pipedawg-vl 1.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 96aac89e278239ef899ad613b712eea25f80c2029e1769ca32420a8bd4f03976
+  data.tar.gz: a233bd484f256cffe03c7cb1f0bfdcb774870820e83f0091169366edb3e252c8
+SHA512:
+  metadata.gz: 165b090587e34fb4a7ca5c9c8768ab66111b0cc9898dbf1aa51c482f237b6b3d27c81cc76471d931632961cfd568ba50626d0280a1a28937d1de3aac78cf5cc1
+  data.tar.gz: 7a97e66e61163d11fc9856a52504429a2ed96981b88d1f7d23753c5e86a5a11757a35ed93eb12082e60a8786b01595a329568ac7a43eba72645ee77aa81e6ba0

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Richard Grainger
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,113 @@
+# pipedawg
+
+[![Gem Version](https://badge.fury.io/rb/pipedawg.svg)](https://rubygems.org/gems/pipedawg)
+
+Generate GitLab CI pipelines.
+
+## Installation
+
+Install `pipedawg` with:
+
+```
+gem install pipedawg
+```
+
+Or add this line to your application's Gemfile:
+
+```ruby
+gem 'pipedawg'
+```
+
+And then execute:
+
+```sh
+bundle install
+```
+
+## Ruby library
+
+Example:
+
+```ruby
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'pipedawg'
+
+gem_job = Pipedawg::Job.new(
+  'build:gem',
+  artifacts: ['*.gem'],
+  image: 'ruby',
+  script: ['bundle install', 'gem build *.gemspec']
+)
+
+kaniko_build_job = Pipedawg::Job::Kaniko::Build.new(
+  'build:kaniko',
+  needs: ['build:gem'],
+  retry: 2,
+  context:'${CI_PROJECT_DIR}/docker',
+  external_files: {'*.gem':'gems'},
+  debug: false
+)
+
+pipeline = Pipedawg::Pipeline.new 'build:image', jobs: [gem_job, kaniko_build_job]
+puts pipeline.to_yaml
+pipeline.to_yaml_file('/tmp/pipeline.yaml')
+```
+
+```console
+$ cat /tmp/pipeline.yaml 
+---
+stages:
+- '1'
+- '2'
+build:gem:
+  artifacts:
+  - "*.gem"
+  cache: {}
+  image: ruby
+  needs: []
+  script:
+  - bundle install
+  - gem build *.gemspec
+  stage: '1'
+  tags: []
+build:kaniko:
+  artifacts: {}
+  cache: {}
+  image:
+    entrypoint:
+    - ''
+    name: gcr.io/kaniko-project/executor:debug
+  needs:
+  - build:gem
+  retry: 2
+  script:
+  - echo "{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}"
+    > "/kaniko/.docker/config.json"
+  - cp "*.gem" "${CI_PROJECT_DIR}/docker/gems"
+  - '"/kaniko/executor" --context "${CI_PROJECT_DIR}/docker" --dockerfile "Dockerfile"
+    --destination ${CI_REGISTRY_IMAGE}:latest'
+  stage: '2'
+  tags: []
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bundle exec rake spec` to run the tests. Run `bundle exec rubocop` to run the linter. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+Note that by default, Bundler will attempt to install gems to the system, e.g. `/usr/bin`, `/usr/share`, which requires elevated access and can interfere with files that are managed by the system's package manager. This behaviour can be overridden by creating the file `.bundle/config` and adding the following line:
+```
+BUNDLE_PATH: "./.bundle"
+```
+When you run `bin/setup` or `bundle install`, all gems will be installed inside the .bundle directory of this project.
+
+To make this behaviour a default for all gem projects, the above line can be added to the user's bundle config file in their home directory (`~/.bundle/config`)
+
+## Contributing
+
+Bug reports and pull requests are welcome on [GitHub](https://github.com/ValdrinLushaj/pipedawg).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/pipedawg/job/helm/copy.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    class Helm
+      # Pipedawg::Job::Helm::Copy class
+      class Copy < Job::Helm
+        def initialize(name, opts = {})
+          opts = {
+            chart: name,
+            destinations: [{ user: nil, password: nil, url: nil }],
+            password: nil, url: nil, user: nil, version: nil
+          }.merge(opts)
+          super name, opts
+          update
+        end
+
+        def update
+          opts[:script] = debug + pull + (opts[:destinations].map { |d| push(d) }).flatten(1)
+        end
+
+        private
+
+        def pull
+          case opts[:url]
+          when nil
+            []
+          when %r{^oci://}
+            pull_oci
+          else
+            pull_classic
+          end
+        end
+
+        def push(destination)
+          case destination[:url]
+          when nil
+            []
+          when %r{^oci://}
+            push_oci(destination)
+          else
+            push_classic(destination)
+          end
+        end
+
+        def pull_oci # rubocop:disable Metrics/AbcSize
+          script = []
+          if opts[:url] && opts[:chart] && opts[:version]
+            script = ['export HELM_EXPERIMENTAL_OCI=1']
+            script << login_oci(opts) if opts[:user] && opts[:password]
+            script << "\"#{opts[:command]}\" pull \"#{opts[:url]}/#{opts[:chart]}\" --version \"#{opts[:version]}\""
+          end
+          script
+        end
+
+        def push_oci(destination) # rubocop:disable Metrics/AbcSize
+          script = []
+          if destination[:url] && opts[:chart] && opts[:version]
+            script = ['export HELM_EXPERIMENTAL_OCI=1']
+            script << login_oci(destination) if destination[:user] && destination[:password]
+            script << "\"#{opts[:command]}\" push \"#{opts[:chart]}-#{opts[:version]}.tgz\" \"#{destination[:url]}\""
+          end
+          script
+        end
+
+        def login_oci(login_opts)
+          require 'uri'
+          "echo \"#{login_opts[:password]}\" | \"#{opts[:command]}\" registry login --username \"#{login_opts[:user]}\" --password-stdin \"#{URI(login_opts[:url]).host}\"" # rubocop:disable Layout/LineLength
+        end
+
+        def pull_classic # rubocop:disable Metrics/AbcSize
+          script = []
+          if opts[:url] && opts[:chart] && opts[:version]
+            suffix = login_classic(opts)
+            script << "\"#{opts[:command]}\" repo add source \"#{opts[:url]}\"#{suffix}"
+            script << "\"#{opts[:command]}\" repo update"
+            script << "\"#{opts[:command]}\" pull \"source/#{opts[:chart]}\" --version \"#{opts[:version]}\""
+          end
+          script
+        end
+
+        def push_classic(destination)
+          script = []
+          if destination[:url] && opts[:chart] && opts[:version]
+            script << plugin_classic
+            suffix = login_classic(destination)
+            script << "\"#{opts[:command]}\" cm-push \"#{opts[:chart]}-#{opts[:version]}.tgz\" \"#{destination[:url]}\"#{suffix}" # rubocop:disable Layout/LineLength
+          end
+          script
+        end
+
+        def login_classic(login_opts)
+          if login_opts[:user] && login_opts[:password]
+            " --username \"#{login_opts[:user]}\" --password \"#{login_opts[:password]}\""
+          else
+            ''
+          end
+        end
+
+        def plugin_classic
+          "\"#{opts[:command]}\" plugin list | grep -q cm-push || \"#{opts[:command]}\" plugin install https://github.com/chartmuseum/helm-push"
+        end
+      end
+    end
+  end
+end

