diff options
Diffstat (limited to 'scripts/run_tern.sh')
-rwxr-xr-x | scripts/run_tern.sh | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/scripts/run_tern.sh b/scripts/run_tern.sh new file mode 100755 index 0000000..d6fb3ce --- /dev/null +++ b/scripts/run_tern.sh @@ -0,0 +1,184 @@ +#!/usr/bin/env bash +# +# Copyright Samsung Electronics (c) 2021 All rights reserved +# This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +# This script will do the following: +# 1. install tern in $TERN_LOCATION/ternenv (defaults to $HOME) +# 2. query kubectl for all images from $K8NAMESPACE +# 3. run tern analysis on each image while generating $HTML_REPORT in +# current directory & placing results in $OUT directory. Each report +# and log will have the image name with '/' substituted to '_'. +# 4. push results via lftools taking ARCHIVES_LOCATION as argument. +# Requires CI_PIPELINE_CREATED_AT, $POD, $LF_RESULTS_BACKUP vars to be set +# +# Dependencies: +# - fuse-overlayfs +# - attr +# - python3-venv +# - jq +# - lftools (python package) + +set -euxo pipefail + +TERN_LOCATION=${TERN_LOCATION:-"$HOME"} +OUT=${OUT:-tern} +HTML_REPORT=${HTML_REPORT:-index.html} +K8NAMESPACE=${K8NAMESPACE:-onap} +ARCHIVES_LOCATION=${ARCHIVES_LOCATION:-/tmp/tern} + +install_tern() { + # current release has bug with image name parsing, need to install + # from source until release (end of March 2021) + local tern_location=$1 + local initial_dir=$(pwd) + cd $tern_location + python3 -m venv ternenv + cd ternenv + . bin/activate + git clone https://github.com/tern-tools/tern --branch main || true + cd tern + git pull origin main + git checkout 52fd8f3ee915c0c637d82dbeb0856219780688c7 + python3 -m pip install wheel + python3 -m pip install . + cd $initial_dir + echo "===========> Tern installed" +} + +init_tern() { + local tern_location=$1 + local initial_dir=$(pwd) + cd $tern_location + cd ternenv + . bin/activate + cd $initial_dir +} + + +print_head() { + local html_report=$1 + + echo '<!DOCTYPE html> + <html lang="en"> + <head> + <meta charset="utf-8"> + <title>ONAP Tern analysis</title> + </head> + <body> + <table> + <caption>Results</caption> + <thead> + <tr> + <th>Image</th> + <th>Version</th> + <th>Report</th> + <th>Log</th> + <th>Pkgs with GPLv3</th> + <th>Pkgs with undefined lic</th> + <th>Notes</th> + </tr> + </thead> + <tbody>' >> $html_report +} + +print_tail() { + local html_report=$1 + + echo ' </tbody> + </table> + </body> + </html>' >> $html_report +} + +print_image() { + local html_report=$1 + local full_img_name=$2 + local report=$3 + local log=$4 + + + local pkglicenses="" + local gplv3pkgs="" + local licnotfound="" + local notes="" + + local img=${2%:*} + local ver=${2##*:} + + if [[ -s "$report" ]] + then + pkglicenses=$(jq '.images | .[].image.layers | .[]?.packages | .[] | "\(.name) \(.pkg_licenses) \(.pkg_license)"' ${report}) || true + gplv3pkgs=$(echo "${pkglicenses}" |grep GPL-3 | awk '{ print substr($1,2); }' | tr '\n' ' ') || true + licnotfound=$(echo "${pkglicenses}" |grep -e ' \[\] \"' | awk '{ print substr($1,2); }' | tr '\n' ' ') || true + else + if [[ $(grep -m 1 -hEe "(Traceback|CRITICAL)" $log) ]]; + then + notes='Report not generated, check logs for traceback/critical error' + fi + fi + + echo " <tr> + <td>${img}</td> + <td>${ver}</td> + <td><a href="${report}">Report</a></td> + <td><a href="${log}">Log</a></td> + <td>${gplv3pkgs}</td> + <td>${licnotfound}</td> + <td>${notes}</td> + </tr>" >> $1 +} + +analyze() { + local img=$1 + local report=$2 + local log=$3 + echo "$img analysis started" + tern report -f json -i ${img} 1> ${report} 2> ${log} || true +} + +get_images() { + local namespace=$1 + kubectl get pods --namespace $namespace \ + -o jsonpath="{.items[*].spec.containers[*].image}" |\ + tr -s '[[:space:]]' '\n' | sort | uniq -u +} + +push_results() { + local archives_location=$1 + local nexus_url="https://nexus.onap.org" + local nexus_path="onap-integration/weekly/$POD/$(date -d${CI_PIPELINE_CREATED_AT} +'%Y-%m')/$(date -d${CI_PIPELINE_CREATED_AT} +'%d_%H-%M')" + echo "===========> Send Result to LF Backend" + echo "nexus_url:"$nexus_url + echo "nexus_path"$nexus_path + cd $archives_location && lftools deploy archives $nexus_url $nexus_path $archives_location +} + +images=( $(get_images $K8NAMESPACE) ) + +mkdir -p $OUT +rm -f $HTML_REPORT +install_tern $TERN_LOCATION + +print_head ${HTML_REPORT} + +for (( i=0; i<${#images[@]}; i++ )) +do + + fname=${images[$i]//\//_} + report=${OUT}/${fname}".json" + log=${OUT}/${fname}".log" + + analyze ${images[$i]} ${report} ${log} + print_image ${HTML_REPORT} ${images[$i]} ${report} ${log} +done + +print_tail ${HTML_REPORT} +echo "===========> Finished analysis of all images in "$K8NAMESPACE + +push_results ${ARCHIVES_LOCATION} |