From 300ec6158254313a3e75c4563e64653182cbfa04 Mon Sep 17 00:00:00 2001 From: Bolaji Olajide <25608335+BolajiOlajide@users.noreply.github.com> Date: Fri, 29 Dec 2023 12:41:36 +0100 Subject: [PATCH] release: cleanup sg release subcommand (#59231) * cleanup * relocate test file * bazel --- cmd/server/shared/shared.go | 2 +- dev/sg/BUILD.bazel | 6 +- dev/sg/internal/release/BUILD.bazel | 23 ++++ .../{release.go => internal/release/cve.go} | 113 ++++++------------ .../release/cve_test.go} | 2 +- dev/sg/sg_release.go | 50 ++++++++ 6 files changed, 115 insertions(+), 81 deletions(-) create mode 100644 dev/sg/internal/release/BUILD.bazel rename dev/sg/{release.go => internal/release/cve.go} (65%) rename dev/sg/{release_test.go => internal/release/cve_test.go} (97%) create mode 100644 dev/sg/sg_release.go diff --git a/cmd/server/shared/shared.go b/cmd/server/shared/shared.go index 41ad293b5bc..07f746d7cd5 100644 --- a/cmd/server/shared/shared.go +++ b/cmd/server/shared/shared.go @@ -290,7 +290,7 @@ func runMigrator() { log.Println("Migrated postgres schemas.") } -func shouldPostgresReindex() (shouldReindex bool) { +func shouldPostgresReindex() bool { fmt.Printf("Checking whether a Postgres reindex is required...\n") // Check for presence of the reindex marker file diff --git a/dev/sg/BUILD.bazel b/dev/sg/BUILD.bazel index 25df70eaafd..a6c3e3729e6 100644 --- a/dev/sg/BUILD.bazel +++ b/dev/sg/BUILD.bazel @@ -10,7 +10,6 @@ go_library( "live.go", "main.go", "os.go", - "release.go", "sg_analytics.go", "sg_audit.go", "sg_cloud.go", @@ -29,6 +28,7 @@ go_library( "sg_monitoring.go", "sg_ops.go", "sg_page.go", + "sg_release.go", "sg_rfc.go", "sg_run.go", "sg_secret.go", @@ -51,7 +51,6 @@ go_library( "//dev/sg/dependencies", "//dev/sg/internal/analytics", "//dev/sg/internal/background", - "//dev/sg/internal/bk", "//dev/sg/internal/category", "//dev/sg/internal/check", "//dev/sg/internal/db", @@ -61,6 +60,7 @@ go_library( "//dev/sg/internal/images", "//dev/sg/internal/migration", "//dev/sg/internal/open", + "//dev/sg/internal/release", "//dev/sg/internal/repo", "//dev/sg/internal/rfc", "//dev/sg/internal/run", @@ -142,7 +142,6 @@ go_test( timeout = "short", srcs = [ "main_test.go", - "release_test.go", "sg_start_test.go", ], # Required by func findRoot() to check if sg is running in sourcegraph/sourcegraph @@ -156,7 +155,6 @@ go_test( "//dev/sg/internal/std", "//lib/output/outputtest", "@com_github_google_go_cmp//cmp", - "@com_github_hexops_autogold_v2//:autogold", "@com_github_stretchr_testify//assert", "@com_github_urfave_cli_v2//:cli", ], diff --git a/dev/sg/internal/release/BUILD.bazel b/dev/sg/internal/release/BUILD.bazel new file mode 100644 index 00000000000..f48fceda319 --- /dev/null +++ b/dev/sg/internal/release/BUILD.bazel @@ -0,0 +1,23 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//dev:go_defs.bzl", "go_test") + +go_library( + name = "release", + srcs = ["cve.go"], + importpath = "github.com/sourcegraph/sourcegraph/dev/sg/internal/release", + visibility = ["//dev/sg:__subpackages__"], + deps = [ + "//dev/sg/internal/bk", + "//dev/sg/internal/std", + "//lib/errors", + "//lib/output", + "@com_github_grafana_regexp//:regexp", + ], +) + +go_test( + name = "release_test", + srcs = ["cve_test.go"], + embed = [":release"], + deps = ["@com_github_hexops_autogold_v2//:autogold"], +) diff --git a/dev/sg/release.go b/dev/sg/internal/release/cve.go similarity index 65% rename from dev/sg/release.go rename to dev/sg/internal/release/cve.go index bfe201eca4c..e0acac16e3f 100644 --- a/dev/sg/release.go +++ b/dev/sg/internal/release/cve.go @@ -1,66 +1,64 @@ -package main +package release import ( "bytes" + "context" "io" "net/http" "strings" "github.com/grafana/regexp" - "github.com/urfave/cli/v2" "github.com/sourcegraph/sourcegraph/dev/sg/internal/bk" - "github.com/sourcegraph/sourcegraph/dev/sg/internal/category" "github.com/sourcegraph/sourcegraph/dev/sg/internal/std" "github.com/sourcegraph/sourcegraph/lib/errors" "github.com/sourcegraph/sourcegraph/lib/output" ) -var releaseCommand = &cli.Command{ - Name: "release", - Usage: "Sourcegraph release utilities", - Category: category.Util, - Subcommands: []*cli.Command{{ - Name: "cve-check", - Usage: "Check all CVEs found in a buildkite build against a set of preapproved CVEs for a release", - Category: category.Util, - Action: cveCheck, - Flags: []cli.Flag{ - &buildNumberFlag, - &referenceUriFlag, - }, - UsageText: `sg release cve-check -u https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/ -b 184191`, - }}, -} - -var buildNumberFlag = cli.StringFlag{ - Name: "buildNumber", - Usage: "The buildkite build number to check for CVEs", - Required: true, - Aliases: []string{"b"}, -} - -var referenceUriFlag = cli.StringFlag{ - Name: "uri", - Usage: "A reference url that