Skip to content

Commit

Permalink
Merge pull request #5 from ruromero/cicd
Browse files Browse the repository at this point in the history 
chore: add integration with RHTAP
  • Loading branch information
@ruromero
ruromero authored Jan 17, 2024
2 parents 5535108 + ad888eb commit 4aa24a3
Show file tree
Hide file tree
Showing 14 changed files with 136 additions and 310 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# exhort-vuln-ingester
# exhort-cve-service

This project uses Quarkus, the Supersonic Subatomic Java Framework.

Expand Down Expand Up @@ -43,7 +43,7 @@ Or, if you don't have GraalVM installed, you can run the native executable build
./mvnw package -Pnative -Dquarkus.native.container-build=true
```

You can then execute your native executable with: `./target/exhort-vuln-ingester-1.0.0-SNAPSHOT-runner`
You can then execute your native executable with: `./target/exhort-cve-service-1.0.0-SNAPSHOT-runner`

If you want to learn more about building native executables, please consult https://quarkus.io/guides/maven-tooling.

Expand Down
111 changes: 0 additions & 111 deletions api-spec/v1/openapi.yaml
View file

This file was deleted.

33 changes: 33 additions & 0 deletions devfile.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
schemaVersion: 2.2.0
metadata:
name: exhort-cve-service
version: 1.0.0
provider: Red Hat
supportUrl: https://github.com/RHEcosystemAppEng/exhort-cve-service/issues
website: https://github.com/RHEcosystemAppEng/exhort-cve-service
displayName: Exhort CVE Service
description: Exhort CVE Service that aggregates data from OSV and NVD
tags:
- Exhort
- RHTPA
- Java
- Quarkus
- NVD
- OSV
projectType: Quarkus
language: Java
parent:
id: java-quarkus
registryUrl: 'https://registry.devfile.io'
components:
- name: image-build
image:
imageName: exhort-cve-service:latest
dockerfile:
uri: src/main/docker/Dockerfile.multi-stage
buildContext: .
rootRequired: false
commands:
- id: build-image
apply:
component: image-build
157 changes: 36 additions & 121 deletions kubernetes/deploy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,162 +1,77 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: osv-nvd-service
name: exhort-cve-service
labels:
app: osv-nvd-service
app: exhort-cve-service
spec:
replicas: 1
selector:
matchLabels:
app: osv-nvd-service
app: exhort-cve-service
template:
metadata:
labels:
app: osv-nvd-service
app: exhort-cve-service
spec:
containers:
- name: osv-nvd-service
image: quay.io/ruben/osv-nvd-service:latest
- name: exhort-cve-service
image: exhort-cve-service:latest
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: management
containerPort: 9000
protocol: TCP
resources:
limits:
memory: "128Mi"
cpu: "500m"
env:
- name: QUARKUS_MONGODB_CONNECTION-STRING
valueFrom:
secretKeyRef:
name: mongodb-creds
key: mongodb-connection
- name: QUARKUS_MONGODB_DATABASE
- name: DB_REDIS_ENDPOINT
valueFrom:
secretKeyRef:
name: mongodb-creds
key: mongodb-database
- name: QUARKUS_MONGODB_CREDENTIALS_USERNAME
name: exhort-stage
key: db.endpoint
- name: DB_REDIS_PORT
valueFrom:
secretKeyRef:
name: mongodb-creds
key: mongodb-username
- name: QUARKUS_MONGODB_CREDENTIALS_PASSWORD
name: exhort-stage
key: db.port
- name: API_NVD_APIKEY
valueFrom:
secretKeyRef:
name: mongodb-creds
key: mongodb-password
- name: MIGRATION_NVD_FILE_PATH
value: "/repo/cvelistV5/cves"
volumeMounts:
- name: repo
mountPath: "/repo"
volumes:
- name: repo
persistentVolumeClaim:
claimName: nvd-data
name: exhort-cve-secret
key: nvd.apikey
livenessProbe:
httpGet:
path: /q/health/live
port: 9000
initialDelaySeconds: 1
readinessProbe:
httpGet:
path: /q/health/ready
port: 9000
initialDelaySeconds: 5
periodSeconds: 20
---
apiVersion: v1
kind: Service
metadata:
name: osv-nvd-service
name: exhort-cve-service
labels:
app: osv-nvd-service
app: exhort-cve-service
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
- name: management
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: osv-nvd-service
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nvd-data
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 8Gi
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: nvd-sync
spec:
schedule: "0 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: git-job
image: quay.io/ruben/ubi8-git:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- /scripts/pull.sh
- /scripts/sync.sh
env:
- name: REPO_PATH
value: /repo
- name: REPO_URL
value: https://github.com/CVEProject/cvelistV5.git
- name: SERVICE_ENDPOINT
value: http://osv-nvd-service:8080/cves
volumeMounts:
- name: repo
mountPath: "/repo"
- name: scripts
mountPath: /scripts
restartPolicy: OnFailure
volumes:
- name: repo
persistentVolumeClaim:
claimName: nvd-data
- name: scripts
configMap:
name: fetch-nvd-repo-scripts
defaultMode: 0777
---
apiVersion: batch/v1
kind: Job
metadata:
name: nvd-clone
spec:
template:
spec:
containers:
- name: git-job
image: quay.io/ruben/ubi8-git:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- /scripts/clone.sh
env:
- name: REPO_PATH
value: /repo
- name: REPO_URL
value: https://github.com/CVEProject/cvelistV5.git
volumeMounts:
- name: repo
mountPath: "/repo"
- name: scripts
mountPath: /scripts
restartPolicy: OnFailure
volumes:
- name: repo
persistentVolumeClaim:
claimName: nvd-data
- name: scripts
configMap:
name: fetch-nvd-repo-scripts
defaultMode: 0777
backoffLimit: 4
app: exhort-cve-service
Loading

0 comments on commit 4aa24a3

Please sign in to comment.