fix: Image-Scanner status for failed request (#4513)

* retry envs added * json naming * migration for image scan plugin and retry env fix * fix * image scan migration script updated - added new input variables * migration updated * migration updated * name changed * refactor * added default value and change script no
devtron-labs · Jan 18, 2024 · c7e7010 · c7e7010
1 parent 1f339d8
commit c7e7010
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 0 deletions.
diff --git a/pkg/pipeline/CiService.go b/pkg/pipeline/CiService.go
@@ -245,6 +245,7 @@ func (impl *CiServiceImpl) TriggerCiPipeline(trigger types.Trigger) (int, error)
 	} else {
 		workflowRequest.Type = bean2.CI_WORKFLOW_PIPELINE_TYPE
 	}
+
 	err = impl.executeCiPipeline(workflowRequest)
 	if err != nil {
 		impl.Logger.Errorw("workflow error", "err", err)
@@ -659,6 +660,8 @@ func (impl *CiServiceImpl) buildWfRequestForCiPipeline(pipeline *pipelineConfig.
 		RegistryDestinationImageMap: registryDestinationImageMap,
 		RegistryCredentialMap:       registryCredentialMap,
 		PluginArtifactStage:         pluginArtifactStage,
+		ImageScanMaxRetries:         impl.config.ImageScanMaxRetries,
+		ImageScanRetryDelay:         impl.config.ImageScanRetryDelay,
 	}
 
 	if dockerRegistry != nil {

diff --git a/pkg/pipeline/types/CiCdConfig.go b/pkg/pipeline/types/CiCdConfig.go
@@ -65,6 +65,8 @@ type CiCdConfig struct {
 	SkipCreatingEcrRepo              bool                                `env:"SKIP_CREATING_ECR_REPO" envDefault:"false"`
 	MaxCiWorkflowRetries             int                                 `env:"MAX_CI_WORKFLOW_RETRIES" envDefault:"0"`
 	NatsServerHost                   string                              `env:"NATS_SERVER_HOST" envDefault:"nats://devtron-nats.devtroncd:4222"`
+	ImageScanMaxRetries              int                                 `env:"IMAGE_SCAN_MAX_RETRIES" envDefault:"3"`
+	ImageScanRetryDelay              int                                 `env:"IMAGE_SCAN_RETRY_DELAY" envDefault:"5"`
 	// from CdConfig
 	CdLimitCpu                       string                              `env:"CD_LIMIT_CI_CPU" envDefault:"0.5"`
 	CdLimitMem                       string                              `env:"CD_LIMIT_CI_MEM" envDefault:"3G"`

diff --git a/pkg/pipeline/types/Workflow.go b/pkg/pipeline/types/Workflow.go
@@ -126,6 +126,8 @@ type WorkflowRequest struct {
 	RegistryCredentialMap       map[string]plugin.RegistryCredentials `json:"registryCredentialMap"`
 	PluginArtifactStage         string                                `json:"pluginArtifactStage"`
 	PushImageBeforePostCI       bool                                  `json:"pushImageBeforePostCI"`
+	ImageScanMaxRetries         int                                   `json:"imageScanMaxRetries,omitempty"`
+	ImageScanRetryDelay         int                                   `json:"imageScanRetryDelay,omitempty"`
 	Type                        bean.WorkflowPipelineType
 	Pipeline                    *pipelineConfig.Pipeline
 	Env                         *repository.Environment

diff --git a/scripts/sql/211_image_scan_plugin_update.down.sql b/scripts/sql/211_image_scan_plugin_update.down.sql
diff --git a/scripts/sql/211_image_scan_plugin_update.up.sql b/scripts/sql/211_image_scan_plugin_update.up.sql
@@ -0,0 +1,27 @@
+INSERT INTO "plugin_step_variable" ("id", "plugin_step_id", "name", "format", "description", "is_exposed", "allow_empty_value", "default_value","variable_type", "value_type", "variable_step_index",reference_variable_name, "deleted", "created_on", "created_by", "updated_on", "updated_by") VALUES
+        (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCAN_MAX_RETRIES','STRING','image scan max retry count',true,true,'3','INPUT','GLOBAL',1 ,'IMAGE_SCAN_MAX_RETRIES','f','now()', 1, 'now()', 1),
+        (nextval('id_seq_plugin_step_variable'), (SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Vulnerability Scanning' and ps."index"=1 and ps.deleted=false), 'IMAGE_SCAN_RETRY_DELAY','STRING','image scan retry delay (in seconds)',true,true,'5','INPUT','GLOBAL',1 ,'IMAGE_SCAN_RETRY_DELAY','f','now()', 1, 'now()', 1);
+
+UPDATE plugin_pipeline_script SET script = '#!/bin/sh
+echo "IMAGE SCAN"
+
+perform_curl_request() {
+    local attempt=1
+    while [ "$attempt" -le "$IMAGE_SCAN_MAX_RETRIES" ]; do
+        response=$(curl -s -w "\n%{http_code}" -X POST $IMAGE_SCANNER_ENDPOINT/scanner/image -H "Content-Type: application/json" -d "{\"image\": \"$DEST\", \"imageDigest\": \"$DIGEST\", \"pipelineId\" : $PIPELINE_ID, \"userId\": $TRIGGERED_BY, \"dockerRegistryId\": \"$DOCKER_REGISTRY_ID\" }")
+        http_status=$(echo "$response" | tail -n1)
+        if [ "$http_status" = "200" ]; then
+            echo "Vulnerability Scanning request successful."
+            return 0
+        else
+            echo "Attempt $attempt: Vulnerability Scanning request failed with HTTP status code $http_status"
+            echo "Response Body: $response"
+            attempt=$((attempt + 1))
+            sleep "$IMAGE_SCAN_RETRY_DELAY"
+        fi
+    done
+    echo -e "\033[1m======== Maximum retries reached. Vulnerability Scanning request failed ========"
+    exit 1
+}
+perform_curl_request'
+WHERE id = (SELECT id FROM plugin_metadata WHERE name = 'Vulnerability Scanning');