release: cleanup sg release subcommand (#59231)

* cleanup * relocate test file * bazel
2026-02-06 17:11:49 +00:00 · 2023-12-29 12:41:36 +01:00 · 2023-12-29 12:41:36 +01:00 · 300ec61582
commit 300ec61582
parent 5fe777121a
6 changed files with 115 additions and 81 deletions
--- a/cmd/server/shared/shared.go
+++ b/cmd/server/shared/shared.go
@ -290,7 +290,7 @@ func runMigrator() {
 	log.Println("Migrated postgres schemas.")
 }

-func shouldPostgresReindex() (shouldReindex bool) {
+func shouldPostgresReindex() bool {
 	fmt.Printf("Checking whether a Postgres reindex is required...\n")

 	// Check for presence of the reindex marker file
--- a/dev/sg/BUILD.bazel
+++ b/dev/sg/BUILD.bazel
@ -10,7 +10,6 @@ go_library(
        "live.go",
        "main.go",
        "os.go",
-        "release.go",
        "sg_analytics.go",
        "sg_audit.go",
        "sg_cloud.go",
@ -29,6 +28,7 @@ go_library(
        "sg_monitoring.go",
        "sg_ops.go",
        "sg_page.go",
+        "sg_release.go",
        "sg_rfc.go",
        "sg_run.go",
        "sg_secret.go",
@ -51,7 +51,6 @@ go_library(
        "//dev/sg/dependencies",
        "//dev/sg/internal/analytics",
        "//dev/sg/internal/background",
-        "//dev/sg/internal/bk",
        "//dev/sg/internal/category",
        "//dev/sg/internal/check",
        "//dev/sg/internal/db",
@ -61,6 +60,7 @@ go_library(
        "//dev/sg/internal/images",
        "//dev/sg/internal/migration",
        "//dev/sg/internal/open",
+        "//dev/sg/internal/release",
        "//dev/sg/internal/repo",
        "//dev/sg/internal/rfc",
        "//dev/sg/internal/run",
@ -142,7 +142,6 @@ go_test(
    timeout = "short",
    srcs = [
        "main_test.go",
-        "release_test.go",
        "sg_start_test.go",
    ],
    # Required by func findRoot() to check if sg is running in sourcegraph/sourcegraph
@ -156,7 +155,6 @@ go_test(
        "//dev/sg/internal/std",
        "//lib/output/outputtest",
        "@com_github_google_go_cmp//cmp",
-        "@com_github_hexops_autogold_v2//:autogold",
        "@com_github_stretchr_testify//assert",
        "@com_github_urfave_cli_v2//:cli",
    ],
--- a/dev/sg/internal/release/BUILD.bazel
+++ b/dev/sg/internal/release/BUILD.bazel
@ -0,0 +1,23 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("//dev:go_defs.bzl", "go_test")
+
+go_library(
+    name = "release",
+    srcs = ["cve.go"],
+    importpath = "github.com/sourcegraph/sourcegraph/dev/sg/internal/release",
+    visibility = ["//dev/sg:__subpackages__"],
+    deps = [
+        "//dev/sg/internal/bk",
+        "//dev/sg/internal/std",
+        "//lib/errors",
+        "//lib/output",
+        "@com_github_grafana_regexp//:regexp",
+    ],
+)
+
+go_test(
+    name = "release_test",
+    srcs = ["cve_test.go"],
+    embed = [":release"],
+    deps = ["@com_github_hexops_autogold_v2//:autogold"],
+)
--- a/dev/sg/internal/release/cve.go
+++ b/dev/sg/internal/release/cve.go
@ -1,66 +1,64 @@
-package main
+package release

 import (
 	"bytes"
+	"context"
 	"io"
 	"net/http"
 	"strings"

 	"github.com/grafana/regexp"
-	"github.com/urfave/cli/v2"

 	"github.com/sourcegraph/sourcegraph/dev/sg/internal/bk"
-	"github.com/sourcegraph/sourcegraph/dev/sg/internal/category"
 	"github.com/sourcegraph/sourcegraph/dev/sg/internal/std"
 	"github.com/sourcegraph/sourcegraph/lib/errors"
 	"github.com/sourcegraph/sourcegraph/lib/output"
 )

-var releaseCommand = &cli.Command{
-	Name:     "release",
-	Usage:    "Sourcegraph release utilities",
-	Category: category.Util,
-	Subcommands: []*cli.Command{{
-		Name:     "cve-check",
-		Usage:    "Check all CVEs found in a buildkite build against a set of preapproved CVEs for a release",
-		Category: category.Util,
-		Action:   cveCheck,
-		Flags: []cli.Flag{
-			&buildNumberFlag,
-			&referenceUriFlag,
-		},
-		UsageText: `sg release cve-check -u https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/ -b 184191`,
-	}},
-}
-
-var buildNumberFlag = cli.StringFlag{
-	Name:     "buildNumber",
-	Usage:    "The buildkite build number to check for CVEs",
-	Required: true,
-	Aliases:  []string{"b"},
-}
-
-var referenceUriFlag = cli.StringFlag{
-	Name:     "uri",
-	Usage:    "A reference url that contains approved CVEs. Often a link to a handbook page eg: https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/.",
-	Required: true,
-	Aliases:  []string{"u"},
-}
-
 var cvePattern = regexp.MustCompile(`<\w+>(CVE-\d+-\d+)<\/\w+>`)

