Cr 16568 lib r (#504)

Author: andrii-codefresh

workflows/codefresh-csdp/CHANGELOG.md

@@ -1,4 +1,7 @@
 # Changelog 
+ 
+## v1.1.8 (28.02.2023)
+* Using @codefresh-io/cf-report-image-toolbox library
 
 ## v1.1.7 (16.01.2023)
 ### report-image-info

workflows/codefresh-csdp/versions/1.1.8/README.md

@@ -0,0 +1,17 @@
+# CSDP-metadata
+
+## Summary
+
+A set of templates to operate against Codefresh Software Delivery Platform such as reporting image information to the Argo platform, and enriching images with metadata and annotation for GitHub (PRs, commits, etc) and Jira (title, assignee, etc).
+
+## Templates
+
+1. [image-enricher-git-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.8/docs/image-enricher-git-info.md)
+2. [image-enricher-jira-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.8/docs/image-enricher-jira-info.md)
+3. [report-image-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/1.1.8/docs/report-image-info.md)
+
+## Security
+
+Minimal required permissions
+
+[Full rbac permissions list](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csp/versions/1.1.8/rbac.yaml)

workflows/codefresh-csdp/versions/1.1.8/docs/image-enricher-git-info.md

@@ -0,0 +1,68 @@
+# image-enricher-git-info
+
+## Summary
+Enrich images with metadata and annotation such as PR, commits, committers.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - The image name that was imported into Codefresh to enrich
+* GIT_PROVIDER (required) - One of the supported git providers: github, gitlab, bitbucket, bitbucket-server
+* BRANCH (required) - The git branch to use to enrich
+* REPO (required) - The repo to use to enrich
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key created by **runtime**
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API key created by **runtime**. Default is 'token'
+* CF_HOST_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'https://g.codefresh.io'
+* GITHUB_API_HOST_URL (optional) - The URL to reach the GitHub API (support on-premises GitHub api). Default is 'https://api.github.com'
+* GITHUB_API_PATH_PREFIX (optional) - The API prefix path for GitHub (support on-premises GitHub path prefix).
+* GITHUB_TOKEN_SECRET_NAME (optional) - The Kubernetes secret containing the GitHub token
+* GITHUB_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GitHub token. Default is 'token'
+* GITHUB_CONTEXT (optional) - The name of the github context from classic codefresh platform
+* GITLAB_HOST_URL (optional) - The URL to reach the GitLab API (support on-premises GitLab api). Default is 'https://gitlab.com'
+* GITLAB_TOKEN_SECRET_NAME (optional) - The Kubernetes secret containing the GitLab token
+* GITLAB_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GitLab token. Default is 'token'
+* BITBUCKET_HOST_URL (optional) - The URL to reach the BitBucket API (support on-premises BitBucket api). Default is 'https://api.bitbucket.org/2.0'
+* BITBUCKET_SECRET_NAME (optional) - The Kubernetes secret containing the BitBucket credentials
+* BITBUCKET_USERNAME_SECRET_KEY (optional) - The key in the Kubernetes secret containing the BitBucket username. Default is 'username'
+* BITBUCKET_PASSWORD_SECRET_KEY (optional) - The key in the Kubernetes secret containing the BitBucket password. Default is 'password'
+
+### Outputs
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-git-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-git-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.8
+          template: image-enricher-git-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: GIT_PROVIDER
+            value: 'github'
+          - name: REPO
+            value: 'codefresh/cfstep-helm'
+          - name: BRANCH
+            value: 'main'
+          - name: GITHUB_TOKEN_SECRET_NAME
+            value: 'github-creds'
+          - name: GITHUB_TOKEN_SECRET_KEY
+            value: 'token'
+```

workflows/codefresh-csdp/versions/1.1.8/docs/image-enricher-jira-info.md

@@ -0,0 +1,63 @@
+# image-enricher-jira-info
+
+## Summary
+Enrich images with metadata and annotation such as ticket number, title, assignee, status.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - The image URI that was imported into Codefresh to enrich
+* JIRA_HOST_URL (required) - jira host url
+* JIRA_API_TOKEN_SECRET (required) - Name of Kubernetes secret that contains a jira email and token that you generate in jira
+* JIRA_API_TOKEN_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira API token. Default is 'token'
+* JIRA_EMAIL_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira Email associated with the API token. Default is 'email'
+* JIRA_MESSAGE (required) - message from which you want retrieve issue name, can be a branch, commit message, whatever
+* JIRA_PROJECT_PREFIX (required) - jira project prefix like: SAAS, CF, etc
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key created by **runtime**
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API key created by **runtime**. Default is 'token'
+* CF_HOST_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'https://g.codefresh.io'
+* JIRA_CONTEXT (optional) - The Jira context to use
+* FAIL_ON_NOT_FOUND (optional) - fail in case of ticket not found. Default is 'false'
+
+### Outputs
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-jira-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-jira-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.8
+          template: image-enricher-jira-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: JIRA_PROJECT_PREFIX
+            value: 'CR'
+          - name: JIRA_MESSAGE
+            value: 'working on CR-11027'
+          - name: JIRA_HOST_URL
+            value: 'https://jira.atlassian.net'
+          - name: JIRA_API_TOKEN_SECRET
+            value: 'jira-creds'
+          - name: JIRA_API_TOKEN_SECRET_KEY
+            value: 'token'
+          - name: JIRA_EMAIL_SECRET_KEY
+            value: 'email'
+```

