airship/charts
Code Issues Proposed changes

Update CVE report link to not display when artifact doesn't exists

Browse Source 
The CVE report link is generated by queries against harbor
including getting the SHA of the image based off the image tag
which is the pipeline run task ID. In cases where an image can't be
found via the tag, the CVE link report should not display. As an
example, the image does not exists in Harbor if the docker build
for the image failed, so in this case no CVE link should be
displayed in Gerrit as the image scan never took place.

Change-Id: I48d7160834f33426dc283c8f8dfa24872929551a
This commit is contained in:
Bartra, Rick (rb560u) 2021-03-29 17:49:19 -04:00 committed by Rick Bartra
parent 7bb63ba9a7
commit 460a817d57
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
charts/jarvis-system/templates/Task-createFailure.yaml
View File

@ -50,7 +50,9 @@ spec:
REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
# Grabs the SHA256 of the corresponding artifact based off taskrun uid
SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest')
MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
if [ "${SHA256}" != "null" ]; then
MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
fi
fi
curl \

4
charts/jarvis-system/templates/Task-createSuccess.yaml
View File

@ -51,7 +51,9 @@ spec:
REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}')
# Grabs the SHA256 of the corresponding artifact based off taskrun uid
SHA256=$(curl -k -X GET --netrc-file /run/jarvis/harbor-netrc/harbor-netrc "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest')
MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
if [ "${SHA256}" != "null" ]; then
MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}"
fi
fi
curl \