New traceability fields added to annotations (#90)

* New traceability fields
2026-06-28 15:59:27 +08:00 · 2020-12-30 15:03:39 +05:30
parent 51b95a5ca2
commit 04921d7d06
9 changed files with 257 additions and 46 deletions
@@ -25,21 +25,24 @@ ServiceTypes.clusterIP = 'ClusterIP';
 exports.deploymentTypes = ['deployment', 'replicaset', 'daemonset', 'pod', 'statefulset'];
 exports.workloadTypes = ['deployment', 'replicaset', 'daemonset', 'pod', 'statefulset', 'job', 'cronjob'];
 exports.workloadTypesWithRolloutStatus = ['deployment', 'daemonset', 'statefulset'];
-function getWorkflowAnnotationsJson(lastSuccessRunSha, workflowFilePath) {
-    return `{`
-        + `'run': '${process.env.GITHUB_RUN_ID}',`
-        + `'repository': '${process.env.GITHUB_REPOSITORY}',`
-        + `'workflow': '${process.env.GITHUB_WORKFLOW}',`
-        + `'workflowFileName': '${workflowFilePath.replace(".github/workflows/", "")}',`
-        + `'jobName': '${process.env.GITHUB_JOB}',`
-        + `'createdBy': '${process.env.GITHUB_ACTOR}',`
-        + `'runUri': 'https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}',`
-        + `'commit': '${process.env.GITHUB_SHA}',`
-        + `'lastSuccessRunCommit': '${lastSuccessRunSha}',`
-        + `'branch': '${process.env.GITHUB_REF}',`
-        + `'deployTimestamp': '${Date.now()}',`
-        + `'provider': 'GitHub'`
-        + `}`;
+function getWorkflowAnnotationsJson(lastSuccessRunSha, workflowFilePath, deploymentConfig) {
+    let annotationObject = {};
+    annotationObject["run"] = process.env.GITHUB_RUN_ID;
+    annotationObject["repository"] = process.env.GITHUB_REPOSITORY;
+    annotationObject["workflow"] = process.env.GITHUB_WORKFLOW;
+    annotationObject["workflowFileName"] = workflowFilePath.replace(".github/workflows/", "");
+    annotationObject["jobName"] = process.env.GITHUB_JOB;
+    annotationObject["createdBy"] = process.env.GITHUB_ACTOR;
+    annotationObject["runUri"] = `https://github.com/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`;
+    annotationObject["commit"] = process.env.GITHUB_SHA;
+    annotationObject["lastSuccessRunCommit"] = lastSuccessRunSha;
+    annotationObject["branch"] = process.env.GITHUB_REF;
+    annotationObject["deployTimestamp"] = Date.now();
+    annotationObject["dockerfilePaths"] = deploymentConfig.dockerfilePaths;
+    annotationObject["manifestsPaths"] = deploymentConfig.manifestFilePaths;
+    annotationObject["helmChartPaths"] = deploymentConfig.helmChartFilePaths;
+    annotationObject["provider"] = "GitHub";
+    return JSON.stringify(annotationObject);
 }
 exports.getWorkflowAnnotationsJson = getWorkflowAnnotationsJson;
 function getWorkflowAnnotationKeyLabel(workflowFilePath) {
@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DockerExec = void 0;
+const tool_runner_1 = require("./utilities/tool-runner");
+class DockerExec {
+    constructor(dockerPath) {
+        this.dockerPath = dockerPath;
+    }
+    ;
+    pull(image, args, silent) {
+        args = ['pull', image, ...args];
+        let result = this.execute(args, silent);
+        if (result.stderr != '' && result.code != 0) {
+            throw new Error(`docker images pull failed with: ${result.error}`);
+        }
+    }
+    inspect(image, args, silent) {
+        args = ['inspect', image, ...args];
+        let result = this.execute(args, silent);
+        if (result.stderr != '' && result.code != 0) {
+            throw new Error(`docker inspect call failed with: ${result.error}`);
+        }
+        return result.stdout;
+    }
+    execute(args, silent) {
+        const command = new tool_runner_1.ToolRunner(this.dockerPath);
+        command.arg(args);
+        return command.execSync({ silent: !!silent });
+    }
+}
+exports.DockerExec = DockerExec;
@@ -134,15 +134,16 @@ function checkManifestStability(kubectl, resources) {
 function annotateAndLabelResources(files, kubectl, resourceTypes, allPods) {
    return __awaiter(this, void 0, void 0, function* () {
        const workflowFilePath = yield utility_1.getWorkflowFilePath(TaskInputParameters.githubToken);
+        const deploymentConfig = yield utility_1.getDeploymentConfig();
        const annotationKeyLabel = models.getWorkflowAnnotationKeyLabel(workflowFilePath);
-        annotateResources(files, kubectl, resourceTypes, allPods, annotationKeyLabel, workflowFilePath);
+        annotateResources(files, kubectl, resourceTypes, allPods, annotationKeyLabel, workflowFilePath, deploymentConfig);
        labelResources(files, kubectl, annotationKeyLabel);
    });
 }
-function annotateResources(files, kubectl, resourceTypes, allPods, annotationKey, workflowFilePath) {
+function annotateResources(files, kubectl, resourceTypes, allPods, annotationKey, workflowFilePath, deploymentConfig) {
