migration added

Author: vijeyash1

.github/workflows/migration-image.yml

@@ -0,0 +1,79 @@
+name: Migration Docker Image CI
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+    branches:
+      - 'main'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Checkout GitHub Action
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/migration
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
+          flavor: |
+            latest=true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./dockerfiles/migration/Dockerfile
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ github.run_id }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          push: true
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ github.run_id }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/migration.yml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/migration-pr.yml

@@ -0,0 +1,47 @@
+name: Migration Docker Image CI
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+        with:
+            fetch-depth: 0
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      -
+        name: Login to ghcr registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      -
+        name: Build and push on PR
+        uses: docker/build-push-action@v4
+        if: github.event_name == 'pull_request'
+        with:
+          context: .
+          file: ./dockerfiles/migration/Dockerfile
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/migration:pr-${{ github.event.pull_request.number }}
+          build-args: |
+            "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"

.github/workflows/migration-release.yml

@@ -0,0 +1,60 @@
+name: migration-release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  push_to_registry:
+    name: Build and push Docker image to GitHub container registry.
+    runs-on: ubuntu-20.04
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Set environment variable
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV
+      - name: Test environment variable
+        run: echo ${{ env.RELEASE_VERSION }}
+      - name: Check out GitHub repo
+        uses: actions/checkout@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          context: ./
+          file: ./dockerfiles/migration/Dockerfile
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ env.RELEASE_VERSION }}
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ env.RELEASE_VERSION }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/migration:${{ env.RELEASE_VERSION }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/migration-release.yml@refs/tags/${{ env.RELEASE_VERSION }}  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,2 +1,5 @@
 civo
-migration/
+alloc.svg
+allocs.pprof
+cpu.pprof
+steps-to-test.txt

charts/client/Chart.yaml

@@ -26,7 +26,7 @@ dependencies:
   - name: nats
     condition: nats.enabled
     version: 0.13.4
-    repository: https://intelops.github.io/kubviz/ 
+    repository: https://intelops.github.io/kubviz/
   - name: clickhouse
     condition: clickhouse.enabled
     version: 1.0.2

charts/client/templates/deployment.yaml

@@ -27,6 +27,22 @@ spec:
       serviceAccountName: {{ include "client.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: migration-init
+          image: "{{ .Values.migration.image.repository }}:{{ .Values.migration.image.tag }}"
+          imagePullPolicy: {{ .Values.migration.image.pullPolicy }}
+          command:
+          - /bin/sh
+          - -c
+          args:
+          - "/script/wait-for-clickhouse.sh && /migration sql -e --yes"
+          env:
+          - name: SCHEMA_PATH
+            value : {{ .Values.migration.schema.path }}
+          - name: DB_ADDRESS
+            value: {{ include "client.fullname" . }}-clickhouse
+          - name: DB_PORT
+            value: "9000"
       containers:
         - name: {{ .Chart.Name }}
           securityContext:

charts/client/values.yaml

@@ -1,4 +1,4 @@
-# Default values for client. 
+# Default values for client.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
@@ -106,3 +106,12 @@ datasources:
   label: grafana_datasource
   labelValue: "1"
   uid: vertamedia-clickhouse-datasource
+
+migration:
+  enabled: true
+  image:
+    repository: ghcr.io/intelops/kubviz/migration
+    pullPolicy: Always
+    tag: "v1.1.0"
+  schema:
+    path: "/sql"

client/pkg/clickhouse/db_client.go

@@ -74,12 +74,12 @@ func NewDBClient(conf *config.Config) (DBInterface, error) {
 		return nil, err
 	}
 
