feat: add support for buildkite metadata upload (#5)

* feat: add support for buildkite metadata upload

* update url choosing logic

Author: scriptnull

upload-file/input/input.go

@@ -37,11 +37,10 @@ func Parse() (*Input, error) {
 	}
 	input.FilePath = filePath
 
-	securityAgentAPIEndpoint := os.Getenv("INPUT_SECURITY_AGENT_API_ENDPOINT")
-	if securityAgentAPIEndpoint == "" {
+	input.SecurityAgentAPIEndpoint = os.Getenv("INPUT_SECURITY_AGENT_API_ENDPOINT")
+	if input.SecurityAgentAPIEndpoint == "" {
 		input.SecurityAgentAPIEndpoint = "https://security-agent.ddn.pro.hasura.io/graphql"
 	}
-	input.SecurityAgentAPIEndpoint = securityAgentAPIEndpoint
 
 	securityAgentAPIKey := os.Getenv("INPUT_SECURITY_AGENT_API_KEY")
 	if securityAgentAPIKey == "" {

upload-file/input/input_test.go

@@ -1,6 +1,7 @@
 package input
 
 import (
+	"os"
 	"reflect"
 	"testing"
 )
@@ -87,3 +88,112 @@ func TestParseTags(t *testing.T) {
 		})
 	}
 }
+
+func TestParseSecurityAgentAPIEndpoint(t *testing.T) {
+	// Create a temporary test file for the tests
+	testFile := "test-file.json"
+	testContent := `{"test": "data"}`
+
+	// Clean up function
+	cleanup := func() {
+		os.Remove(testFile)
+	}
+	defer cleanup()
+
+	// Create test file
+	if err := os.WriteFile(testFile, []byte(testContent), 0644); err != nil {
+		t.Fatalf("Failed to create test file: %v", err)
+	}
+
+	tests := []struct {
+		name             string
+		envEndpoint      string
+		envAPIKey        string
+		envFilePath      string
+		expectedEndpoint string
+		expectError      bool
+	}{
+		{
+			name:             "uses custom endpoint from environment variable",
+			envEndpoint:      "https://custom-security-agent.example.com/graphql",
+			envAPIKey:        "test-api-key",
+			envFilePath:      testFile,
+			expectedEndpoint: "https://custom-security-agent.example.com/graphql",
+			expectError:      false,
+		},
+		{
+			name:             "uses default endpoint when environment variable is empty",
+			envEndpoint:      "",
+			envAPIKey:        "test-api-key",
+			envFilePath:      testFile,
+			expectedEndpoint: "https://security-agent.ddn.pro.hasura.io/graphql",
+			expectError:      false,
+		},
+		{
+			name:             "uses default endpoint when environment variable is not set",
+			envEndpoint:      "", // Will be unset in test
+			envAPIKey:        "test-api-key",
+			envFilePath:      testFile,
+			expectedEndpoint: "https://security-agent.ddn.pro.hasura.io/graphql",
+			expectError:      false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Save original environment variables
+			originalEndpoint := os.Getenv("INPUT_SECURITY_AGENT_API_ENDPOINT")
+			originalAPIKey := os.Getenv("INPUT_SECURITY_AGENT_API_KEY")
+			originalFilePath := os.Getenv("INPUT_FILE_PATH")
+
+			// Clean up environment variables after test
+			defer func() {
+				if originalEndpoint != "" {
+					os.Setenv("INPUT_SECURITY_AGENT_API_ENDPOINT", originalEndpoint)
+				} else {
+					os.Unsetenv("INPUT_SECURITY_AGENT_API_ENDPOINT")
+				}
+				if originalAPIKey != "" {
+					os.Setenv("INPUT_SECURITY_AGENT_API_KEY", originalAPIKey)
+				} else {
+					os.Unsetenv("INPUT_SECURITY_AGENT_API_KEY")
+				}
+				if originalFilePath != "" {
+					os.Setenv("INPUT_FILE_PATH", originalFilePath)
+				} else {
+					os.Unsetenv("INPUT_FILE_PATH")
+				}
+			}()
+
+			// Set test environment variables
+			if tt.envEndpoint != "" {
+				os.Setenv("INPUT_SECURITY_AGENT_API_ENDPOINT", tt.envEndpoint)
+			} else {
+				os.Unsetenv("INPUT_SECURITY_AGENT_API_ENDPOINT")
+			}
+			os.Setenv("INPUT_SECURITY_AGENT_API_KEY", tt.envAPIKey)
+			os.Setenv("INPUT_FILE_PATH", tt.envFilePath)
+
+			// Call Parse function
+			result, err := Parse()
+
+			// Check error expectation
+			if tt.expectError && err == nil {
+				t.Errorf("Expected error but got none")
+				return
+			}
+			if !tt.expectError && err != nil {
+				t.Errorf("Unexpected error: %v", err)
+				return
+			}
+
+			// Check endpoint value if no error expected
+			if !tt.expectError {
+				if result.SecurityAgentAPIEndpoint != tt.expectedEndpoint {
+					t.Errorf("SecurityAgentAPIEndpoint = %q, want %q",
+						result.SecurityAgentAPIEndpoint, tt.expectedEndpoint)
+				}
+			}
+		})
+	}
+}