-func cveCheck(cmd *cli.Context) error {
-	std.Out.WriteLine(output.Styledf(output.StylePending, "Checking release for approved CVEs..."))
+func findUnapprovedCVEs(all []string, referenceDocument string) []string {
+	var unapproved []string
+	for _, cve := range all {
+		if !strings.Contains(referenceDocument, cve) {
+			unapproved = append(unapproved, cve)
+		}
+	}
+	return unapproved
+}

-	referenceUrl := referenceUriFlag.Get(cmd)
-	number := buildNumberFlag.Get(cmd)
+func extractCVEs(pattern *regexp.Regexp, document string) []string {
+	var found []string
+	matches := pattern.FindAllStringSubmatch(document, -1)
+	for _, match := range matches {
+		cve := strings.TrimSpace(match[1])
+		found = append(found, cve)
+	}
+	return found
+}

-	client, err := bk.NewClient(cmd.Context, std.Out)
+func downloadUrl(uri string, w io.Writer) (err error) {
+	std.Out.WriteLine(output.Styledf(output.StylePending, "Downloading url: %s", uri))
+	resp, err := http.Get(uri)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	_, err = io.Copy(w, resp.Body)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func CveCheck(ctx context.Context, buildNumber, referenceUrl string, verbose bool) error {
+	client, err := bk.NewClient(ctx, std.Out)
 	if err != nil {
 		return errors.Wrap(err, "bk.NewClient")
 	}

-	artifacts, err := client.ListArtifactsByBuildNumber(cmd.Context, "sourcegraph", number)
+	artifacts, err := client.ListArtifactsByBuildNumber(ctx, "sourcegraph", buildNumber)
 	if err != nil {
 		return errors.Wrap(err, "unable to list artifacts by build number")
 	}
@ -112,38 +110,3 @@ func cveCheck(cmd *cli.Context) error {

 	return nil
 }
-
-func findUnapprovedCVEs(all []string, referenceDocument string) []string {
-	var unapproved []string
-	for _, cve := range all {
-		if !strings.Contains(referenceDocument, cve) {
-			unapproved = append(unapproved, cve)
-		}
-	}
-	return unapproved
-}
-
-func extractCVEs(pattern *regexp.Regexp, document string) []string {
-	var found []string
-	matches := pattern.FindAllStringSubmatch(document, -1)
-	for _, match := range matches {
-		cve := strings.TrimSpace(match[1])
-		found = append(found, cve)
-	}
-	return found
-}
-
-func downloadUrl(uri string, w io.Writer) (err error) {
-	std.Out.WriteLine(output.Styledf(output.StylePending, "Downloading url: %s", uri))
-	resp, err := http.Get(uri)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	_, err = io.Copy(w, resp.Body)
-	if err != nil {
-		return err
-	}
-	return nil
-}
--- a/dev/sg/internal/release/cve_test.go
+++ b/dev/sg/internal/release/cve_test.go
@ -1,4 +1,4 @@
-package main
+package release

 import (
 	"testing"
--- a/dev/sg/sg_release.go
+++ b/dev/sg/sg_release.go
@ -0,0 +1,50 @@
+package main
+
+import (
+	"github.com/urfave/cli/v2"
+
+	"github.com/sourcegraph/sourcegraph/dev/sg/internal/category"
+	"github.com/sourcegraph/sourcegraph/dev/sg/internal/release"
+	"github.com/sourcegraph/sourcegraph/dev/sg/internal/std"
+	"github.com/sourcegraph/sourcegraph/lib/output"
+)
+
+var releaseCommand = &cli.Command{
+	Name:     "release",
+	Usage:    "Sourcegraph release utilities",
+	Category: category.Util,
+	Subcommands: []*cli.Command{{
+		Name:     "cve-check",
+		Usage:    "Check all CVEs found in a buildkite build against a set of preapproved CVEs for a release",
+		Category: category.Util,
+		Action:   cveCheck,
+		Flags: []cli.Flag{
+			&buildNumberFlag,
+			&referenceUriFlag,
+		},
+		UsageText: `sg release cve-check -u https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/ -b 184191`,
+	}},
+}
+
+var buildNumberFlag = cli.StringFlag{
+	Name:     "buildNumber",
+	Usage:    "The buildkite build number to check for CVEs",
+	Required: true,
+	Aliases:  []string{"b"},
+}
+
+var referenceUriFlag = cli.StringFlag{
+	Name:     "uri",
+	Usage:    "A reference url that contains approved CVEs. Often a link to a handbook page eg: https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/.",
+	Required: true,
+	Aliases:  []string{"u"},
+}
+
+func cveCheck(cmd *cli.Context) error {
+	std.Out.WriteLine(output.Styledf(output.StylePending, "Checking release for approved CVEs..."))
+
+	referenceUrl := referenceUriFlag.Get(cmd)
+	buildNumber := buildNumberFlag.Get(cmd)
+
+	return release.CveCheck(cmd.Context, buildNumber, referenceUrl, verbose)
+}