-	tables := []DBStatement{kubvizTable, rakeesTable, kubePugDepricatedTable, kubepugDeletedTable, ketallTable, trivyTableImage, trivySbomTable, outdateTable, clickhouseExperimental, containerGithubTable, kubescoreTable, trivyTableVul, trivyTableMisconfig, dockerHubBuildTable, azureContainerPushEventTable, quayContainerPushEventTable, jfrogContainerPushEventTable, DBStatement(dbstatement.AzureDevopsTable), DBStatement(dbstatement.GithubTable), DBStatement(dbstatement.GitlabTable), DBStatement(dbstatement.BitbucketTable), DBStatement(dbstatement.GiteaTable)}
-	for _, table := range tables {
-		if err = splconn.Exec(context.Background(), string(table)); err != nil {
-			return nil, err
-		}
-	}
+	// tables := []DBStatement{kubvizTable, rakeesTable, kubePugDepricatedTable, kubepugDeletedTable, ketallTable, trivyTableImage, trivySbomTable, outdateTable, clickhouseExperimental, containerGithubTable, kubescoreTable, trivyTableVul, trivyTableMisconfig, dockerHubBuildTable, azureContainerPushEventTable, quayContainerPushEventTable, jfrogContainerPushEventTable, DBStatement(dbstatement.AzureDevopsTable), DBStatement(dbstatement.GithubTable), DBStatement(dbstatement.GitlabTable), DBStatement(dbstatement.BitbucketTable), DBStatement(dbstatement.GiteaTable)}
+	// for _, table := range tables {
+	// 	if err = splconn.Exec(context.Background(), string(table)); err != nil {
+	// 		return nil, err
+	// 	}
+	// }
 	stdconn := clickhouse.OpenDB(&clickhouse.Options{
 		Addr: []string{fmt.Sprintf("%s:%d", conf.DBAddress, conf.DbPort)},
 	})
@@ -126,7 +126,6 @@ func (c *DBClient) InsertContainerEventAzure(pushEvent model.AzureContainerPushE
 		tag,
 		imageName,
 		string(pushEventJSON),
-		pushEvent.Timestamp,
 		size,
 		shaID,
 		currentTime,

client/pkg/clickhouse/statements.go

@@ -183,7 +183,6 @@ const azureContainerPushEventTable DBStatement = `
 		Tag String,
 		ImageName String,
 		Event String,
-		Timestamp String,
 		Size Int32,
 		SHAID String,
 		EventTime DateTime('UTC')
@@ -242,7 +241,7 @@ const InsertKubeScore string = "INSERT INTO kubescore (id, namespace, cluster_na
 const InsertTrivyVul string = "INSERT INTO trivy_vul (id, cluster_name, namespace, kind, name, vul_id, vul_vendor_ids, vul_pkg_id, vul_pkg_name, vul_pkg_path, vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?. ?)"
 const InsertTrivyImage string = "INSERT INTO trivyimage (id, cluster_name, artifact_name, vul_id,  vul_pkg_id, vul_pkg_name,  vul_installed_version, vul_fixed_version, vul_title, vul_severity, vul_published_date, vul_last_modified_date) VALUES ( ?, ?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertTrivyMisconfig string = "INSERT INTO trivy_misconfig (id, cluster_name, namespace, kind, name, misconfig_id, misconfig_avdid, misconfig_type, misconfig_title, misconfig_desc, misconfig_msg, misconfig_query, misconfig_resolution, misconfig_severity, misconfig_status, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
-const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Timestamp, Size, SHAID, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"
+const InsertAzureContainerPushEvent DBStatement = "INSERT INTO azurecontainerpush (RegistryURL, RepositoryName, Tag, ImageName, Event, Size, SHAID, EventTime) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertTrivySbom string = "INSERT INTO trivysbom (id, schema, bom_format,spec_version,serial_number,  version, metadata_timestamp,metatool_vendor,metatool_name,metatool_version,component_bom_ref,component_type,component_name,component_version,component_property_name,component_property_value,component_hash_alg,component_hash_content,component_license_exp,component_purl,dependency_ref) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"
 const InsertQuayContainerPushEvent DBStatement = "INSERT INTO quaycontainerpush (name, repository, nameSpace, dockerURL, homePage, tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"
 const InsertJfrogContainerPushEvent DBStatement = "INSERT INTO jfrogcontainerpush (Domain, EventType, RegistryURL, RepositoryName, SHAID, Size, ImageName, Tag, Event, EventTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"