upload-file/upload/buildkite.go

@@ -0,0 +1,119 @@
+package upload
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/hasura/security-agent-tools/upload-file/input"
+)
+
+var (
+	ErrNotInBuildkite = errors.New("not in Buildkite")
+
+	buildkiteEnvVars = []string{
+		// Build Information
+		"BUILDKITE_BUILD_ID",
+		"BUILDKITE_BUILD_NUMBER",
+		"BUILDKITE_BUILD_URL",
+		"BUILDKITE_BUILD_CREATOR",
+		"BUILDKITE_MESSAGE",
+		"BUILDKITE_PULL_REQUEST",
+		"BUILDKITE_PULL_REQUEST_BASE_BRANCH",
+		"BUILDKITE_REBUILT_FROM_BUILD_ID",
+
+		// Pipeline and Agent Information
+		"BUILDKITE_PIPELINE_ID",
+		"BUILDKITE_PIPELINE_SLUG",
+		"BUILDKITE_PIPELINE_NAME",
+		"BUILDKITE_ORGANIZATION_SLUG",
+		"BUILDKITE_AGENT_ID",
+		"BUILDKITE_AGENT_NAME",
+
+		// Job Information
+		"BUILDKITE_JOB_ID",
+		"BUILDKITE_COMMAND",
+		"BUILDKITE_COMMAND_EXIT_STATUS",
+		"BUILDKITE_JOB_URL",
+		"BUILDKITE_STEP_KEY",
+
+		// Git and Repository Information
+		"BUILDKITE_REPO",
+		"BUILDKITE_COMMIT",
+		"BUILDKITE_BRANCH",
+		"BUILDKITE_TAG",
+		"BUILDKITE_CLEAN_CHECKOUT",
+
+		// Other Variables
+		"BUILDKITE_BUILD_PATH",
+		"BUILDKITE_ARTIFACT_UPLOAD_DESTINATION",
+		"BUILDKITE_PLUGINS_PATH",
+	}
+)
+
+func uploadBuildkiteMetadata(ctx context.Context, c *Client, in *input.Input) error {
+	if os.Getenv("BUILDKITE") != "true" {
+		return nil
+	}
+
+	type Metadata struct {
+		ScanReportPath string            `json:"scan_report_path"`
+		Env            map[string]string `json:"env"`
+		Tags           map[string]string `json:"tags"`
+	}
+
+	metadata := Metadata{
+		ScanReportPath: in.Destination,
+		Env:            make(map[string]string),
+		Tags:           in.Tags,
+	}
+
+	for _, envVar := range buildkiteEnvVars {
+		metadata.Env[envVar] = os.Getenv(envVar)
+	}
+
+	metadataJSON, err := json.Marshal(metadata)
+	if err != nil {
+		return fmt.Errorf("failed to marshal metadata: %v", err)
+	}
+	metadataFile, err := os.CreateTemp("", "buildkite-metadata.json")
+	if err != nil {
+		return fmt.Errorf("failed to create temp metadata file: %v", err)
+	}
+	defer os.Remove(metadataFile.Name())
+	_, err = metadataFile.Write(metadataJSON)
+	if err != nil {
+		return fmt.Errorf("failed to write metadata to temp file: %v", err)
+	}
+
+	buildkiteBranch := os.Getenv("BUILDKITE_BRANCH")
+	buildkiteTag := os.Getenv("BUILDKITE_TAG")
+	buildkiteCommit := os.Getenv("BUILDKITE_COMMIT")
+	buildkitePullRequest := os.Getenv("BUILDKITE_PULL_REQUEST")
+	uploadPath := ""
+	switch {
+	case buildkiteBranch != "":
+		uploadPath = fmt.Sprintf("branches/%s/%s.json", buildkiteBranch, buildkiteCommit)
+	case buildkiteTag != "":
+		uploadPath = fmt.Sprintf("tags/%s/%s.json", buildkiteTag, buildkiteCommit)
+	case buildkitePullRequest != "false":
+		uploadPath = fmt.Sprintf("pull-requests/%s/%s.json", buildkitePullRequest, buildkiteCommit)
+	default:
+		return errors.New("failed to determine upload path. Please set at least one of BUILDKITE_BRANCH, BUILDKITE_TAG, BUILDKITE_PULL_REQUEST env vars")
+	}
+	serviceName := in.Tags["service"]
+	buildkitePipelineSlug := os.Getenv("BUILDKITE_PIPELINE_SLUG")
+	uploadPath = servicePath(serviceName, fmt.Sprintf("buildkite/%s/%s", buildkitePipelineSlug, uploadPath))
+
+	log.Println("Uploading Buildkite metadata")
+	err = c.UploadFile(ctx, metadataFile.Name(), uploadPath)
+	if err != nil {
+		return fmt.Errorf("failed to upload metadata: %v", err)
+	}
+	log.Println("Buildkite metadata upload completed successfully")
+
+	return nil
+}

upload-file/upload/service.go

@@ -77,6 +77,13 @@ func ServiceMetadata(ctx context.Context, c *Client, in *input.Input) error {
 		return err
 	}
 
+	switch err := uploadBuildkiteMetadata(context.Background(), c, in); err {
+	case ErrNotInBuildkite:
+		log.Println("Skipping Buildkite metadata upload, as we are not in Buildkite")
+	default:
+		return err
+	}
+
 	return nil
 }