codefresh-io · vadim-kharin-codefresh · Mar 29, 2022 · Mar 29, 2022
@@ -1,5 +1,10 @@
 # Changelog
 
+## v0.0.7 (29.03.2022)
+
+### image-enricher-git-info
+Added information about commits to the image
+
 ## v0.0.6 (14.2.2022)
 
 ### report-image-info

@@ -0,0 +1,17 @@
+# CSDP-metadata
+
+## Summary
+
+A set of templates to operate against Codefresh Software Delivery Platform such as reporting image information to the Argo platform, and enriching images with metadata and annotation for GitHub (PRs, commits, etc) and Jira (title, assignee, etc).
+
+## Templates
+
+1. [image-enricher-git-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/0.0.7/docs/image-enricher-git-info.md)
+2. [image-enricher-jira-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/0.0.7/docs/image-enricher-jira-info.md)
+3. [report-image-info](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csdp/versions/0.0.7/docs/report-image-info.md)
+
+## Security
+
+Minimal required permissions
+
+[Full rbac permissions list](https://github.com/codefresh-io/argo-hub/blob/main/workflows/codefresh-csp/versions/0.0.7/rbac.yaml)
@@ -0,0 +1,55 @@
+# image-enricher-git-info
+
+## Summary
+Enrich images with metadata and annotation such as PR, commits, committers.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE (required) - The image URI that was imported into Codefresh to enrich
+* BRANCH (required) - The git branch to use to enrich
+* REPO (required) - The GitHub repo to use to enrich
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API Key. Default is 'token'
+* CF_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'codefresh.io'
+* GITHUB_HOST (optional) - The URL to reach GitHub (support on-premises GitHub host). Default is 'github.com'
+* GITHUB_API (optional) - The URL to reach the GitHub API (support on-premises GitHub api).
+* API_PATH_PREFIX (optional) - The API prefix path for GitHub (support on-premises GitHub path prefix).
+* GITHUB_TOKEN (optional) - The Kubernetes secret containing the GitHub token
+* GITHUB_TOKEN_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GitHub token. Default is 'token'
+
+
+### Outputs
+no outputs
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-git-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-git-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.0.0.7
+          template: image-enricher-git-info
+        arguments:
+          parameters:
+          - name: IMAGE
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: BRANCH
+            value: 'main'
+          - name: REPO
+            value: 'codefresh/cfstep-helm'
+          - name: CF_API_KEY
+            value: 'CODEFRESH_API_KEY'
+          - name: GITHUB_TOKEN
+            value: 'GITHUB_TOKEN'
+```
@@ -0,0 +1,57 @@
+# image-enricher-jira-info
+
+## Summary
+Enrich images with metadata and annotation such as ticket number, title, assignee, status.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE (required) - The image URI that was imported into Codefresh to enrich
+* JIRA_HOST (required) - jira host, should be without protocol and / in the end.
+* JIRA_CONTEXT (optional) - The Jira context to use
+* JIRA_API_TOKEN_SECRET (required) - Name of Kubernetes secret that contains a jira email and token that you generate in jira
+* JIRA_API_TOKEN_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira API token. Default is 'token'
+* JIRA_EMAIL_SECRET_KEY (required) - The key in the Kubernetes secret with the Jira Email associated with the API token. Default is 'email'
+* JIRA_PROJECT_PREFIX (required) - jira project prefix like: SAAS, CF, etc
+* CF_API_KEY (required) - The Kubernetes secret containing the Codefresh API key
+* CF_API_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret that has the Codefresh API Key. Default is 'token'
+* CF_URL (optional) - The URL to reach Codefresh (support on-premises Codefresh). Default is 'codefresh.io'
+* MESSAGE (required) - message from which you want retrieve issue name, can be a branch, commit message, whatever
+* FAIL_ON_NOT_FOUND (optional) - fail in case of ticket not found. Default is 'false'
+
+### Outputs
+no outputs
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: image-enricher-jira-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: image-enricher-jira-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.0.0.7
+          template: image-enricher-jira-info
+        arguments:
+          parameters:
+          - name: IMAGE
+            value: 'gcr.io/codefresh/cfstep-helm:lastest'
+          - name: JIRA_PROJECT_PREFIX
+            value: 'JR'
+          - name: MESSAGE
+            value: 'JR-1234'
+          - name: JIRA_HOST
+            value: 'jira.atlassian.net'
+          - name: JIRA_API_TOKEN_SECRET
+            value: 'jira-credentials'
+          - name: CF_API_KEY
+            value: 'CODEFRESH_API_KEY'
+```
@@ -0,0 +1,85 @@
+# report-image-info
+
+## Summary
+Report image info to argo platform.
