From b8f6a7641b22387b006948245c939c15bbf7a31d Mon Sep 17 00:00:00 2001 From: Justin Brooks Date: Sun, 25 Aug 2024 22:31:28 -0400 Subject: [PATCH] init google compute scanner --- .../apps-dispatchers-kubernetes-job.yaml | 102 ------------------ .github/workflows/apps-docs.yaml | 2 +- .../workflows/apps-job-policy-checker.yaml | 2 +- .github/workflows/apps-webservice.yaml | 2 +- .../providers-google-compute-scanner.yaml | 60 +++++++++++ pnpm-lock.yaml | 28 ++--- pnpm-workspace.yaml | 2 +- providers/google-compute-scanner/Dockerfile | 34 ++++++ .../eslint.config.js | 0 .../package.json | 1 + .../src/config.ts | 0 .../src/gke-connect.ts | 0 .../src/gke.ts | 0 .../src/index.ts | 0 .../src/sdk.ts | 0 .../src/utils.ts | 0 .../tsconfig.json | 0 17 files changed, 113 insertions(+), 120 deletions(-) delete mode 100644 .github/workflows/apps-dispatchers-kubernetes-job.yaml create mode 100644 .github/workflows/providers-google-compute-scanner.yaml create mode 100644 providers/google-compute-scanner/Dockerfile rename providers/{google-cloud/compute-scanner => google-compute-scanner}/eslint.config.js (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/package.json (97%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/config.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/gke-connect.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/gke.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/index.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/sdk.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/src/utils.ts (100%) rename providers/{google-cloud/compute-scanner => google-compute-scanner}/tsconfig.json (100%) diff --git a/.github/workflows/apps-dispatchers-kubernetes-job.yaml b/.github/workflows/apps-dispatchers-kubernetes-job.yaml deleted file mode 100644 index 482265bc..00000000 --- a/.github/workflows/apps-dispatchers-kubernetes-job.yaml +++ /dev/null @@ -1,102 +0,0 @@ -name: CD / Job Agent / Kubernetes Job - -on: - pull_request: - branches: ["*"] - paths: - - job-agent/kubernetes-job/** - - .github/workflows/job-agent-kubernetes-job.yaml - - pnpm-lock.yaml - push: - branches: ["main"] - paths: - - job-agent/kubernetes-job/** - - .github/workflows/job-agent-kubernetes-job.yaml - - pnpm-lock.yaml - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v4 - - - uses: "google-github-actions/auth@v2" - id: auth - with: - token_format: access_token - project_id: ctrlplane-prod - service_account: github@ctrlplane-prod.iam.gserviceaccount.com - workload_identity_provider: "projects/591038869087/locations/global/workloadIdentityPools/github/providers/github" - - - name: Login to GCR - uses: docker/login-action@v3 - with: - registry: gcr.io - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} - - - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - - - name: "Docker auth" - run: |- - gcloud auth configure-docker us-central1-docker.pkg.dev --quiet - - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v4 - with: - images: us-central1-docker.pkg.dev/ctrlplane-prod/job-agent/kubernetes-job - tags: | - type=sha,format=short,prefix= - - - name: Build - uses: docker/build-push-action@v6 - if: github.ref != 'refs/heads/main' - with: - push: false - file: job-agent/kubernetes-job/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - - - name: Build and Push - uses: docker/build-push-action@v6 - if: github.ref == 'refs/heads/main' - with: - push: true - file: job-agent/kubernetes-job/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - - # deploy: - # if: github.ref == 'refs/heads/main' - # runs-on: ubuntu-latest - # needs: build - # permissions: - # contents: read - # id-token: write - # steps: - # - uses: actions/checkout@v4 - - # - uses: "google-github-actions/auth@v2" - # id: auth - # with: - # token_format: access_token - # project_id: ctrlplane-prod - # service_account: "github@ctrlplane-prod.iam.gserviceaccount.com" - # workload_identity_provider: "projects/591038869087/locations/global/workloadIdentityPools/github/providers/github" - - # - name: Extract metadata (tags, labels) for Docker - # id: meta - # uses: docker/metadata-action@v4 - # with: - # images: us-central1-docker.pkg.dev/ctrlplane-prod/job-agent/kubernetes-job - # tags: | - # type=sha,format=short,prefix= - - # - id: "deploy" - # uses: "google-github-actions/deploy-cloudrun@v2" - # with: - # service: "docs" - # image: ${{ steps.meta.outputs.tags }} diff --git a/.github/workflows/apps-docs.yaml b/.github/workflows/apps-docs.yaml index d43102bc..eb31e714 100644 --- a/.github/workflows/apps-docs.yaml +++ b/.github/workflows/apps-docs.yaml @@ -1,4 +1,4 @@ -name: CD / Docs +name: Apps / Docs on: pull_request: diff --git a/.github/workflows/apps-job-policy-checker.yaml b/.github/workflows/apps-job-policy-checker.yaml index 1697bea1..3b87dbb3 100644 --- a/.github/workflows/apps-job-policy-checker.yaml +++ b/.github/workflows/apps-job-policy-checker.yaml @@ -1,4 +1,4 @@ -name: CD / Job Policy Checker +name: Apps / Job Policy Checker on: pull_request: diff --git a/.github/workflows/apps-webservice.yaml b/.github/workflows/apps-webservice.yaml index ae242b89..a86cab19 100644 --- a/.github/workflows/apps-webservice.yaml +++ b/.github/workflows/apps-webservice.yaml @@ -1,4 +1,4 @@ -name: CD / Webservice +name: Apps / Webservice on: pull_request: diff --git a/.github/workflows/providers-google-compute-scanner.yaml b/.github/workflows/providers-google-compute-scanner.yaml new file mode 100644 index 00000000..5734dea1 --- /dev/null +++ b/.github/workflows/providers-google-compute-scanner.yaml @@ -0,0 +1,60 @@ +name: Providers / Google Compute Scanner + +on: + pull_request: + branches: ["*"] + paths: + - providers/google-compute-scanner/** + - .github/workflows/providers-google-compute-scanner.yaml + - pnpm-lock.yaml + push: + branches: ["main"] + paths: + - providers/google-compute-scanner/** + - .github/workflows/providers-google-compute-scanner.yaml + - pnpm-lock.yaml + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v4 + with: + images: ctrlplane/google-compute-scanner + tags: | + type=sha,format=short,prefix= + + - name: Build + uses: docker/build-push-action@v6 + if: github.ref != 'refs/heads/main' + with: + push: false + file: providers/google-compute-scanner/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + + - name: Build and Push + uses: docker/build-push-action@v6 + if: github.ref == 'refs/heads/main' + with: + push: true + file: providers/google-compute-scanner/Dockerfile + tags: ${{ steps.meta.outputs.tags }} diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 679f0717..caae83a9 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1077,17 +1077,17 @@ importers: specifier: ^5.4.5 version: 5.5.3 - providers/google-cloud/compute-scanner: + providers/google-compute-scanner: dependencies: '@ctrlplane/logger': specifier: workspace:* - version: link:../../../packages/logger + version: link:../../packages/logger '@ctrlplane/node-sdk': specifier: workspace:* - version: link:../../../packages/node-sdk + version: link:../../packages/node-sdk '@ctrlplane/validators': specifier: workspace:* - version: link:../../../packages/validators + version: link:../../packages/validators '@google-cloud/container': specifier: ^5.16.0 version: 5.16.0 @@ -1124,16 +1124,19 @@ importers: devDependencies: '@ctrlplane/eslint-config': specifier: workspace:* - version: link:../../../tooling/eslint + version: link:../../tooling/eslint '@ctrlplane/prettier-config': specifier: workspace:* - version: link:../../../tooling/prettier + version: link:../../tooling/prettier '@ctrlplane/tsconfig': specifier: workspace:* - version: link:../../../tooling/typescript + version: link:../../tooling/typescript '@types/lodash': specifier: ^4.17.5 version: 4.17.7 + '@types/semver': + specifier: ^7.5.8 + version: 7.5.8 eslint: specifier: 'catalog:' version: 9.9.0(jiti@1.21.6) @@ -1154,7 +1157,7 @@ importers: version: 1.13.4(eslint@9.9.0(jiti@1.21.6)) eslint-plugin-import: specifier: ^2.29.1 - version: 2.29.1(@typescript-eslint/parser@7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3))(eslint@9.9.0(jiti@1.21.6)) + version: 2.29.1(eslint@9.9.0(jiti@1.21.6)) eslint-plugin-jsx-a11y: specifier: ^6.8.0 version: 6.9.0(eslint@9.9.0(jiti@1.21.6)) @@ -13833,17 +13836,16 @@ snapshots: transitivePeerDependencies: - supports-color - eslint-module-utils@2.8.1(@typescript-eslint/parser@7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint@9.9.0(jiti@1.21.6)): + eslint-module-utils@2.8.1(eslint-import-resolver-node@0.3.9)(eslint@9.9.0(jiti@1.21.6)): dependencies: debug: 3.2.7 optionalDependencies: - '@typescript-eslint/parser': 7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3) eslint: 9.9.0(jiti@1.21.6) eslint-import-resolver-node: 0.3.9 transitivePeerDependencies: - supports-color - eslint-plugin-import@2.29.1(@typescript-eslint/parser@7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3))(eslint@9.9.0(jiti@1.21.6)): + eslint-plugin-import@2.29.1(eslint@9.9.0(jiti@1.21.6)): dependencies: array-includes: 3.1.8 array.prototype.findlastindex: 1.2.5 @@ -13853,7 +13855,7 @@ snapshots: doctrine: 2.1.0 eslint: 9.9.0(jiti@1.21.6) eslint-import-resolver-node: 0.3.9 - eslint-module-utils: 