integrated renovate

Author: jegathintelops

.gitignore

@@ -4,4 +4,5 @@ build
 dist
 *.egg-info
 __pycache__
-test.py
+test.py
+testbed.ipynb

log.ndjson

@@ -0,0 +1,5 @@
+{
+  "dependencies": {
+    "renovate": "^36.78.8"
+  }
+}

package-lock.json

@@ -15,6 +15,7 @@
 )
 from scsctl.helper.common import AppDetails, generate_final_report, modify_and_build_docker_image, custom_style_fancy
 from scsctl.helper.trivy import get_sbom_report, print_sbom_report, save_sbom_data
+from scsctl.helper.renovate import (check_if_node_and_npm_is_installed,check_if_renovate_is_installed_globally,run_renovate_on_a_repository)
 
 import yaml
 
@@ -48,11 +49,15 @@ def cli():
 )
 @click.option("--db_enabled", help="Enable db", default=False, is_flag=True, flag_value=True)
 @click.option("--falco_enabled", help="Enable falco", default=False, is_flag=True, flag_value=True)
+@click.option("--renovate_enabled", help="Enable renovate", default=False, is_flag=True, flag_value=True)
+@click.option("--renovate_repo_token", help="Repo token for renovate", default=None, is_flag=False, flag_value=None)
+@click.option("--renovate_repo_name", help="Repo name for renovate", default=None, is_flag=False, flag_value=None)
 @click.option("--non_interactive", help="Run scsctl in non interactive mode", default= False, is_flag=True, flag_value=True)
 @click.option(
     "--docker_file_folder_path", help="Path of the docker file to rebuild", default=None, is_flag=False, flag_value=None
 )
 @click.option("--config_file", help="Path of the configuration file", default=None, is_flag=False, flag_value=None)
+
 def scan(
     pyroscope_app_name=None,
     docker_image_name=None,
@@ -63,7 +68,10 @@ def scan(
     db_enabled=False,
     falco_enabled=False,
     config_file=None,
-    non_interactive = False
+    non_interactive = False,
+    renovate_enabled = False,
+    renovate_repo_token = None,
+    renovate_repo_name = None
 ):
     config_data = {}
     if config_file is not None:
@@ -89,6 +97,8 @@ def scan(
             db_enabled = config_data.get("db_enabled", False)
         if not falco_enabled:
             falco_enabled = config_data.get("falco_enabled", False)
+        if not renovate_enabled:
+            renovate_enabled = config_data.get("renovate_enabled", False)
 
         # Check mandatory fields
         if pyroscope_app_name is None:
@@ -103,6 +113,8 @@ def scan(
             raise ValueError(
                 "falco_pod_name and falco_target_deployment_name are required, either via command line or config file if falco is enabled"
             )
+        if(renovate_enabled and (renovate_repo_token is None or renovate_repo_name is None)):
+            raise ValueError("renovate_repo_token and renovate_repo_name are required, either via command line or config file if renovate is enabled")
 
     """This script will scan the docker image and find the unused packages"""
     appDetails = AppDetails(
@@ -148,6 +160,22 @@ def scan(
         scan_status = False
         click.echo("\nError fetching data from sbom_report... Exiting")
 
+    if(renovate_enabled):
+        if(check_if_node_and_npm_is_installed()):
+            if(check_if_renovate_is_installed_globally()):
+                renovate_process = run_renovate_on_a_repository(token=renovate_repo_token,repo_name=renovate_repo_name)
+                if renovate_process.returncode == 0:
+                    click.echo("Renovate bot ran successfully")
+                    return True
+                else:
+                    click.echo("Error running renovate bot")
+                    return False
+            else:
+                return False
+        else:
+            return False
+        
+
     choices = [
         "Sbom report",
         "Pyroscope detected packages",

