feat: add association for product domain (#14)

scriptnull · web-flow · commit 7f74f69551d2 · 2025-09-19T15:44:44.000+05:30
* feat: add association for product domain

* try domain association

* improve formatting

* format before exiting

* improve formatting

* add more tests

* use continue on error

* adjust gh test

* adjust the test

* adjust the logging
diff --git a/.github/workflows/test-upload-file.yml b/.github/workflows/test-upload-file.yml
@@ -23,11 +23,48 @@ jobs:
           }
           EOF
 
-      - name: Test Upload File Action
+      - name: Test basic upload
         uses: ./upload-file
         with:
           file_path: test-upload.json
           security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}
           tags: |
             scanner=trivy
             image_name=test-image
+
+      - name: Test image name association
+        uses: ./upload-file
+        with:
+          file_path: test-upload.json
+          security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}
+          tags: |
+            image_name=test-image
+
+      - name: Test domain association (invalid)
+        id: invalid-domain-test
+        uses: ./upload-file
+        continue-on-error: true
+        with:
+          file_path: test-upload.json
+          security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}
+          tags: |
+            product_domain=invalid-domain
+
+      - name: Assert invalid domain association
+        env:
+          OUTCOME: ${{ steps.invalid-domain-test.outcome }}
+        run: |
+          if [ "$OUTCOME" == "failure" ]; then
+            echo "✅ Invalid domain test correctly failed as expected"
+          else
+            echo "❌ Invalid domain test should have failed but succeeded"
+            exit 1
+          fi
+
+      - name: Test domain association (valid)
+        uses: ./upload-file
+        with:
+          file_path: test-upload.json
+          security_agent_api_key: ${{ secrets.SECURITY_AGENT_API_KEY }}
+          tags: |
+            product_domain=security-agent-test
diff --git a/upload-file/main.go b/upload-file/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"log"
+	"strings"
 
 	"github.com/hasura/security-agent-tools/upload-file/input"
 	"github.com/hasura/security-agent-tools/upload-file/metadata"
@@ -41,7 +42,21 @@ func main() {
 		if err != nil {
 			log.Fatalf("Failed to associate image name with scan: %v", err)
 		}
-		log.Printf("Associated image name %s with scan %s\n", imageName, scan.ID)
+		log.Printf("Associated image name: %s\n", imageName)
+	}
+
+	domain := input.Tags["product_domain"]
+	if domain != "" {
+		err = metadata.AssociateProductDomainWithScan(context.Background(), c, scan.ID, domain)
+		if err != nil {
+			pd, _ := metadata.ProductDomains(context.Background(), c)
+			var pds strings.Builder
+			for _, p := range pd {
+				pds.WriteString("  - " + p + "\n")
+			}
+			log.Fatalf("Failed to associate product domain with scan: %v. Please check `product_domain` value is one of the following:\n%s", err, pds.String())
+		}
+		log.Printf("Associated product domain: %s\n", domain)
 	}
 
 	err = upload.ServiceMetadata(context.Background(), c, input)
diff --git a/upload-file/metadata/associate_product_domain.go b/upload-file/metadata/associate_product_domain.go
@@ -0,0 +1,58 @@
+package metadata
+
+import (
+	"context"
+
+	"github.com/hasura/security-agent-tools/upload-file/upload"
+	"github.com/machinebox/graphql"
+)
+
+func AssociateProductDomainWithScan(ctx context.Context, c *upload.Client, scanID, productDomain string) error {
+	req := graphql.NewRequest(`mutation AssociateProductDomain($scan_id: uuid!, $product_domain: string!) {
+  insert_vulnerability_reports_by_product_domains(
+    objects: {scan_id: $scan_id, product_domain: $product_domain}
+  ) {
+    returning {
+      id
+    }
+  }
+}`)
+	req.Var("scan_id", scanID)
+	req.Var("product_domain", productDomain)
+
+	var response struct {
+		InsertVulnerabilityReportsByProductDomains struct {
+			Returning []struct {
+				ID string `json:"id"`
+			} `json:"returning"`
+		} `json:"insert_vulnerability_reports_by_product_domains"`
+	}
+
+	return c.Do(ctx, req, &response)
+}
+
+func ProductDomains(ctx context.Context, c *upload.Client) ([]string, error) {
+	req := graphql.NewRequest(`query GetProductDomains {
+  vulnerability_reports_product_domains {
+    code
+  }
+}`)
+
+	var response struct {
+		VulnerabilityReportsProductDomains []struct {
+			Code string `json:"code"`
+		} `json:"vulnerability_reports_product_domains"`
+	}
+
+	err := c.Do(ctx, req, &response)
+	if err != nil {
+		return nil, err
+	}
+
+	var productDomains []string
+	for _, pd := range response.VulnerabilityReportsProductDomains {
+		productDomains = append(productDomains, pd.Code)
+	}
+
+	return productDomains, nil
+}