workflows/codefresh-csdp/versions/1.1.8/docs/report-image-info.md

@@ -0,0 +1,85 @@
+# report-image-info
+
+## Summary
+Report image info to argo platform.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE_NAME (required) - your image to which you want to report
+* CF_API_KEY (required) - Codefresh API key created by **runtime**
+* CF_HOST_URL (optional) - support on-premises Codefresh URL
+* WORKFLOW_NAME (optional) - name of the workflow
+* WORKFLOW_URL (optional) - external url of the workflow
+* LOGS_URL (optional) - external url of the workflow logs
+* REGISTRY_INSECURE (optional) - security flag for standard registry protocol, when set to true it enables http protocol.
+* RETRIEVE_CREDENTIALS_BY_DOMAIN (optional) - decide about the authentication method based on the image domain
+* DOCKERFILE_CONTENT (optional) - base64 encoded content of the Dockerfile used for building image
+* DOCKERFILE_PATH (optional) - path to the Dockerfile used for building image (used if DOCKERFILE_CONTENT is empty)
+#### Specify one from following required registry parameters:
+* GCR_KEY_FILE_PATH (required) - JSON key for authenticating to a Google GCR
+* GCR_KEY_SECRET (required) - The Kubernetes secret containing the GCR key information. Default is 'gcr-key-file'
+* GCR_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GCR key information. Default is '.keyjson'
+* AWS_ACCESS_KEY (required) - The Kubernetes secret with the Amazon access key
+* AWS_ACCESS_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon access key. Default is 'aws-access-key'
+* AWS_SECRET_KEY (required) - The Kubernetes secret with the Amazon secret key
+* AWS_SECRET_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon secret key. Default is 'aws-secret-key'
+* AWS_REGION (required) - The Kubernetes secret with the Amazon region
+* AWS_REGION_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon region. Default is 'aws-region'
+* DOCKER_CONFIG_FILE_PATH (required) - docker config json for authenticating to a registry (GCR, ECR, ACR not supported)
+* DOCKER_CONFIG_SECRET (required) - The Kubernetes secret containing the docker config json information. Default is 'docker-registry'
+* DOCKER_CONFIG_SECRET_KEY  (optional) - The key in the Kubernetes secret containing the docker config json information. Default is '.dockerconfigjson'
+* DOCKERHUB_USERNAME (required) - The Kubernetes secret with the docker username
+* DOCKERHUB_USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the docker username. Default is 'username'
+* DOCKERHUB_PASSWORD (required) - The Kubernetes secret with the docker password
+* DOCKERHUB_PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the docker password. Default is 'password'
+* REGISTRY_USERNAME (required) - The Kubernetes secret with the standard registry username
+* USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry username. Default is 'username'
+* REGISTRY_PASSWORD (required) - The Kubernetes secret with the standard registry password
+* PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry password. Default is 'password'
+* REGISTRY_DOMAIN (required) - The Kubernetes secret with the standard registry domain
+* REGISTRY_DOMAIN_SECRET_KEY (optional) - The key in the Kubernetes secret with the standard registry domain. Default is 'domain'
+* AWS_ROLE_SECRET (required) - The Kubernetes secret with the Amazon role
+* AWS_ROLE_SECRET_KEY (optional) -The key in the Kubernetes secret with the standard Amazon role. Default is 'role'
+
+### Outputs
+* `image-name` – name of the reported image
+* `image-sha` – SHA of the reported image
+* `image-link` – link to the image in codefresh
+* `exit-error` – message of the error that caused template failure
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: report-image-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: report-image-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.1.1.8
+          template: report-image-info
+        arguments:
+          parameters:
+          - name: CF_API_KEY
+            value: 'codefresh-token'
+          - name: CF_API_KEY_SECRET_KEY
+            value: 'token'
+          - name: IMAGE_NAME
+            value: 'deniscodefresh/ppid-inspector:latest'
+          - name: DOCKERHUB_USERNAME
+            value: 'dockerhub-creds'
+          - name: USERNAME_SECRET_KEY
+            value: 'username'
+          - name: DOCKERHUB_PASSWORD
+            value: 'dockerhub-creds'
+          - name: PASSWORD_SECRET_KEY
+            value: 'password'
+```

workflows/codefresh-csdp/versions/1.1.8/images/image-enricher-git-info/.nvmrc

@@ -0,0 +1 @@
+18.12.1

workflows/codefresh-csdp/versions/1.1.8/images/image-enricher-git-info/Dockerfile

