From eb9c087c9bce2f335cce0666315a2dad5d13ffcd Mon Sep 17 00:00:00 2001 From: foobar Date: Mon, 16 Oct 2023 18:36:17 +0100 Subject: [PATCH] codeowners enricher done --- components/enrichers/codeowners/README.md | 2 +- .../enrichers/codeowners/kustomization.yaml | 23 +++--- components/enrichers/codeowners/main.go | 70 ++++++++----------- components/enrichers/codeowners/task.yaml | 4 -- 4 files changed, 39 insertions(+), 60 deletions(-) diff --git a/components/enrichers/codeowners/README.md b/components/enrichers/codeowners/README.md index a57522f66..e7655200b 100644 --- a/components/enrichers/codeowners/README.md +++ b/components/enrichers/codeowners/README.md @@ -1,5 +1,5 @@ # CodeOwners Enricher This enricher scans the cloned source for [CODEOWNERS](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) files, -For each finding, it adds the following annotation to each finding. +For each finding, it adds the following annotation. "Owner-:" diff --git a/components/enrichers/codeowners/kustomization.yaml b/components/enrichers/codeowners/kustomization.yaml index c12ff0f68..b2dddae5d 100644 --- a/components/enrichers/codeowners/kustomization.yaml +++ b/components/enrichers/codeowners/kustomization.yaml @@ -16,22 +16,17 @@ patches: workspaces: - name: source-code-ws tasks: - - name: enricher-depsdev + - name: enricher-codeowners taskRef: - name: enricher-depsdev + name: enricher-codeowners workspaces: - name: source-code-ws workspace: source-code-ws params: - - name: enricher-depsdev-licenses-in-evidence - value: $(params.enricher-depsdev-licenses-in-evidence) - - name: enricher-depsdev-annotation - value: $(params.enricher-depsdev-annotation) + - name: enricher-codeowners-annotation + value: $(params.enricher-codeowners-annotation) params: - - name: enricher-depsdev-licenses-in-evidence - type: string - default: "false" - - name: enricher-depsdev-annotation + - name: enricher-codeowners-annotation type: string default: "" target: @@ -41,7 +36,7 @@ patches: apiVersion: tekton.dev/v1beta1 kind: Task metadata: - name: enricher-depsdev + name: enricher-codeowners labels: v1.dracon.ocurity.com/component: enricher spec: @@ -59,7 +54,7 @@ patches: script: echo "$(context.task.name)" > "$(results.anchor.path)" target: kind: Task - name: enricher-depsdev + name: enricher-codeowners # If we have an producer-aggregator task in the pipeline (added by the # producer-aggregator component), make the enricher depend on the completion of # it. @@ -70,7 +65,7 @@ patches: name: unused spec: tasks: - - name: enricher-depsdev + - name: enricher-codeowners params: - name: anchors value: @@ -92,7 +87,7 @@ patches: params: - name: anchors value: - - $(tasks.enricher-depsdev.results.anchor) + - $(tasks.enricher-codeowners.results.anchor) target: kind: Pipeline annotationSelector: v1.dracon.ocurity.com/has-enricher-aggregator=true diff --git a/components/enrichers/codeowners/main.go b/components/enrichers/codeowners/main.go index eac8c99d9..d5de544a0 100644 --- a/components/enrichers/codeowners/main.go +++ b/components/enrichers/codeowners/main.go @@ -1,3 +1,8 @@ +// Package main of the codeowners enricher +// handles enrichment of individual issues with +// the groups/usernames listed in the github repository +// CODEOWNERS files. +// Owners are matched against the "target" field of the issue package main import ( @@ -17,12 +22,10 @@ import ( const defaultAnnotation = "Owner" var ( - readPath string - writePath string - repoBasePath string - repoURL string - sparseCheckout string - annotation string + readPath string + writePath string + repoBasePath string + annotation string ) func lookupEnvOrString(key string, defaultVal string) string { @@ -35,45 +38,32 @@ func lookupEnvOrString(key string, defaultVal string) string { func enrichIssue(i *v1.Issue) (*v1.EnrichedIssue, error) { enrichedIssue := v1.EnrichedIssue{} annotations := map[string]string{} + targets := []string{} if i.GetCycloneDXSBOM() != "" { - annotationsAdded := 0 // shortcut, if there is a CycloneDX BOM then there is no target. - // we get the url from the repoURL parameter and add the sparse checkout directories to it. - targets := []string{} - if sparseCheckout != "" { - targets = strings.Split(sparseCheckout, ",") - } else { - targets = []string{"."