+
+## Inputs/Outputs
+
+### Inputs
+* IMAGE (required) - your image to which you want to report
+* CF_API_KEY (required) - Codefresh API key created by runtime
+* GIT_BRANCH (optional) - git branch
+* GIT_REVISION (optional) - git revision
+* GIT_COMMIT_MESSAGE (optional) - git commit message
+* GIT_COMMIT_URL (optional) - git commit url
+* GIT_SENDER_LOGIN (optional) - git commiter username
+* CF_HOST (optional) - support on-premises Codefresh URL
+* INSECURE (optional) - security flag for standard registry protocol, when set to true it enables http protocol.
+#### Specify one from following required registry parameters:
+* GCR_KEY_FILE_PATH (required) - JSON key for authenticating to a Google GCR
+* GCR_KEY_SECRET (required) - The Kubernetes secret containing the GCR key information. Default is 'gcr-key-file'
+* GCR_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret containing the GCR key information. Default is '.keyjson'
+* AWS_ACCESS_KEY (required) - The Kubernetes secret with the Amazon access key
+* AWS_ACCESS_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon access key. Default is 'aws-access-key'
+* AWS_SECRET_KEY (required) - The Kubernetes secret with the Amazon secret key
+* AWS_SECRET_KEY_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon secret key. Default is 'aws-secret-key'
+* AWS_REGION (required) - The Kubernetes secret with the Amazon region
+* AWS_REGION_SECRET_KEY (optional) - The key in the Kubernetes secret with the Amazon region. Default is 'aws-region'
+* DOCKER_CONFIG_FILE_PATH (required) - docker config json for authenticating to a registry (GCR, ECR, ACR not supported)
+* DOCKER_CONFIG_SECRET (required) - The Kubernetes secret containing the docker config json information. Default is 'docker-registry'
+* DOCKER_CONFIG_SECRET_KEY  (optional) - The key in the Kubernetes secret containing the docker config json information. Default is '.dockerconfigjson'
+* DOCKER_USERNAME (required) - The Kubernetes secret with the docker username
+* DOCKER_USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the docker username. Default is 'username'
+* DOCKER_PASSWORD (required) - The Kubernetes secret with the docker password
+* DOCKER_PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the docker password. Default is 'password'
+* USERNAME (required) - The Kubernetes secret with the standard registry username
+* USERNAME_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry username. Default is 'username'
+* PASSWORD (required) - The Kubernetes secret with the standard registry password
+* PASSWORD_SECRET_KEY (optional) The key in the Kubernetes secret with the standard registry password. Default is 'password'
+* DOMAIN (required) - The Kubernetes secret with the standard registry domain
+* DOMAIN_SECRET_KEY (optional) - The key in the Kubernetes secret with the standard registry domain. Default is 'domain'
+* AWS_ROLE_SECRET (required) - The Kubernetes secret with the Amazon role
+* AWS_ROLE_SECRET_KEY (optional) -The key in the Kubernetes secret with the standard Amazon role. Default is 'role'
+
+### Outputs
+no outputs
+
+## Examples
+
+### task Example
+```
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: report-image-info-
+spec:
+  entrypoint: main
+  templates:
+  - name: main
+    dag:
+      tasks:
+      - name: report-image-info
+        templateRef:
+          name: argo-hub.codefresh-csdp.0.0.7
+          template: report-image-info
+        arguments:
+          parameters:
+          - name: IMAGE_URI
+            value: 'docker.io/codefresh/cfstep-helm:lastest'
+          - name: CF_API_KEY
+            value: 'CODEFRESH_API_KEY'
+          - name: GIT_REVISION
+            value: 'a1bc234d56e78f9a0b12c34d5ef67fba89d01ea2
+          - name: GIT_BRANCH
+            value: 'main'
+          - name: GIT_COMMIT_URL
+            value: 'https://github.com/test/project/commit/a1bc234d56e78f9a0b12c34d5ef67fba89d01ea2'
+          - name: GIT_COMMIT_MESSAGE
+            value: "Merge branch 'test'"
+          - name: GIT_SENDER_LOGIN
+            value: "some-username"
+          - name: DOCKER_USERNAME
+            value: 'docker-username'
+          - name: DOCKER_PASSWORD
+            value: 'docker-password'
+```
@@ -0,0 +1 @@
+12.18.0
@@ -0,0 +1,11 @@
+FROM node:14.18.1-alpine
+
+WORKDIR /app/
+
+COPY package*.json ./
+
+RUN npm install
+
+COPY . .
