Merge branch 'image-scan-fixes-oss' into further-refact-with-iter-1-image-scan-fixes

# Conflicts:
#	pkg/policyGovernance/security/imageScanning/ImageScanService.go

Author: prakash100198

internal/sql/repository/CiArtifactRepository.go

@@ -139,6 +139,8 @@ type CiArtifactRepository interface {
 	// MigrateToWebHookDataSourceType is used for backward compatibility. It'll migrate the deprecated DataSource type
 	MigrateToWebHookDataSourceType(id int) error
 	UpdateLatestTimestamp(artifactIds []int) error
+
+	Update(ciArtifact *CiArtifact) error
 }
 
 type CiArtifactRepositoryImpl struct {
@@ -858,3 +860,12 @@ func (impl CiArtifactRepositoryImpl) FindCiArtifactByImagePaths(images []string)
 	}
 	return ciArtifacts, nil
 }
+
+func (impl CiArtifactRepositoryImpl) Update(ciArtifact *CiArtifact) error {
+	err := impl.dbConnection.Update(ciArtifact)
+	if err != nil {
+		impl.logger.Errorw("error in updating ciArtifact", "ciArtifact", ciArtifact, "err", err)
+		return err
+	}
+	return nil
+}

pkg/eventProcessor/bean/workflowEventBean.go

@@ -82,6 +82,7 @@ type CiCompleteEvent struct {
 	ImageDetailsFromCR            json.RawMessage          `json:"imageDetailsFromCR"`
 	PluginRegistryArtifactDetails map[string][]string      `json:"PluginRegistryArtifactDetails"`
 	PluginArtifactStage           string                   `json:"pluginArtifactStage"`
+	IsScanEnabled                 bool                     `json:"isScanEnabled"`
 	pluginImageDetails            *registry.ImageDetailsFromCR
 	PluginArtifacts               *PluginArtifacts `json:"pluginArtifacts"`
 }

pkg/eventProcessor/in/WorkflowEventProcessorService.go

@@ -682,6 +682,7 @@ func (impl *WorkflowEventProcessorImpl) BuildCiArtifactRequest(event bean.CiComp
 		IsArtifactUploaded:            event.IsArtifactUploaded,
 		PluginRegistryArtifactDetails: pluginArtifacts,
 		PluginArtifactStage:           event.PluginArtifactStage,
+		IsScanEnabled:                 event.IsScanEnabled,
 	}
 	// if DataSource is empty, repository.WEBHOOK is considered as default
 	if request.DataSource == "" {

pkg/pipeline/PipelineStageService.go

@@ -50,6 +50,7 @@ type PipelineStageService interface {
 	// , there was a bug(https://github.com/devtron-labs/devtron/issues/3826) where we were not deleting pipeline stage entry even after deleting all the pipelineStageSteps
 	// , this will delete those pipelineStage entry
 	DeletePipelineStageIfReq(stageReq *bean.PipelineStageDto, userId int32) (error, bool)
+	IsScanPluginConfiguredAtPipelineStage(pipelineId int, pipelineStage repository.PipelineStageType, pluginName string) (bool, error)
 }
 
 func NewPipelineStageService(logger *zap.SugaredLogger,
@@ -2168,3 +2169,20 @@ func (impl *PipelineStageServiceImpl) extractAndMapScopedVariables(stageReq *bea
 	return impl.scopedVariableManager.ExtractAndMapVariables(string(requestJson), stageReq.Id, repository3.EntityTypePipelineStage, userId, tx)
 
