scheduling.annotation.Scheduled @@ -51,7 +52,7 @@ open class SubtaskPoller( private val scannerService: ScannerService, private val temporaryScanTokenService: TemporaryScanTokenService, private val subtaskStateMachine: StateMachine, - private val executorClient: ExecutorClient + private val executorClient: ObjectProvider ) { @Scheduled(initialDelay = POLL_INITIAL_DELAY, fixedDelay = POLL_DELAY) open fun dispatch() { @@ -82,7 +83,7 @@ open class SubtaskPoller( } if (SubScanTaskStatus.finishedStatus(event.subtask.status) && event.dispatcher.isNullOrEmpty()) { val subtaskId = event.subtask.latestSubScanTaskId!! - val result = executorClient.stop(subtaskId) + val result = executorClient.ifAvailable?.stop(subtaskId) logger.info("stop subtask[$subtaskId] executor result[$result]") } } diff --git a/src/backend/boot-assembly/src/main/resources/application.yml b/src/backend/boot-assembly/src/main/resources/application.yml index f229131884..52d47e7834 100644 --- a/src/backend/boot-assembly/src/main/resources/application.yml +++ b/src/backend/boot-assembly/src/main/resources/application.yml @@ -51,6 +51,7 @@ auth: enablePrefix: true scanner: + defaultDispatcher: docker dispatcher: docker: enabled: ${BK_REPO_ANALYST_DISPATCHER_DOCKER_ENABLED:false} diff --git a/src/frontend/.eslintrc.js b/src/frontend/.eslintrc.js index d04e2529fe..058fb66e54 100644 --- a/src/frontend/.eslintrc.js +++ b/src/frontend/.eslintrc.js @@ -21,7 +21,8 @@ module.exports = { MODE_CONFIG: true, RELEASE_MODE: true, DEVOPS_SITE_URL: true, - SHOW_PROJECT_CONFIG_MENU: true + SHOW_PROJECT_CONFIG_MENU: true, + SHOW_ANALYST_MENU: true }, // add your custom rules hered rules: { diff --git a/src/frontend/devops-repository/index.html b/src/frontend/devops-repository/index.html index c2d33e77af..0b15755d70 100644 --- a/src/frontend/devops-repository/index.html +++ b/src/frontend/devops-repository/index.html @@ -61,6 +61,9 @@ var MODE_CONFIG = '__BK_REPO_DEPLOY_MODE__' || 'standalone' // 是否显示项目设置菜单 var SHOW_PROJECT_CONFIG_MENU = MODE_CONFIG !== 'ci' + // 是否显示制品分析菜单 + var SHOW_ANALYST_MENU = '__BK_REPO_SHOW_ANALYST_MENU__' || 'false' + SHOW_ANALYST_MENU = SHOW_ANALYST_MENU === 'true' // 区分社区版与内部版 community -> 社区 tencent -> 内部 var RELEASE_MODE = '__BK_REPO_RELEASE_MODE__' || 'community' diff --git a/src/frontend/devops-repository/src/components/PackageCard/index.vue b/src/frontend/devops-repository/src/components/PackageCard/index.vue index 9fffb908e7..8bf5fc4dcf 100644 --- a/src/frontend/devops-repository/src/components/PackageCard/index.vue +++ b/src/frontend/devops-repository/src/components/PackageCard/index.vue @@ -69,7 +69,8 @@ return RELEASE_MODE === 'community' }, showRepoScan () { - return this.isEnterprise && !this.community && !this.cardData.type && /\.(ipa)|(apk)|(jar)$/.test(this.cardData.name) + const show = this.isEnterprise && !this.community && !this.cardData.type && /\.(ipa)|(apk)|(jar)$/.test(this.cardData.name) + return show || SHOW_ANALYST_MENU } }, methods: { diff --git a/src/frontend/devops-repository/src/views/index.vue b/src/frontend/devops-repository/src/views/index.vue index 9400e7e364..6e44877c67 100644 --- a/src/frontend/devops-repository/src/views/index.vue +++ b/src/frontend/devops-repository/src/views/index.vue @@ -52,12 +52,13 @@ ...mapState(['userInfo', 'projectList']), menuList () { if (MODE_CONFIG === 'ci' || this.projectList.length) { + const showRepoScan = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU return { project: [ 'repoList', 'repoSearch', MODE_CONFIG === 'ci' && 'repoToken', - RELEASE_MODE !