+
+CMD [ "node", "/app/src/index.js" ]
@@ -0,0 +1 @@
+# image-enricher-git-info
@@ -0,0 +1,33 @@
+{
+  "name": "image-enricher-git-info",
+  "version": "0.0.3",
+  "private": true,
+  "scripts": {
+    "start": "node src/index.js",
+    "lint": "eslint"
+  },
+  "engines": {
+    "node": "14.18.1"
+  },
+  "dependencies": {
+    "@octokit/rest": "18.0.0",
+    "bluebird": "3.7.2",
+    "lodash": "4.17.15",
+    "request-promise": "4.2.5",
+    "request": "2.88.2",
+    "chalk": "^4.1.0"
+  },
+  "devDependencies": {
+    "eslint": "^7.2.0",
+    "eslint-config-airbnb-base": "^14.2.0",
+    "eslint-plugin-import": "^2.21.2",
+    "@jest/globals": "^26.6.2",
+    "jest": "^26.6.3"
+  },
+  "jest": {
+    "collectCoverage": true,
+    "testPathIgnorePatterns": ["src/configuration"],
+    "collectCoverageFrom": ["src/**/*.js"]
+  }
+}
+
@@ -0,0 +1,106 @@
+const { host, apiToken, image, branch } = require('./configuration');
+const rp = require('request-promise');
+const _ = require('lodash');
+const chalk = require('chalk');
+
+class CodefreshAPI {
+    _handleError(e) {
+        if (_.get(e, 'error.message')) {
+            const code = _.get(e, 'error.code')
+            const statusCode = _.get(e, 'error.status')
+            const message = _.get(e, 'error.message')
+            throw new Error(`Codefresh error ${statusCode} [${code}]: ${message}`)
+        }
+
+        throw e
+    }
+
+    async getContext(name) {
+        try {
+            return await rp({
+                method: 'GET',
+                uri: `${host}/api/contexts/${name}?decrypt=true`,
+                headers: {
+                    'Authorization': `Bearer ${apiToken}`
+                },
+                json: true
+            });
+        } catch (e) {
+            return this._handleError(e);
+        }
+    }
+
+    async createPullRequestV2(pullRequest) {
+        console.log(chalk.green(`Create pull request ${pullRequest.number}=${pullRequest.url}, image ${image}`));
+        try {
+            const body = {
+                "operationName":"saveAnnotation",
+                "variables":{
+                    "annotation":{
+                        "logicEntityId": {"id": image},
+                        "entityType":"image",
+                        "key": `#${pullRequest.number}`,
+                        "type": "pr",
+                        "pullRequestValue": {
+                            url: pullRequest.url,
+                            title: pullRequest.title,
+                            committers: pullRequest.committers,
+                            commits: pullRequest.commits,
+                        }
+                    }
+                },
+                "query":"mutation saveAnnotation( $annotation: AnnotationArgs!) {\n saveAnnotation(annotation: $annotation)\n}"
+            }
+            return await rp({
+                method: 'POST',
+                uri: `${host}/2.0/api/graphql`,
+                body,
+                headers: {
+                    'Authorization': `Bearer ${apiToken}`
+                },
+                json: true
+            });
+        } catch (e) {
+            return this._handleError(e);
+        }
+
+    }
+
+    async createPullRequest(pullRequest) {
+
+        console.log(chalk.green(`Create pull request ${pullRequest.number}=${pullRequest.url}, image ${image}`));
+
+        try {
+            return await rp({
+                method: 'POST',
+                uri: `${host}/api/annotations`,
+                body: {
+                    entityId: image,
+                    entityType: 'image-prs',
+                    key: `#${pullRequest.number}`,
+                    value: {
+                        url: pullRequest.url,
+                        title: pullRequest.title,
+                        committers: pullRequest.committers
+                    },
+                    bigValue: {
+                        firstCommitDate: pullRequest.firstCommitDate,
+                        lastCommitDate: pullRequest.lastCommitDate,
+                        prDate: pullRequest.prDate,
+                        branch,
+                        commits: pullRequest.commits,
+                    }
+                },
+                headers: {
+                    'Authorization': `Bearer ${apiToken}`
+                },
+                json: true
+            });
+        } catch (e) {
+            return this._handleError(e);
+        }
+    }
+
+}
+
+module.exports = new CodefreshAPI();
@@ -0,0 +1,4 @@
+const prod = require('./prod');
+const test = require('./test');
+
+module.exports = process.env.NODE_ENV === 'test' ? test: prod;