    const annotateResults = [];
    const lastSuccessSha = utility_1.getLastSuccessfulRunSha(kubectl, TaskInputParameters.namespace, annotationKey);
-    let annotationKeyValStr = annotationKey + '=' + models.getWorkflowAnnotationsJson(lastSuccessSha, workflowFilePath);
+    let annotationKeyValStr = annotationKey + '=' + models.getWorkflowAnnotationsJson(lastSuccessSha, workflowFilePath, deploymentConfig);
    annotateResults.push(kubectl.annotate('namespace', TaskInputParameters.namespace, annotationKeyValStr));
    annotateResults.push(kubectl.annotateFiles(files, annotationKeyValStr));
    resourceTypes.forEach(resource => {
@@ -9,11 +9,14 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
    });
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCurrentTime = exports.getRandomInt = exports.sleep = exports.annotateChildPods = exports.getWorkflowFilePath = exports.getLastSuccessfulRunSha = exports.checkForErrors = exports.isEqual = exports.getExecutableExtension = void 0;
+exports.getCurrentTime = exports.getRandomInt = exports.sleep = exports.getDeploymentConfig = exports.annotateChildPods = exports.getWorkflowFilePath = exports.getLastSuccessfulRunSha = exports.checkForErrors = exports.isEqual = exports.getExecutableExtension = void 0;
 const os = require("os");
 const core = require("@actions/core");
 const githubClient_1 = require("../githubClient");
 const httpClient_1 = require("./httpClient");
+const inputParams = require("../input-parameters");
+const docker_object_model_1 = require("../docker-object-model");
+const io = require("@actions/io");
 function getExecutableExtension() {
    if (os.type().match(/^Win/)) {
        return '.exe';
@@ -138,6 +141,36 @@ function annotateChildPods(kubectl, resourceType, resourceName, annotationKeyVal
    return commandExecutionResults;
 }
 exports.annotateChildPods = annotateChildPods;
+function getDeploymentConfig() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const inputManifestFiles = inputParams.manifests || [];
+        const helmChartPaths = (process.env.HELM_CHART_PATHS && process.env.HELM_CHART_PATHS.split('\n').filter(path => path != "")) || [];
+        const imageNames = inputParams.containers || [];
+        let imageDockerfilePathMap = {};
+        //Fetching from image label if available
+        for (const image of imageNames) {
+            let imageConfig, imageInspectResult;
+            try {
+                yield checkDockerPath();
+                var dockerExec = new docker_object_model_1.DockerExec('docker');
+                dockerExec.pull(image, [], true);
+                imageInspectResult = dockerExec.inspect(image, [], true);
+                imageConfig = JSON.parse(imageInspectResult)[0];
+                imageDockerfilePathMap[image] = getDockerfilePath(imageConfig);
+            }
+            catch (ex) {
+                core.warning(`Failed to get dockerfile path for image ${image.toString()} | ` + ex);
+            }
+        }
+        const deploymentConfig = {
+            manifestFilePaths: inputManifestFiles,
+            helmChartFilePaths: helmChartPaths,
+            dockerfilePaths: imageDockerfilePathMap
+        };
+        return Promise.resolve(deploymentConfig);
+    });
+}
+exports.getDeploymentConfig = getDeploymentConfig;
 function sleep(timeout) {
    return new Promise(resolve => setTimeout(resolve, timeout));
 }
@@ -150,3 +183,32 @@ function getCurrentTime() {
    return new Date().getTime();
 }
 exports.getCurrentTime = getCurrentTime;
+function checkDockerPath() {
+    return __awaiter(this, void 0, void 0, function* () {
+        let dockerPath = yield io.which('docker', false);
+        if (!dockerPath) {
+            throw new Error('Docker is not installed.');
+        }
+    });
+}
+function getDockerfilePath(imageConfig) {
+    const DOCKERFILE_PATH_LABEL_KEY = 'dockerfile-path';
+    const ref = process.env.GITHUB_REF && process.env.GITHUB_REF.replace('refs/heads/', '').replace('refs/tags/', '');
+    let pathLabel, pathLink, pathValue = '';
+    if (imageConfig) {
+        if ((imageConfig.Config) && (imageConfig.Config.Labels) && (imageConfig.Config.Labels[DOCKERFILE_PATH_LABEL_KEY])) {
+            pathLabel = imageConfig.Config.Labels[DOCKERFILE_PATH_LABEL_KEY];
+            if (pathValue.startsWith('./')) { //if it is relative filepath convert to link from current repo
+                pathLink = `https://github.com/${process.env.GITHUB_REPOSITORY}/blob/${ref}/${pathLabel}`;
+                pathValue = pathLink;
+            }
+            else {
+                pathValue = pathLabel;
+            }
+        }
+        else {
+            pathValue = '';
+        }
+    }
+    return pathValue;
+}