Skip to content

Commit

Permalink
Switch the pinned action support to use the new frizbee version
Browse files Browse the repository at this point in the history
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
  • Loading branch information
rdimitrov committed Jun 3, 2024
1 parent 3afa50e commit a82c60f
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 46 deletions.
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -309,3 +309,5 @@ require (
k8s.io/klog/v2 v2.120.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace github.com/stacklok/frizbee v0.0.15 => ../frizbee
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,8 @@ import (

"github.com/go-git/go-billy/v5"
"github.com/go-git/go-git/v5/plumbing/filemode"
fzconfig "github.com/stacklok/frizbee/pkg/config"
"github.com/stacklok/frizbee/pkg/ghactions"
"github.com/stacklok/frizbee/pkg/utils"
"gopkg.in/yaml.v3"
"github.com/stacklok/frizbee/pkg/replacer"

Check failure on line 23 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / build / Verify build

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 23 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / image-build / Build Helm chart

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 23 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / test / Coverage

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 23 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / test / Unit testing

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist
"github.com/stacklok/frizbee/pkg/utils/config"

Check failure on line 24 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / build / Verify build

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 24 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / compose-migrate / docker

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 24 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / image-build / Image build

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 24 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / test / Coverage

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

Check failure on line 24 in internal/engine/actions/remediate/pull_request/types_actions_replace_tags.go

View workflow job for this annotation

GitHub Actions / test / Unit testing

github.com/stacklok/frizbee@v0.0.15: replacement directory ../frizbee does not exist

"github.com/stacklok/minder/internal/engine/interfaces"
v1 "github.com/stacklok/minder/pkg/providers/v1"
Expand All @@ -34,7 +32,7 @@ var _ fsModifier = (*frizbeeTagResolveModification)(nil)
type frizbeeTagResolveModification struct {
fsChangeSet

fzcfg *fzconfig.GHActions
fzcfg *config.GHActions

ghCli v1.GitHub
}
Expand All @@ -56,8 +54,8 @@ func newFrizbeeTagResolveModification(
fsChangeSet: fsChangeSet{
fs: params.bfs,
},
fzcfg: &fzconfig.GHActions{
Filter: fzconfig.Filter{
fzcfg: &config.GHActions{
Filter: config.Filter{
Exclude: exclude,
},
},
Expand All @@ -66,35 +64,24 @@ func newFrizbeeTagResolveModification(
}

func (ftr *frizbeeTagResolveModification) createFsModEntries(ctx context.Context, _ interfaces.ActionsParams) error {
entries := []*fsEntry{}
cache := utils.NewRefCacher()
// Create a new Frizbee instance
r := replacer.NewGitHubActionsReplacer(&config.Config{GHActions: *ftr.fzcfg}).WithGitHubClient(ftr.ghCli)

err := ghactions.TraverseGitHubActionWorkflows(ftr.fs, ".github/workflows", func(path string, wflow *yaml.Node) error {
m, err := ghactions.ModifyReferencesInYAMLWithCache(ctx, ftr.ghCli, wflow, ftr.fzcfg, cache)
if err != nil {
return fmt.Errorf("failed to process YAML file %s: %w", path, err)
}

buf, err := utils.YAMLToBuffer(wflow)
if err != nil {
return fmt.Errorf("failed to convert YAML to buffer: %w", err)
}

if m {
entries = append(entries, &fsEntry{
Path: path,
Content: buf.String(),
Mode: filemode.Regular.String(),
})
}

return nil
})
// Parse the .github/workflows directory and replace tags with digests
ret, err := r.ParsePathInFS(ctx, ftr.fs, ".github/workflows")
if err != nil {
return err
return fmt.Errorf("failed to parse path in filesystem: %w", err)
}

ftr.entries = entries
// Add the modified paths and contents to the fsChangeSet, if any
for modifiedPath, modifiedContent := range ret.Modified {
ftr.entries = append(ftr.entries, &fsEntry{
Path: modifiedPath,
Content: modifiedContent,
Mode: filemode.Regular.String(),
})
}
// All good
return nil
}

Expand Down Expand Up @@ -136,7 +123,7 @@ func parseExcludeFromDef(def map[string]any) []string {

func parseExcludesFromRepoConfig(fs billy.Filesystem) []string {
for _, fname := range []string{".frizbee.yml", ".frizbee.yaml"} {
cfg, err := fzconfig.ParseConfigFileFromFS(fs, fname)
cfg, err := config.ParseConfigFileFromFS(fs, fname)
if err != nil {
continue
}
Expand Down
23 changes: 10 additions & 13 deletions internal/engine/eval/rego/lib.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ import (
"github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/rego"
"github.com/open-policy-agent/opa/types"
frizgh "github.com/stacklok/frizbee/pkg/ghactions"
"gopkg.in/yaml.v3"
"github.com/stacklok/frizbee/pkg/replacer"
"github.com/stacklok/frizbee/pkg/utils/config"

engif "github.com/stacklok/minder/internal/engine/interfaces"
)
Expand Down Expand Up @@ -358,22 +358,19 @@ func ListGithubActions(res *engif.Result) func(*rego.Rego) {
}

var terms []*ast.Term
err := frizgh.TraverseGitHubActionWorkflows(res.Fs, base, func(_ string, wflow *yaml.Node) error {
actions, err := frizgh.ListActionsInYAML(wflow)
if err != nil {
return err
}

for _, a := range actions {
terms = append(terms, ast.StringTerm(a.Action))
}

return nil
})
// Parse the ingested file system and extract all action references
r := replacer.NewGitHubActionsReplacer(&config.Config{})
actions, err := r.ListPathInFS(res.Fs, base)
if err != nil {
return nil, err
}

// Save the action names
for _, a := range actions.Entities {
terms = append(terms, ast.StringTerm(a.Name))
}

return ast.SetTerm(terms...), nil
},
)
Expand Down

0 comments on commit a82c60f

Please sign in to comment.