diff --git a/charts/jarvis-system/templates/Task-createFailure.yaml b/charts/jarvis-system/templates/Task-createFailure.yaml index 0b6d4b1d..54eecf5a 100644 --- a/charts/jarvis-system/templates/Task-createFailure.yaml +++ b/charts/jarvis-system/templates/Task-createFailure.yaml @@ -16,15 +16,41 @@ spec: - name: pipelineRunNamespace steps: - name: createfailure - image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_curl" ) }} + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }} volumeMounts: - name: gerrit-netrc mountPath: /run/jarvis/gerrit-netrc subPath: gerrit-netrc script: | - #!/bin/sh + #!/bin/bash set -eu -o pipefail -x + # Get project information from Harbor + PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") + PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id') + + # Get the taskRun uid from the microflow-setup-image pod + TASK_RUN_NAMESPACE="jarvis-$(params.changeNumber)-$(params.patchSetNumber)" + TASK_RUN_DEV_PIPELINE=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" | grep microflow-setup-image | awk '{print $1}') || true + + if [[ -z "$TASK_RUN_DEV_PIPELINE" ]]; then + # Do not append the CVE report link, if there is no 'microflow-setup-image' pod to get the taskRun uid from + REPO_COUNT=0 + else + TASK_RUN_UID=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" "${TASK_RUN_DEV_PIPELINE}" -o jsonpath='{.metadata.uid}') + # For first time run, there may be no repositories, so only check for artifacts if the project has repositories + REPO_COUNT=$(echo $PROJECT_INFO | jq -r '.project'[0].'repo_count') + fi + + MESSAGE="Jarvis failed to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project)" + + if [ $REPO_COUNT -gt 0 ]; then + REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}') + # Grabs the SHA256 of the corresponding artifact based off taskrun uid + SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') + MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}" + fi + curl \ --netrc-file /run/jarvis/gerrit-netrc \ --fail \ @@ -37,7 +63,7 @@ spec: "checker_uuid": "$(params.checkerUUID)", "state": "FAILED", "url": "https://{{ .Values.params.grafana.dashboard.host }}/d/{{ .Values.params.grafana.dashboard.uid }}/{{ .Values.params.grafana.dashboard.title }}?orgId={{ .Values.params.grafana.dashboard.orgid }}&var-namespace=$(params.pipelineRunNamespace)&var-tekton_dev_pipeline=$(params.pipelineName)&var-tekton_dev_pipelineRun=$(params.pipelineRunName)&var-tekton_dev_taskRun=All", - "message": "Jarvis failed to process the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo", + "message": "${MESSAGE}", "finished": "$(date --utc '+%F %T.%N')" } EOF diff --git a/charts/jarvis-system/templates/Task-createSuccess.yaml b/charts/jarvis-system/templates/Task-createSuccess.yaml index a06f852d..5748a918 100644 --- a/charts/jarvis-system/templates/Task-createSuccess.yaml +++ b/charts/jarvis-system/templates/Task-createSuccess.yaml @@ -16,15 +16,41 @@ spec: - name: pipelineRunNamespace steps: - name: createsuccess - image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_curl" ) }} + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "task_results" ) }} volumeMounts: - name: gerrit-netrc mountPath: /run/jarvis/gerrit-netrc subPath: gerrit-netrc script: | - #!/bin/sh + #!/bin/bash set -eu -o pipefail -x + # Get project information from Harbor + PROJECT_INFO=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/search?q=$(params.project)-staging" -H "accept: application/json") + PROJECT_ID=$(echo $PROJECT_INFO | jq -r '.project'[0].'project_id') + + # Get the taskRun uid from the microflow-setup-image pod + TASK_RUN_NAMESPACE="jarvis-$(params.changeNumber)-$(params.patchSetNumber)" + TASK_RUN_DEV_PIPELINE=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" | grep microflow-setup-image | awk '{print $1}') || true + + if [[ -z "$TASK_RUN_DEV_PIPELINE" ]]; then + # Do not append the CVE report link, if there is no 'microflow-setup-image' pod to get the taskRun uid from + REPO_COUNT=0 + else + TASK_RUN_UID=$(kubectl get taskrun -n "${TASK_RUN_NAMESPACE}" "${TASK_RUN_DEV_PIPELINE}" -o jsonpath='{.metadata.uid}') + # For first time run, there may be no repositories, so only check for artifacts if the project has repositories + REPO_COUNT=$(echo $PROJECT_INFO | jq -r '.project'[0].'repo_count') + fi + + MESSAGE="Jarvis has successfully processed the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo" + + if [ $REPO_COUNT -gt 0 ]; then + REPOSITORY_NAME=$(echo $PROJECT_INFO | jq -r '.repository'[0].'repository_name' | awk -F"/" '{print $2}') + # Grabs the SHA256 of the corresponding artifact based off taskrun uid + SHA256=$(curl -k -X GET "https://{{ .Values.params.harbor.dashboard.host }}/api/v2.0/projects/$(params.project)-staging/repositories/${REPOSITORY_NAME}/artifacts/${TASK_RUN_UID}" -H "accept: application/json" | jq -r '.digest') + MESSAGE="${MESSAGE}\n\n----- Image Scan Report -----\nhttps://{{ .Values.params.harbor.dashboard.host }}/harbor/projects/${PROJECT_ID}/repositories/${REPOSITORY_NAME}/artifacts/${SHA256}" + fi + curl \ --netrc-file /run/jarvis/gerrit-netrc \ --fail \ @@ -37,7 +63,8 @@ spec: "checker_uuid": "$(params.checkerUUID)", "state": "SUCCESSFUL", "url": "https://{{ .Values.params.grafana.dashboard.host }}/d/{{ .Values.params.grafana.dashboard.uid }}/{{ .Values.params.grafana.dashboard.title }}?orgId={{ .Values.params.grafana.dashboard.orgid }}&var-namespace=$(params.pipelineRunNamespace)&var-tekton_dev_pipeline=$(params.pipelineName)&var-tekton_dev_pipelineRun=$(params.pipelineRunName)&var-tekton_dev_taskRun=All", - "message": "Jarvis has successfully processed the run for change #$(params.changeNumber) ps #$(params.patchSetNumber) to the $(params.project) repo" + "message": "${MESSAGE}", + "finished": "$(date --utc '+%F %T.%N')" } EOF diff --git a/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml b/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml index e47a478c..1273eeda 100644 --- a/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml +++ b/charts/jarvis-system/templates/TriggerTemplate-createFailure.yaml @@ -20,6 +20,7 @@ spec: metadata: generateName: {{ template "helpers.labels.fullname" . }}-createfailure- spec: + serviceAccountName: jarvis-system-el pipelineRef: name: {{ template "helpers.labels.fullname" . }}-createfailure params: diff --git a/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml b/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml index a389348d..3e9d7bef 100644 --- a/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml +++ b/charts/jarvis-system/templates/TriggerTemplate-createSuccess.yaml @@ -20,6 +20,7 @@ spec: metadata: generateName: {{ template "helpers.labels.fullname" . }}-createsuccess- spec: + serviceAccountName: jarvis-system-el pipelineRef: name: {{ template "helpers.labels.fullname" . }}-createsuccess params: diff --git a/charts/jarvis-system/values.yaml b/charts/jarvis-system/values.yaml index 982a20e8..3a9a32ef 100644 --- a/charts/jarvis-system/values.yaml +++ b/charts/jarvis-system/values.yaml @@ -20,6 +20,10 @@ images: tag: "1.0" name: standard-container repo: docker.io + task_results: + tag: "1.0" + name: standard-container + repo: docker.io task_curl: tag: "3.8" name: evl.ms/curl @@ -54,4 +58,7 @@ params: host: grafana.jarvis.local title: loki-pipeline-logs-dashboard uid: lokiPipelineDash - orgid: 1 \ No newline at end of file + orgid: 1 + harbor: + dashboard: + host: harbor-core.jarvis.local \ No newline at end of file diff --git a/tools/gate/jarvis/800-deploy-jarvis-projects.sh b/tools/gate/jarvis/800-deploy-jarvis-projects.sh index b84c9232..e56c0073 100755 --- a/tools/gate/jarvis/800-deploy-jarvis-projects.sh +++ b/tools/gate/jarvis/800-deploy-jarvis-projects.sh @@ -90,6 +90,7 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth while true; do result="$(curl -L https://gerrit.jarvis.local/changes/${CHANGE_ID_COUNTER}/revisions/1/checks | tail -1 | jq -r .[].state)" [ $result == "SUCCESSFUL" ] && break || true + [ $result == "FAILED" ] && exit 1 || true sleep 25 now=$(date +%s) if [ $now -gt $end ] ; then