package.json

@@ -0,0 +1,31 @@
+import subprocess
+
+def check_if_node_and_npm_is_installed():
+    # Check if node and npm are installed
+    # If not, install them locally
+    # This is required for renovate bot to work
+    node_version = subprocess.run(["node", "--version"], capture_output=True)
+    npm_version = subprocess.run(["npm", "--version"], capture_output=True)
+    if node_version.returncode != 0 or npm_version.returncode != 0:
+        print("Node or npm not installed, please install them to use scsctl with renovate")
+        return False
+    print("Node and npm already installed")
+    return True
+
+def check_if_renovate_is_installed_globally():
+    # Install renovate bot
+    # This is required for renovate bot to work
+    renovate_version = subprocess.run(["renovate", "--version"], capture_output=True)
+    if renovate_version.returncode != 0:
+        print("Renovate bot not installed, please install using `npm install -g renovate`")
+        return False
+    else:
+        print("Renovate bot already installed")
+        return True
+    
+def run_renovate_on_a_repository(token, repo_name):
+    command = f"renovate --token {token} {repo_name}"
+    print(f"Runing renovate on repo {repo_name}")
+    #run renovate command from python
+    renovate_process = subprocess.run(["renovate", "--token", token,repo_name], capture_output=True)
+    return renovate_process

src/scsctl/app.py

@@ -19,6 +19,9 @@
 )
 
 from datetime import datetime
+import subprocess
+
+from scsctl.helper.renovate import (check_if_node_and_npm_is_installed,check_if_renovate_is_installed_globally,run_renovate_on_a_repository)
 
 class Config(BaseModel):
     pyroscope_app_name: str
@@ -30,15 +33,42 @@ class Config(BaseModel):
     db_enabled: bool = False
     falco_enabled: bool = False
 
+class RenovateConfig(BaseModel):
+    token: str
+    repo_name: str
+
 app = FastAPI()
 
 
 @app.get("/")
 async def root():
     return {"message": "Hello World"}
 
+@app.post("/renovate")
+async def renovate(renovateConfig: RenovateConfig):
+    if(check_if_node_and_npm_is_installed()):
+        if(check_if_renovate_is_installed_globally()):
+            renovate_process = run_renovate_on_a_repository(token=renovateConfig.token,repo_name=renovateConfig.repo_name)
+            if renovate_process.returncode == 0:
+                print("Renovate bot ran successfully")
+                return True
+            else:
+                print("Error running renovate bot")
+                return False
+        else:
+            return False
+    else:
+        return False
+    
+
+    
+
 @app.post("/scan")
 async def scan_api(config: Config):
+    pyroscope_found_extra_packages = []
+    falco_found_extra_packages = []
+    final_report = []
+    sbom_report = []
     current_datetime = datetime.now().strftime("%Y_%m_%d_%H_%M_%S")
     batch_id = f"scsctl_{current_datetime}"
     falco_found_extra_packages = []
@@ -83,13 +113,30 @@ async def scan_api(config: Config):
     else:
         scan_status = False
         print("\nError fetching data from sbom_report... Exiting")
+
+    renovate_status = "Error"
+    if(config.renovate_enabled):
+        if(check_if_node_and_npm_is_installed()):
+            if(check_if_renovate_is_installed_globally()):
+                renovate_process = run_renovate_on_a_repository(token=config.renovate_repo_token,repo_name=config.renovate_repo_name)
+                if renovate_process.returncode == 0:
+                    renovate_status = "Renovate bot ran successfully"
+                else:
+                    renovate_status = "Error running renovate bot"
+            else:
+                renovate_status = "Renovate bot not installed, please install using `npm install -g renovate`"
+        else:
+            renovate_status = "Node or npm not installed, please install them to use scsctl with renovate"
+    else:
+        renovate_status = "Renovate not enabled"
     return {
         "scan_status": scan_status,
         "sbom_report": sbom_report,
         "pyroscope_data": pyroscope_data,
         "pyroscope_found_extra_packages": pyroscope_found_extra_packages,
         "falco_found_extra_packages": falco_found_extra_packages,
         "final_report": final_report,
+        "renovate_status" : renovate_status
     }
 
 if __name__ == "__main__":