Commit 33e45421 authored by Protocole's avatar Protocole
Browse files

Merge branch 'fix-pipeline' into 'latest' 

Fix pipeline

See merge request r2devops/hub!372
parents 037f378d f7a55e4e

tools/job_image/job_image.py

+72 −10
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
import os

import sys

import logging

import re

import yaml

import argparse
@@ -10,8 +11,12 @@ import argparse 
# /!\ This instruction is only working if you run this script from the root of the project

sys.path.insert(0, "./")

from tools.utils.utils import Config



utils = Config()



IMAGE_TAG_REGEX = "\${([a-zA-Z_-]+)}"





def argparse_setup():

    """Setup argparse
@@ -24,6 +29,7 @@ def argparse_setup(): 
    parser.add_argument("job", help="job name to get the image from")

    return parser.parse_args()





def get_image(job):

    """Get the image of a job
@@ -41,16 +47,65 @@ def get_image(job): 


    with open(f"{utils.JOBS_DIR}/{job}/{job}.yml", 'r') as file:

        data = yaml.load(file, Loader=yaml.FullLoader)

        current_data = data[job]

        variables = {}



        if "variables" in current_data:

            variables = current_data["variables"]



        if "image" in data[job].keys():

            if isinstance(data[job]['image'], dict):

                return data[job]['image']['name']

                image = current_data['image']['name']

                return raw_or_replace_tag(image, variables)

            else:

                return data[job]['image']

                image = current_data['image']

                return raw_or_replace_tag(image, variables)

        elif "extends" in data[job].keys():

            extension = data[current_data['extends']]

            #In case the extension has variable, we take in consideration for the parsing

            if "variables" in extension:

                variables.update(extension['variables'])



            if isinstance(data[data[job]['extends']]['image'], dict):

                return data[data[job]['extends']]['image']['name']

                image = data[current_data['extends']]['image']['name']

                return raw_or_replace_tag(image, variables)

            else:

                return data[data[job]['extends']]['image']

                image = data[current_data['extends']]['image']

                return raw_or_replace_tag(image, variables)





def raw_or_replace_tag(image, variables):

    """ Check whether the image tag given is composed of environment variable

    If it's the case, it will fetch the default value from variables in CI



    Finally, it will print the sanitized image tag in stdout



    :param image: Image tag to check (python:1.0.0 or python:${IMAGE_VERSION})

    :param variables: The list of variables that are available in the job



    :return It returns nothing

    """



    match_pattern = re.search(IMAGE_TAG_REGEX, image)



    if match_pattern is None:

        # If image tag / name is raw without env var, we print it & end the function

        return image



    # We can assume pattern group is fulfilled as match_pattern isn't None

    env_var_name = match_pattern.groups()[0]

    env_var_value = None



    if env_var_name in variables:

        env_var_value = variables[env_var_name]



    if env_var_value is None:

        print("Environment variable for {} is not available in variables {}", image, variables)

        sys.exit(1)



    image = re.sub(IMAGE_TAG_REGEX, env_var_value, image)

    return image





if __name__ == "__main__":

    """Main function, get the name of the image for a job
@@ -90,23 +145,30 @@ if __name__ == "__main__": 
    with open(f"{utils.JOBS_DIR}/{args.job}/{args.job}{utils.JOBS_EXTENSION}", 'r') as file:

        data = yaml.load(file, Loader=yaml.FullLoader)



    job_data = data[args.job]

    output_image = "UNKNOWN"



    # If image option is directly specified in the job

    if "image" in data[args.job].keys():

        if isinstance(data[args.job]['image'], dict):

            print(data[args.job]['image']['name'])

            output_image = raw_or_replace_tag(job_data['image']['name'], job_data["variables"])

        else:

            print(data[args.job]['image'])

            output_image = raw_or_replace_tag(job_data['image'], job_data['variables'])



    # If image isn't specified in the job but extends is

    elif "extends" in data[args.job].keys():



        try:

            if isinstance(data[data[args.job]['extends']]['image'], dict):

                print(data[data[args.job]['extends']]['image']['name'])

                output_image = raw_or_replace_tag(data[data[args.job]['extends']]['image']['name'],

                                                  job_data['variables'])

            else:

                print(data[data[args.job]['extends']]['image'])

                output_image = raw_or_replace_tag(data[data[args.job]['extends']]['image'], job_data['variables'])

        # If the extended job isn't in the file, it produce a KeyError

        except KeyError:

            logging.warning('The job %s doesn\'t declare its image and extends a job from outside of the file, we aren\'t able to check its image vulnerabilities', args.job)

            logging.warning(

                'The job %s doesn\'t declare its image and extends a job from outside of the file, we aren\'t able to check its image vulnerabilities',

                args.job)

            # TODO: check images from included jobs ==> https://gitlab.com/r2devops/hub/-/issues/282



    print(output_image)