== 'community' && (this.userInfo.admin || this.userInfo.manage) && 'repoScan', + showRepoScan && (this.userInfo.admin || this.userInfo.manage) && 'repoScan', SHOW_PROJECT_CONFIG_MENU && (!this.userInfo.admin && this.userInfo.manage) && 'projectConfig' // 仅项目管理员 ].filter(Boolean), global: [ diff --git a/src/frontend/devops-repository/src/views/repoCommon/commonPackageDetail.vue b/src/frontend/devops-repository/src/views/repoCommon/commonPackageDetail.vue index 0144f5bce7..a6068fbbb1 100644 --- a/src/frontend/devops-repository/src/views/repoCommon/commonPackageDetail.vue +++ b/src/frontend/devops-repository/src/views/repoCommon/commonPackageDetail.vue @@ -142,13 +142,14 @@ return this.versionList.find(version => version.name === this.version) }, showRepoScan () { - return RELEASE_MODE !== 'community' && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType) + const show = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU + return show && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType) } }, created () { this.getPackageInfoHandler() this.handlerPaginationChange() - if (RELEASE_MODE !== 'community') { + if (RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU) { this.refreshSupportPackageTypeList() } }, diff --git a/src/frontend/devops-repository/src/views/repoCommon/commonVersionDetail.vue b/src/frontend/devops-repository/src/views/repoCommon/commonVersionDetail.vue index e58a5a3eea..7c083c63d7 100644 --- a/src/frontend/devops-repository/src/views/repoCommon/commonVersionDetail.vue +++ b/src/frontend/devops-repository/src/views/repoCommon/commonVersionDetail.vue @@ -227,7 +227,8 @@ }, {}) }, showRepoScan () { - return RELEASE_MODE !== 'community' && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType) + const show = RELEASE_MODE !== 'community' || SHOW_ANALYST_MENU + return show && this.scannerSupportPackageType.join(',').toLowerCase().includes(this.repoType) }, operationBtns () { const basic = this.detail.basic diff --git a/src/frontend/devops-repository/src/views/repoGeneric/index.vue b/src/frontend/devops-repository/src/views/repoGeneric/index.vue index e5d4b1d0d5..183b415b8a 100644 --- a/src/frontend/devops-repository/src/views/repoGeneric/index.vue +++ b/src/frontend/devops-repository/src/views/repoGeneric/index.vue @@ -293,7 +293,7 @@ created () { this.getRepoListAll({ projectId: this.projectId }) this.initPage() - if (!this.community) { + if (!this.community || SHOW_ANALYST_MENU) { this.refreshSupportFileNameExtList() } }, @@ -327,7 +327,8 @@ } else { supportFileNameExt = this.scannerSupportFileNameExt.includes(node.name.substring(indexOfLastDot + 1)) } - return !node.folder && !this.community && supportFileNameExt + const show = !this.community || SHOW_ANALYST_MENU + return !node.folder && show && supportFileNameExt }, tooltipContent ({ forbidType, forbidUser }) { switch (forbidType) { diff --git a/support-files/sql/init-data.js b/support-files/sql/init-data.js index bf51711a29..44ff3ae87c 100644 --- a/support-files/sql/init-data.js +++ b/support-files/sql/init-data.js @@ -211,3 +211,138 @@ db.repository.updateOne( { upsert: true } ); +db.scanner.updateOne( + { + name: "bkrepo-trivy" + }, + { + $setOnInsert: { + name: "bkrepo-trivy", + type: "standard", + version: "0.0.35", + description: "", + config: "{\n \"name\" : \"bkrepo-trivy\",\n \"image\" : \"ghcr.io/tencentblueking/ci-repoanalysis/bkrepo-trivy:0.0.35\",\n \"cmd\" : \"/bkrepo-trivy\",\n \"version\" : \"0.0.35\",\n \"args\" : [ {\n \"type\" : \"BOOLEAN\",\n \"key\" : \"scanSensitive\",\n \"value\" : \"true\",\n \"des\" : \"\"\n } ],\n \"type\" : \"standard\",\n \"description\" : \"\",\n \"rootPath\" : \"/standard\",\n \"cleanWorkDir\" : true,\n \"maxScanDurationPerMb\" : 6000,\n \"supportFileNameExt\" : [],\n \"supportPackageTypes\" : [ \"DOCKER\" ],\n \"supportDispatchers\" : [ \"docker\", \"k8s\" ],\n \"supportScanTypes\" : [ \"SENSITIVE\", \"SECURITY\" ]\n}", + supportFileNameExt: [], + supportPackageTypes: ["DOCKER"], + supportScanTypes: ["SECURITY", "SENSITIVE"], + createdBy: "admin", + createdDate: new Date(), + lastModifiedBy: "admin", + lastModifiedDate: new Date() + } + }, + { upsert: true } +); + +db.scanner.updateOne( + { + name: "bkrepo-dependency-check" + }, + { + $setOnInsert: { + name: "bkrepo-dependency-check", + type: "standard", + version: "0.0.5", + description: "dependency-check分析工具", + config: "{\n \"name\" : \"bkrepo-dependency-check\",\n \"image\" : \"ghcr.io/tencentblueking/ci-repoanalysis/bkrepo-dependency-check:0.0.5\",\n \"cmd\" : \"/bkrepo-dependency-check\",\n \"version\" : \"0.0.5\",\n \"args\" : [ {\n \"type\" : \"BOOLEAN\",\n \"key\" : \"offline\",\n \"value\" : \"false\",\n \"des\" : \"\"\n } ],\n \"type\" : \"standard\",\n \"description\" : \"dependency-check\",\n \"rootPath\" : \"/standard\",\n \"cleanWorkDir\" : true,\n \"maxScanDurationPerMb\" : 6000,\n \"supportFileNameExt\" : [ \"tar\", \"zip\", \"exe\", \"jar\" ],\n \"supportPackageTypes\" : [ \"GENERIC\", \"MAVEN\" ],\n \"supportScanTypes\" : [ \"SECURITY\" ],\n \"supportDispatchers\" : [ \"docker\", \"k8s\" ],\n \"memory\" : 34359738368\n}", + supportFileNameExt: ["tar", "zip", "exe", "jar"], + supportPackageTypes: ["GENERIC", "MAVEN"], + supportScanTypes: ["SECURITY"], + createdBy: "admin", + createdDate: new Date(), + lastModifiedBy: "admin", + lastModifiedDate: new Date() + } + }, + { upsert: true } +); + +db.scan_plan.updateOne( + { + projectId: "blueking", + name: "ImageScan", + type: "DOCKER" + }, + { + $setOnInsert: { + projectId: "blueking", + name: "ImageScan", + type: "DOCKER", + repoNames: [], + scanner: "bkrepo-trivy", + scanTypes: ["SENSITIVE", "SECURITY"], + description: "", + scanOnNewArtifact: false, + rule: "{\n \"rules\" : [ {\n \"field\" : \"projectId\",\n \"value\" : \"blueking\",\n \"operation\" : \"EQ\"\n }, {\n \"field\" : \"type\",\n \"value\" : \"DOCKER\",\n \"operation\" : \"EQ\"\n } ],\n \"relation\" : \"AND\"\n}", + scanResultOverview: {}, + scanQuality: {}, + readOnly: false, + latestScanTaskId: null, + createdBy: "admin", + createdDate: new Date(), + lastModifiedBy: "admin", + lastModifiedDate: new Date() + } + }, + { upsert: true } +); + +db.scan_plan.updateOne( + { + projectId: "blueking", + name: "MavenScan", + type: "MAVEN" + }, + { + $setOnInsert: { + projectId: "blueking", + name: "MavenScan", + type: "MAVEN", + repoNames: [], + scanner: "bkrepo-dependency-check", + scanTypes: ["SECURITY"], + description: "", + scanOnNewArtifact: false, + rule: "{\n \"rules\" : [ {\n \"field\" : \"projectId\",\n \"value\" : \"blueking\",\n \"operation\" : \"EQ\"\n }, {\n \"field\" : \"type\",\n \"value\" : \"MAVEN\",\n \"operation\" : \"EQ\"\n } ],\n \"relation\" : \"AND\"\n}", + scanResultOverview: {}, + scanQuality: {}, + readOnly: false, + latestScanTaskId: null, + createdBy: "admin", + createdDate: new Date(), + lastModifiedBy: "admin", + lastModifiedDate: new Date() + } + }, + { upsert: true } +); + +db.scan_plan.updateOne( + { + projectId: "blueking", + name: "GenericScan", + type: "MAVEN" + }, + { + $setOnInsert: { + projectId: "blueking", + name: "GenericScan", + type: "GENERIC", + repoNames: [], + scanner: "bkrepo-dependency-check", + scanTypes: ["SECURITY"], + description: "", + scanOnNewArtifact: false, + rule: "{\n \"rules\" : [ {\n \"field\" : \"projectId\",\n \"value\" : \"blueking\",\n \"operation\" : \"EQ\"\n }, {\n \"field\" : \"type\",\n \"value\" : \"GENERIC\",\n \"operation\" : \"EQ\"\n } ],\n \"relation\" : \"AND\"\n}", + scanResultOverview: {}, + scanQuality: {}, + readOnly: false, + latestScanTaskId: null, + createdBy: "admin", + createdDate: new Date(), + lastModifiedBy: "admin", + lastModifiedDate: new Date() + } + }, + { upsert: true } +);