@@ -0,0 +1,12 @@
+FROM node:18.12.1-alpine
+
+WORKDIR /app/
+
+COPY package.json .
+COPY yarn.lock .
+
+RUN yarn
+
+COPY . .
+
+CMD [ "node", "/app/src/index.js" ]

workflows/codefresh-csdp/versions/1.1.8/images/image-enricher-git-info/README.md

@@ -0,0 +1 @@
+# image-enricher-git-info

workflows/codefresh-csdp/versions/1.1.8/images/image-enricher-git-info/package.json

@@ -0,0 +1,16 @@
+{
+  "name": "image-enricher-git-info",
+  "version": "0.0.2",
+  "private": true,
+  "scripts": {
+    "start": "node src/index.js"
+  },
+  "engines": {
+    "node": "18.12.1"
+  },
+  "dependencies": {
+    "@codefresh-io/cf-report-image-toolbox": "^1.0.0",
+    "joi": "^17.6.0",
+    "lodash": "^4.17.21"
+  }
+}

workflows/codefresh-csdp/versions/1.1.8/images/image-enricher-git-info/src/configuration/index.js

@@ -0,0 +1,84 @@
+const Joi = require('joi')
+const _ = require('lodash')
+
+const platform = {
+    GITOPS: 'GITOPS',
+}
+
+const providers = {
+    GITHUB: 'github',
+    BITBUCKET: 'bitbucket',
+    BITBUCKET_SERVER: 'bitbucket-server',
+    GITLAB: 'gitlab'
+}
+
+const inputs = {
+    platform: platform.GITOPS,
+    provider: process.env.GIT_PROVIDER?.trim(),
+    cfHost: process.env.CF_HOST_URL?.trim() || 'https://g.codefresh.io',
+    cfApiKey: process.env.CF_API_KEY?.trim(),
+    imageName: process.env.IMAGE_NAME?.trim(),
+    repo: process.env.REPO?.trim(),
+    branch: process.env.BRANCH?.trim(),
+
+    // github
+    githubApiHost: process.env.GITHUB_API_HOST_URL?.trim() || 'https://api.github.com',
+    githubToken: process.env.GITHUB_TOKEN?.trim(),
+    githubApiPathPrefix: process.env.GITHUB_API_PATH_PREFIX?.trim() || '/',
+    githubContextName: process.env.GITHUB_CONTEXT?.trim(),
+
+    // gitlab
+    gitlabHost: process.env.GITLAB_HOST_URL?.trim() || 'https://gitlab.com',
+    gitlabToken: process.env.GITLAB_TOKEN?.trim(),
+
+    // bitbucket
+    bitbucketHost: process.env.BITBUCKET_HOST_URL?.trim() || 'https://api.bitbucket.org/2.0',
+    bitbucketUsername: process.env.BITBUCKET_USERNAME?.trim(),
+    bitbucketPassword: process.env.BITBUCKET_PASSWORD?.trim(),
+
+    commitsByUserLimit: Number(process.env.CF_COMMITS_BY_USER_LIMIT?.trim()) || 5,
+};
+
+const schema = Joi.object({
+    GIT_PROVIDER: Joi.string().valid(...Object.values(providers)).required(),
+    CF_HOST_URL: Joi.string().uri().empty(''),
+    CF_API_KEY: Joi.string().required(),
+    IMAGE_NAME: Joi.string().required(),
+    REPO: Joi.string().required(),
+    BRANCH: Joi.string().required(),
+
+    // others
+    CF_COMMITS_BY_USER_LIMIT: Joi.number(),
+})
+.when(Joi.object({ GIT_PROVIDER: Joi.valid(providers.GITHUB) }).unknown(), {
+    then: Joi.object({
+        GITHUB_API_HOST_URL: Joi.string().uri().empty(''),
+        GITHUB_TOKEN: Joi.string().empty(''),
+        GITHUB_API_PATH_PREFIX: Joi.string().uri({ relativeOnly: true }).empty(''),
+        GITHUB_CONTEXT: Joi.string().empty(''),
+    }).xor('GITHUB_CONTEXT', 'GITHUB_TOKEN')
+})
+.when(Joi.object({ GIT_PROVIDER: Joi.valid(providers.GITLAB) }).unknown(), {
+    then: Joi.object({
+        GITLAB_HOST_URL: Joi.string().uri().empty(''),
+        GITLAB_TOKEN: Joi.string().required()
+    })
+})
+.when(Joi.object({ GIT_PROVIDER: Joi.valid(providers.BITBUCKET_SERVER, providers.BITBUCKET) }).unknown(), {
+    then: Joi.object({
+        BITBUCKET_HOST_URL: Joi.string().uri().empty(''),
+        BITBUCKET_USERNAME: Joi.string().required(),
+        BITBUCKET_PASSWORD: Joi.string().required()
+    })
+});
+
+module.exports = {
+    inputs,
+
+    providers,
+
+    validateInputs() {
+        const { error } = schema.validate(process.env, { allowUnknown: true });
+        return [ error, this.inputs ];
+    }
+}