Merge pull request #88 from leanix/feature/cid-3656-simplify-sbom-ingestion

Feature/cid 3656 simplify SBOM ingestion

Author: henriq-amaral-leanix

src/main/kotlin/net/leanix/githubagent/dto/ArtifactDTO.kt

@@ -0,0 +1,7 @@
+package net.leanix.githubagent.dto
+
+data class ArtifactDTO(
+    val repositoryFullName: String,
+    val artifactFileName: String,
+    val artifactFileContent: String,
+)

src/main/kotlin/net/leanix/githubagent/dto/ArtifactDownloadDTO.kt

@@ -0,0 +1,9 @@
+package net.leanix.githubagent.dto
+
+data class ArtifactDownloadDTO(
+    val repositoryName: String,
+    val repositoryOwner: String,
+    val runId: Long,
+    val installationId: Int,
+    val artifactName: String? = null,
+)

src/main/kotlin/net/leanix/githubagent/dto/SbomConfig.kt

@@ -0,0 +1,95 @@
+package net.leanix.githubagent.handler
+
+import net.leanix.githubagent.client.GitHubClient
+import net.leanix.githubagent.dto.Artifact
+import net.leanix.githubagent.dto.ArtifactDTO
+import net.leanix.githubagent.dto.ArtifactDownloadDTO
+import net.leanix.githubagent.services.GitHubAuthenticationService
+import net.leanix.githubagent.services.WebSocketService
+import org.slf4j.LoggerFactory
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Lazy
+import org.springframework.messaging.simp.stomp.StompFrameHandler
+import org.springframework.messaging.simp.stomp.StompHeaders
+import org.springframework.stereotype.Component
+import java.lang.reflect.Type
+import java.util.*
+
+@Component
+class ArtifactDownloadHandler(
+    private val gitHubClient: GitHubClient,
+    @Lazy @Autowired
+    private val webSocketService: WebSocketService,
+    @Lazy @Autowired
+    private val gitHubAuthenticationService: GitHubAuthenticationService
+) : StompFrameHandler {
+
+    private val logger = LoggerFactory.getLogger(ArtifactDownloadHandler::class.java)
+
+    override fun getPayloadType(headers: StompHeaders): Type {
+        return ArtifactDownloadDTO::class.java
+    }
+
+    override fun handleFrame(headers: StompHeaders, payload: Any?) {
+        payload?.let {
+            val dto = payload as ArtifactDownloadDTO
+            logger.info("Received artifact download message from server for repo: ${dto.repositoryName}")
+            runCatching {
+                val installationToken =
+                    "Bearer ${gitHubAuthenticationService.getInstallationToken(dto.installationId)}"
+
+                getValidArtifacts(dto, installationToken)
+                    .takeIf { it.isNotEmpty() }
+                    ?.let { artifacts ->
+                        logger.info("Found ${artifacts.size} artifact(s).")
+                        fetchAndProcessArtifacts(artifacts, dto, installationToken)
+                    } ?: logger.info("No artifacts found for this repository: ${dto.repositoryName}")
+            }
+        }
+    }
+    private fun getValidArtifacts(dto: ArtifactDownloadDTO, token: String): List<Artifact> {
+        return gitHubClient.getRunArtifacts(dto.repositoryOwner, dto.repositoryName, dto.runId, token)
+            .artifacts
+            .filter {
+                if (dto.artifactName != null) {
+                    it.name.contains(dto.artifactName)
+                } else {
+                    true
+                }
+            }
+    }
+
+    private fun fetchAndProcessArtifacts(
+        artifacts: List<Artifact>,
+        dto: ArtifactDownloadDTO,
+        installationToken: String
+    ) {
+        artifacts.forEach { artifact ->
+            logger.info("Processing artifact: ${artifact.name}")
+            downloadAndSendArtifact(dto, artifact, installationToken)
+        }
+    }
+
+    private fun downloadAndSendArtifact(dto: ArtifactDownloadDTO, artifact: Artifact, token: String) = runCatching {
+        val owner = dto.repositoryOwner
+        val repo = dto.repositoryOwner
+        gitHubClient.downloadArtifact(owner, repo, artifact.id, token).body()?.use { body ->
+            val artifactContent = Base64.getEncoder().encodeToString(body.asInputStream().readAllBytes())
+            sendArtifactEvent(dto, artifact.name, artifactContent)
+        } ?: logger.error("Failed to download artifact: ${artifact.name}")
+    }.onFailure {
+        logger.error("Error processing artifact: ${artifact.name}", it)
+    }
+
+    private fun sendArtifactEvent(dto: ArtifactDownloadDTO, artifactName: String, artifactContent: String) {
+        logger.info("Sending artifacts file: ${dto.repositoryName} - $artifactName")
+        webSocketService.sendMessage(
+            "/artifact",
+            ArtifactDTO(
+                repositoryFullName = "${dto.repositoryOwner}/${dto.repositoryName}",
+                artifactFileName = artifactName,
+                artifactFileContent = artifactContent,
+            )
+        )
+    }
+}

src/main/kotlin/net/leanix/githubagent/dto/SbomEventDTO.kt

@@ -12,7 +12,9 @@ import org.springframework.stereotype.Component
 import java.util.concurrent.CountDownLatch
 
 @Component
-class BrokerStompSessionHandler : StompSessionHandlerAdapter() {
+class BrokerStompSessionHandler(
+    private val artifactDownloadHandler: ArtifactDownloadHandler
+) : StompSessionHandlerAdapter() {
     @Lazy
     @Autowired
     private lateinit var webSocketService: WebSocketService
@@ -27,7 +29,7 @@ class BrokerStompSessionHandler : StompSessionHandlerAdapter() {
         logger.info("connected to the server: ${session.sessionId}")
         isConnected = true
         latch.countDown()
-        session.subscribe("/user/queue/repositories-string", this)
+        session.subscribe("/user/queue/message/artifact", artifactDownloadHandler)
     }
 
     override fun handleException(

src/main/kotlin/net/leanix/githubagent/dto/WorkflowRunEventDto.kt

@@ -19,7 +19,6 @@ import net.leanix.githubagent.handler.RateLimitHandler
 import net.leanix.githubagent.shared.INSTALLATION_LABEL
 import net.leanix.githubagent.shared.INSTALLATION_REPOSITORIES
 import net.leanix.githubagent.shared.MANIFEST_FILE_NAME
-import net.leanix.githubagent.shared.WORKFLOW_RUN_EVENT
 import net.leanix.githubagent.shared.fileNameMatchRegex
 import net.leanix.githubagent.shared.generateFullPath
 import org.slf4j.LoggerFactory
@@ -38,7 +37,6 @@ class WebhookEventService(
     @Value("\${webhookEventService.waitingTime}") private val waitingTime: Long,
     private val gitHubClient: GitHubClient,
     private val gitHubEnterpriseService: GitHubEnterpriseService,
-    private val workflowRunService: WorkflowRunService,
     private val rateLimitHandler: RateLimitHandler,
 ) {
 
@@ -50,10 +48,9 @@ class WebhookEventService(
             "PUSH" -> handlePushEvent(payload)
             "INSTALLATION" -> handleInstallationEvent(payload)
             INSTALLATION_REPOSITORIES -> handleInstallationRepositories(payload)
-            WORKFLOW_RUN_EVENT -> workflowRunService.consumeWebhookPayload(payload)
             else -> {
                 logger.info("Sending event of type: $eventType")
-                webSocketService.sendMessage("/events/other", payload)
+                webSocketService.sendMessage("/events/$eventType", payload)
             }
         }
     }