 }
+
+func (impl *PipelineStageServiceImpl) IsScanPluginConfiguredAtPipelineStage(pipelineId int, pipelineStage repository.PipelineStageType, pluginName string) (bool, error) {
+	plugin, err := impl.globalPluginRepository.GetPluginByName(pluginName)
+	if err != nil {
+		impl.logger.Errorw("error in getting image scanning plugin, Vulnerability Scanning", "pipelineId", pipelineId, "pipelineStage", pipelineStage, "err", err)
+		return false, err
+	}
+	if len(plugin) == 0 {
+		return false, nil
+	}
+	isScanPluginConfigured, err := impl.pipelineStageRepository.CheckIfPluginExistsInPipelineStage(pipelineId, pipelineStage, plugin[0].Id)
+	if err != nil {
+		impl.logger.Errorw("error in getting ci pipeline plugin", "err", err, "pipelineId", pipelineId, "pluginId", plugin[0].Id)
+		return false, err
+	}
+	return isScanPluginConfigured, nil
+}

pkg/pipeline/repository/PipelineStageRepository.go

@@ -53,6 +53,22 @@ const (
 	PIPELINE_STAGE_STEP_VARIABLE_FORMAT_TYPE_DATE    PipelineStageStepVariableFormatType = "DATE"
 )
 
+func (r PipelineStageType) ToString() string {
+	return string(r)
+}
+func (r PipelineStageType) IsStageTypePreCi() bool {
+	return r == PIPELINE_STAGE_TYPE_PRE_CI
+}
+func (r PipelineStageType) IsStageTypePreCd() bool {
+	return r == PIPELINE_STAGE_TYPE_PRE_CD
+}
+func (r PipelineStageType) IsStageTypePostCi() bool {
+	return r == PIPELINE_STAGE_TYPE_POST_CI
+}
+func (r PipelineStageType) IsStageTypePostCd() bool {
+	return r == PIPELINE_STAGE_TYPE_POST_CD
+}
+
 type PipelineStage struct {
 	tableName    struct{}          `sql:"pipeline_stage" pg:",discard_unknown_columns"`
 	Id           int               `sql:"id,pk"`
@@ -184,6 +200,7 @@ type PipelineStageRepository interface {
 	MarkStepsDeletedByStageId(stageId int) error
 	MarkStepsDeletedExcludingActiveStepsInUpdateReq(activeStepIdsPresentInReq []int, stageId int) error
 	GetActiveStepsByRefPluginId(refPluginId int) ([]*PipelineStageStep, error)
+	CheckIfPluginExistsInPipelineStage(pipelineId int, stageType PipelineStageType, pluginId int) (bool, error)
 
 	CreatePipelineScript(pipelineScript *PluginPipelineScript, tx *pg.Tx) (*PluginPipelineScript, error)
 	UpdatePipelineScript(pipelineScript *PluginPipelineScript) (*PluginPipelineScript, error)
@@ -873,3 +890,26 @@ func (impl *PipelineStageRepositoryImpl) MarkConditionsDeletedExcludingActiveVar
 	}
 	return nil
 }
+
+func (impl *PipelineStageRepositoryImpl) CheckIfPluginExistsInPipelineStage(pipelineId int, stageType PipelineStageType, pluginId int) (bool, error) {
+	var step PipelineStageStep
+	query := impl.dbConnection.Model(&step).
+		Column("pipeline_stage_step.*").
+		Join("INNER JOIN pipeline_stage ps on ps.id = pipeline_stage_step.pipeline_stage_id").
+		Where("pipeline_stage_step.ref_plugin_id = ?", pluginId).
+		Where("ps.type = ?", stageType).
+		Where("pipeline_stage_step.deleted=?", false).
+		Where("ps.deleted= ?", false)
+
+	if stageType.IsStageTypePostCi() || stageType.IsStageTypePreCi() {
+		query.Where("ps.ci_pipeline_id= ?", pipelineId)
+	} else if stageType.IsStageTypePostCd() || stageType.IsStageTypePreCd() {
+		query.Where("ps.cd_pipeline_id= ?", pipelineId)
+	}
+	exists, err := query.Exists()
+	if err != nil {
+		impl.logger.Errorw("error in getting plugin stage step by pipelineId, stageType nad plugin id", "pipelineId", pipelineId, "stageType", stageType.ToString(), "pluginId", pluginId, "err", err)
+		return false, err
+	}
+	return exists, nil
+}

pkg/policyGovernance/security/imageScanning/ImageScanService.go

@@ -24,6 +24,7 @@ import (
 	bean3 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/bean"
 	repository3 "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository"
 	securityBean "github.com/devtron-labs/devtron/pkg/policyGovernance/security/imageScanning/repository/bean"
+	serverBean "github.com/devtron-labs/devtron/pkg/server/bean"
 	"go.opentelemetry.io/otel"
 	"time"
 
