diff --git a/.tekton/scanner-db-pull-request.yaml b/.tekton/scanner-db-pull-request.yaml index b042741f1..79759b6cb 100644 --- a/.tekton/scanner-db-pull-request.yaml +++ b/.tekton/scanner-db-pull-request.yaml @@ -240,26 +240,10 @@ spec: taskSpec: steps: - name: fetch-sql-definitions - image: registry.access.redhat.com/ubi8/ubi + image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - #!/usr/bin/env bash - mkdir -p "$(workspaces.source.path)/source" - blobs=( - pg-definitions.sql.gz - ) - for blob in "${blobs[@]}"; do - echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}" - curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ - --output "$(workspaces.source.path)/source/${blob}" \ - "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" - - if [ "$?" != "0" ]; then - echo "Failed to download" - exit 1 - fi - - ls -lh $(workspaces.source.path)/source - done + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz + timeout: '10m' workspaces: - name: source workspace: workspace diff --git a/.tekton/scanner-db-push.yaml b/.tekton/scanner-db-push.yaml index 03e1fb97b..d129797a4 100644 --- a/.tekton/scanner-db-push.yaml +++ b/.tekton/scanner-db-push.yaml @@ -238,26 +238,10 @@ spec: taskSpec: steps: - name: fetch-sql-definitions - image: registry.access.redhat.com/ubi8/ubi + image: registry.access.redhat.com/ubi8/ubi-minimal:latest script: | - #!/usr/bin/env bash - mkdir -p "$(workspaces.source.path)/source" - blobs=( - pg-definitions.sql.gz - ) - for blob in "${blobs[@]}"; do - echo "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob} > $(workspaces.source.path)/source/blob-${blob}" - curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ - --output "$(workspaces.source.path)/source/${blob}" \ - "https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" - - if [ "$?" != "0" ]; then - echo "Failed to download" - exit 1 - fi - - ls -lh $(workspaces.source.path)/source - done + "$(workspaces.source.path)/source/scripts/konflux/fetch-scanner-data.sh" "$(workspaces.source.path)/source" pg-definitions.sql.gz + timeout: '10m' workspaces: - name: source workspace: workspace diff --git a/image/db/rhel/konflux.Dockerfile b/image/db/rhel/konflux.Dockerfile index 0099b532d..5969614f7 100644 --- a/image/db/rhel/konflux.Dockerfile +++ b/image/db/rhel/konflux.Dockerfile @@ -37,7 +37,7 @@ RUN dnf upgrade -y --nobest && \ mkdir /docker-entrypoint-initdb.d && \ chmod +x /usr/local/bin/docker-entrypoint.sh -COPY pg-definitions.sql.gz /docker-entrypoint-initdb.d/definitions.sql.gz +COPY blob-pg-definitions.sql.gz /docker-entrypoint-initdb.d/definitions.sql.gz ENV PG_MAJOR=12 \ PGDATA="/var/lib/postgresql/data/pgdata" diff --git a/scripts/konflux/fetch-scanner-data.sh b/scripts/konflux/fetch-scanner-data.sh new file mode 100755 index 000000000..cce60b224 --- /dev/null +++ b/scripts/konflux/fetch-scanner-data.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if [[ "$#" < 2 ]]; then + >&2 echo "Error: please pass target directory and blob filename(s) as command line arguments." + >&2 echo "For example:" + >&2 echo " $(basename "${BASH_SOURCE[0]}") $(pwd) nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json" + exit 1 +fi + +TARGET_DIR="$1" +shift + +blobs=( "$@" ) + +for blob in "${blobs[@]}"; do + + # TODO(ROX-22130): Assign proper suffix for tagged commits instead of /latest/. + url="https://storage.googleapis.com/definitions.stackrox.io/scanner-data/latest/${blob}" + dest="${TARGET_DIR}/blob-${blob}" + + echo "Downloading ${url} > ${dest}" + curl --fail -s --show-error --retry 4 --retry-max-time 30 --retry-connrefused \ + --output "${dest}" \ + "${url}" + +done