contains approved CVEs. Often a link to a handbook page eg: https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/.", - Required: true, - Aliases: []string{"u"}, -} - var cvePattern = regexp.MustCompile(`<\w+>(CVE-\d+-\d+)<\/\w+>`) -func cveCheck(cmd *cli.Context) error { - std.Out.WriteLine(output.Styledf(output.StylePending, "Checking release for approved CVEs...")) +func findUnapprovedCVEs(all []string, referenceDocument string) []string { + var unapproved []string + for _, cve := range all { + if !strings.Contains(referenceDocument, cve) { + unapproved = append(unapproved, cve) + } + } + return unapproved +} - referenceUrl := referenceUriFlag.Get(cmd) - number := buildNumberFlag.Get(cmd) +func extractCVEs(pattern *regexp.Regexp, document string) []string { + var found []string + matches := pattern.FindAllStringSubmatch(document, -1) + for _, match := range matches { + cve := strings.TrimSpace(match[1]) + found = append(found, cve) + } + return found +} - client, err := bk.NewClient(cmd.Context, std.Out) +func downloadUrl(uri string, w io.Writer) (err error) { + std.Out.WriteLine(output.Styledf(output.StylePending, "Downloading url: %s", uri)) + resp, err := http.Get(uri) + if err != nil { + return err + } + defer resp.Body.Close() + + _, err = io.Copy(w, resp.Body) + if err != nil { + return err + } + return nil +} + +func CveCheck(ctx context.Context, buildNumber, referenceUrl string, verbose bool) error { + client, err := bk.NewClient(ctx, std.Out) if err != nil { return errors.Wrap(err, "bk.NewClient") } - artifacts, err := client.ListArtifactsByBuildNumber(cmd.Context, "sourcegraph", number) + artifacts, err := client.ListArtifactsByBuildNumber(ctx, "sourcegraph", buildNumber) if err != nil { return errors.Wrap(err, "unable to list artifacts by build number") } @@ -112,38 +110,3 @@ func cveCheck(cmd *cli.Context) error { return nil } - -func findUnapprovedCVEs(all []string, referenceDocument string) []string { - var unapproved []string - for _, cve := range all { - if !strings.Contains(referenceDocument, cve) { - unapproved = append(unapproved, cve) - } - } - return unapproved -} - -func extractCVEs(pattern *regexp.Regexp, document string) []string { - var found []string - matches := pattern.FindAllStringSubmatch(document, -1) - for _, match := range matches { - cve := strings.TrimSpace(match[1]) - found = append(found, cve) - } - return found -} - -func downloadUrl(uri string, w io.Writer) (err error) { - std.Out.WriteLine(output.Styledf(output.StylePending, "Downloading url: %s", uri)) - resp, err := http.Get(uri) - if err != nil { - return err - } - defer resp.Body.Close() - - _, err = io.Copy(w, resp.Body) - if err != nil { - return err - } - return nil -} diff --git a/dev/sg/release_test.go b/dev/sg/internal/release/cve_test.go similarity index 97% rename from dev/sg/release_test.go rename to dev/sg/internal/release/cve_test.go index 8fe03810495..df69bfd3a0c 100644 --- a/dev/sg/release_test.go +++ b/dev/sg/internal/release/cve_test.go @@ -1,4 +1,4 @@ -package main +package release import ( "testing" diff --git a/dev/sg/sg_release.go b/dev/sg/sg_release.go new file mode 100644 index 00000000000..f01784a7ff9 --- /dev/null +++ b/dev/sg/sg_release.go @@ -0,0 +1,50 @@ +package main + +import ( + "github.com/urfave/cli/v2" + + "github.com/sourcegraph/sourcegraph/dev/sg/internal/category" + "github.com/sourcegraph/sourcegraph/dev/sg/internal/release" + "github.com/sourcegraph/sourcegraph/dev/sg/internal/std" + "github.com/sourcegraph/sourcegraph/lib/output" +) + +var releaseCommand = &cli.Command{ + Name: "release", + Usage: "Sourcegraph release utilities", + Category: category.Util, + Subcommands: []*cli.Command{{ + Name: "cve-check", + Usage: "Check all CVEs found in a buildkite build against a set of preapproved CVEs for a release", + Category: category.Util, + Action: cveCheck, + Flags: []cli.Flag{ + &buildNumberFlag, + &referenceUriFlag, + }, + UsageText: `sg release cve-check -u https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/ -b 184191`, + }}, +} + +var buildNumberFlag = cli.StringFlag{ + Name: "buildNumber", + Usage: "The buildkite build number to check for CVEs", + Required: true, + Aliases: []string{"b"}, +} + +var referenceUriFlag = cli.StringFlag{ + Name: "uri", + Usage: "A reference url that contains approved CVEs. Often a link to a handbook page eg: https://handbook.sourcegraph.com/departments/security/tooling/trivy/4-2-0/.", + Required: true, + Aliases: []string{"u"}, +} + +func cveCheck(cmd *cli.Context) error { + std.Out.WriteLine(output.Styledf(output.StylePending, "Checking release for approved CVEs...")) + + referenceUrl := referenceUriFlag.Get(cmd) + buildNumber := buildNumberFlag.Get(cmd) + + return release.CveCheck(cmd.Context, buildNumber, referenceUrl, verbose) +}