} - } - for _, target := range targets { - path := filepath.Join(repoBasePath, target) - c, err := owners.FromFile() - if err != nil { - log.Println("could not instantiate owners for path", path, "err", err) - continue - } - owners := c.Owners(".") - for _, owner := range owners { - annotations[fmt.Sprintf("Owner-%d", annotationsAdded)] = owner - annotationsAdded++ - } - } + // we get the url from the repoURL parameter + targets = []string{"."} } else { target := strings.Split(i.GetTarget(), ":") - annotationsAdded := 0 if len(target) > 1 { - c, err := owners.FromFile(filepath.Join(repoBasePath, target[0])) - path := filepath.Join(repoBasePath, target[0]) - if err != nil { - log.Println("could not instantiate owners for path", path, "err", err) - } - owners := c.Owners(".") - for _, owner := range owners { - annotations[fmt.Sprintf("Owner-%d", annotationsAdded)] = owner - annotationsAdded++ - } + targets = append(targets, target[0]) + } else { + targets = append(targets, i.GetTarget()) } } + for _, target := range targets { + path := filepath.Join(repoBasePath, target) + c, err := owners.FromFile(repoBasePath) + if err != nil { + log.Println("could not instantiate owners for path", path, "err", err) + continue + } + owners := c.Owners(path) + for _, owner := range owners { + annotations[fmt.Sprintf("Owner-%d", len(annotations))] = owner + } + } + enrichedIssue = v1.EnrichedIssue{ RawIssue: i, Annotations: annotations, @@ -107,7 +97,7 @@ func run() { log.Fatal(err) } } else { - log.Println("no enriched issues were created") + log.Println("no enriched issues were created for", r.GetToolName()) } if len(r.GetIssues()) > 0 { scanStartTime := r.GetScanInfo().GetScanStartTime().AsTime() @@ -130,8 +120,6 @@ func main() { flag.StringVar(&writePath, "write_path", lookupEnvOrString("WRITE_PATH", ""), "where to put enriched results") flag.StringVar(&annotation, "annotation", lookupEnvOrString("ANNOTATION", defaultAnnotation), "what is the annotation this enricher will add to the issues, by default `Enriched Licenses`") flag.StringVar(&repoBasePath, "repoBasePath", lookupEnvOrString("REPO_BASE_PATH", ""), `the base path of the repository, this is most likely an internally set variable`) - flag.StringVar(&repoURL, "repoURL", lookupEnvOrString("REPOSITORY_URL", ""), `the base path of the repository, this is most likely an internally set variable`) - flag.StringVar(&sparseCheckout, "sparseCheckout", lookupEnvOrString("REPO_SPARSE_CHECKOUT", ""), `the sparse checkout directories settings passed to this repository`) flag.Parse() run() } diff --git a/components/enrichers/codeowners/task.yaml b/components/enrichers/codeowners/task.yaml index 0efbc95b8..3e69c5b39 100644 --- a/components/enrichers/codeowners/task.yaml +++ b/components/enrichers/codeowners/task.yaml @@ -24,11 +24,7 @@ spec: value: $(workspaces.source-code-ws.path)/.dracon/producers - name: WRITE_PATH value: "$(workspaces.source-code-ws.path)/.dracon/enrichers/codeowners" - - name: ORIGINAL_REPOSITORY_URL - value: "$(params.repository_url)" - name: REPO_BASE_PATH value: "$(workspaces.source-code-ws.path)/" - - name: REPO_SPARSE_CHECKOUT - value: "$(params.sparseCheckoutDirectories)/" - name: ANNOTATION value: "$(params.enricher-codeowners-annotation)" \ No newline at end of file