@@ -43,6 +44,7 @@ type ImageScanService interface {
 	FetchMinScanResultByAppIdAndEnvId(request *bean3.ImageScanRequest) (*bean3.ImageScanExecutionDetail, error)
 	VulnerabilityExposure(request *repository3.VulnerabilityRequest) (*repository3.VulnerabilityExposureListingResponse, error)
 	GetArtifactVulnerabilityStatus(ctx context.Context, request *bean2.VulnerabilityCheckRequest) (bool, error)
+	IsImageScanExecutionCompleted(image, imageDigest string) (bool, error)
 }
 
 type ImageScanServiceImpl struct {
@@ -644,3 +646,19 @@ func (impl ImageScanServiceImpl) updateCount(severity securityBean.Severity, cri
 	}
 	return criticalCount, highCount, moderateCount, lowCount, unkownCount
 }
+
+func (impl ImageScanServiceImpl) IsImageScanExecutionCompleted(image, imageDigest string) (bool, error) {
+	var isScanningCompleted bool
+	allScanHistoryMappings, err := impl.scanToolExecutionHistoryMappingRepository.FetchScanHistoryMappingsUsingImageAndImageDigest(image, imageDigest)
+	if err != nil {
+		impl.Logger.Errorw("error in fetching all scan execution history mapping", "image", image, "imageDigest", imageDigest, "err", err)
+		return false, err
+	}
+
+	for _, scanHistoryMapping := range allScanHistoryMappings {
+		if scanHistoryMapping.State == serverBean.ScanExecutionProcessStateCompleted {
+			isScanningCompleted = true
+		}
+	}
+	return isScanningCompleted, nil
+}

pkg/policyGovernance/security/imageScanning/repository/ScanToolExecutionHistoryMapping.go

@@ -45,6 +45,7 @@ type ScanToolExecutionHistoryMappingRepository interface {
 	GetAllScanHistoriesByState(state serverBean.ScanExecutionProcessState) ([]*ScanToolExecutionHistoryMapping, error)
 	GetAllScanHistoriesByExecutionHistoryIdAndStates(executionHistoryId int, states []serverBean.ScanExecutionProcessState) ([]*ScanToolExecutionHistoryMapping, error)
 	GetAllScanHistoriesByExecutionHistoryIds(ids []int) ([]*ScanToolExecutionHistoryMapping, error)
+	FetchScanHistoryMappingsUsingImageAndImageDigest(image, imageDigest string) ([]*ScanToolExecutionHistoryMapping, error)
 }
 
 type ScanToolExecutionHistoryMappingRepositoryImpl struct {
@@ -142,3 +143,18 @@ func (repo *ScanToolExecutionHistoryMappingRepositoryImpl) GetAllScanHistoriesBy
 	}
 	return models, nil
 }
+
+func (repo *ScanToolExecutionHistoryMappingRepositoryImpl) FetchScanHistoryMappingsUsingImageAndImageDigest(image, imageDigest string) ([]*ScanToolExecutionHistoryMapping, error) {
+	var models []*ScanToolExecutionHistoryMapping
+	err := repo.dbConnection.Model(&models).
+		Column("scan_tool_execution_history_mapping.*").
+		Join("INNER JOIN image_scan_execution_history iseh on iseh.id=scan_tool_execution_history_mapping.image_scan_execution_history_id").
+		Where("iseh.image = ?", image).
+		Where("iseh.image_hash = ?", imageDigest).
+		Select()
+	if err != nil {
+		repo.logger.Errorw("error in getting ScanToolExecutionHistoryMapping using image and image hash", "err", err)
+		return nil, err
+	}
+	return models, nil
+}