2.8.1(@typescript-eslint/parser@7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3))(eslint-import-resolver-node@0.3.9)(eslint@9.9.0(jiti@1.21.6)) + eslint-module-utils: 2.8.1(eslint-import-resolver-node@0.3.9)(eslint@9.9.0(jiti@1.21.6)) hasown: 2.0.2 is-core-module: 2.13.1 is-glob: 4.0.3 @@ -13863,8 +13865,6 @@ snapshots: object.values: 1.2.0 semver: 6.3.1 tsconfig-paths: 3.15.0 - optionalDependencies: - '@typescript-eslint/parser': 7.16.1(eslint@9.9.0(jiti@1.21.6))(typescript@5.5.3) transitivePeerDependencies: - eslint-import-resolver-typescript - eslint-import-resolver-webpack diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index d396243a..95f61ac0 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -3,7 +3,7 @@ packages: - packages/* - tooling/* - agents/* - - providers/** + - providers/* catalog: eslint: ^9.9.0 diff --git a/providers/google-compute-scanner/Dockerfile b/providers/google-compute-scanner/Dockerfile new file mode 100644 index 00000000..93c08116 --- /dev/null +++ b/providers/google-compute-scanner/Dockerfile @@ -0,0 +1,34 @@ +ARG NODE_VERSION=22 +FROM node:${NODE_VERSION}-alpine + +WORKDIR /app + +RUN apk add --no-cache libc6-compat python3 make g++ + +ENV PNPM_HOME="/pnpm" +ENV PATH="$PNPM_HOME:$PATH" + +RUN npm install -g turbo +RUN corepack enable pnpm + +COPY .gitignore .gitignore +COPY turbo.json turbo.json +RUN pnpm add -g turbo + +COPY package.json package.json +COPY pnpm-*.yaml . + +COPY packages/logger/package.json ./packages/logger/package.json +COPY packages/node-sdk/package.json ./packages/node-sdk/package.json +COPY packages/validators/package.json ./packages/validators/package.json +COPY providers/google-cloud/compute-scanner/package.json ./providers/google-cloud/compute-scanner/package.json + +RUN pnpm install --frozen-lockfile +COPY . . +RUN turbo build --filter=...@ctrlplane/google-compute-scanner + +RUN addgroup --system --gid 1001 nodejs +RUN adduser --system --uid 1001 nodejs +USER nodejs + +CMD node providers/google-cloud/compute-scanner/dist/index.js \ No newline at end of file diff --git a/providers/google-cloud/compute-scanner/eslint.config.js b/providers/google-compute-scanner/eslint.config.js similarity index 100% rename from providers/google-cloud/compute-scanner/eslint.config.js rename to providers/google-compute-scanner/eslint.config.js diff --git a/providers/google-cloud/compute-scanner/package.json b/providers/google-compute-scanner/package.json similarity index 97% rename from providers/google-cloud/compute-scanner/package.json rename to providers/google-compute-scanner/package.json index 7b79e0a3..80cc7bd3 100644 --- a/providers/google-cloud/compute-scanner/package.json +++ b/providers/google-compute-scanner/package.json @@ -39,6 +39,7 @@ "@ctrlplane/prettier-config": "workspace:*", "@ctrlplane/tsconfig": "workspace:*", "@types/lodash": "^4.17.5", + "@types/semver": "^7.5.8", "eslint": "catalog:", "prettier": "catalog:", "typescript": "^5.4.5" diff --git a/providers/google-cloud/compute-scanner/src/config.ts b/providers/google-compute-scanner/src/config.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/config.ts rename to providers/google-compute-scanner/src/config.ts diff --git a/providers/google-cloud/compute-scanner/src/gke-connect.ts b/providers/google-compute-scanner/src/gke-connect.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/gke-connect.ts rename to providers/google-compute-scanner/src/gke-connect.ts diff --git a/providers/google-cloud/compute-scanner/src/gke.ts b/providers/google-compute-scanner/src/gke.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/gke.ts rename to providers/google-compute-scanner/src/gke.ts diff --git a/providers/google-cloud/compute-scanner/src/index.ts b/providers/google-compute-scanner/src/index.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/index.ts rename to providers/google-compute-scanner/src/index.ts diff --git a/providers/google-cloud/compute-scanner/src/sdk.ts b/providers/google-compute-scanner/src/sdk.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/sdk.ts rename to providers/google-compute-scanner/src/sdk.ts diff --git a/providers/google-cloud/compute-scanner/src/utils.ts b/providers/google-compute-scanner/src/utils.ts similarity index 100% rename from providers/google-cloud/compute-scanner/src/utils.ts rename to providers/google-compute-scanner/src/utils.ts diff --git a/providers/google-cloud/compute-scanner/tsconfig.json b/providers/google-compute-scanner/tsconfig.json similarity index 100% rename from providers/google-cloud/compute-scanner/tsconfig.json rename to providers/google-compute-scanner/tsconfig.json