data/lib/pipedawg/job/helm.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    # Pipedawg::Job::Helm class
+    class Helm < Job
+      def initialize(name, opts = {})
+        opts = {
+          command: 'helm',
+          image: { entrypoint: [''], name: 'alpine/helm' }
+        }.merge(opts)
+        super name, opts
+      end
+    end
+  end
+end

data/lib/pipedawg/job/kaniko/build.rb

@@ -0,0 +1,98 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    class Kaniko
+      # Pipedawg::Job::Kaniko::Build class
+      class Build < Job::Kaniko
+        def initialize(name, opts = {}) # rubocop:disable Metrics/MethodLength
+          opts = {
+            build_args: {},
+            config: { auths: { '$CI_REGISTRY': { username: '$CI_REGISTRY_USER', password: '$CI_REGISTRY_PASSWORD' } } },
+            config_file: '/kaniko/.docker/config.json', context: '${CI_PROJECT_DIR}',
+            destinations: ['${CI_REGISTRY_IMAGE}:latest'], dockerfile: 'Dockerfile', external_files: {}, flags: [],
+            ignore_paths: [], insecure_registries: [], options: {}, registry_certificates: {}, registry_mirrors: [],
+            skip_tls_verify_registry: [], trusted_ca_cert_source_files: [],
+            trusted_ca_cert_target_file: '/kaniko/ssl/certs/ca-certificates.crt'
+          }.merge(opts)
+          super name, opts
+          update
+        end
+
+        def update
+          require 'json'
+          opts[:script] = debug + config + cert_copies + file_copies + Array(kaniko_cmd)
+        end
+
+        private
+
+        def config
+          ["echo #{opts[:config].to_json.inspect} > \"#{opts[:config_file]}\""]
+        end
+
+        def cert_copies
+          Array(opts[:trusted_ca_cert_source_files]).map do |cert|
+            "cat \"#{cert}\" >> \"#{opts[:trusted_ca_cert_target_file]}\""
+          end
+        end
+
+        def file_copies
+          opts[:external_files].map do |source, dest|
+            "cp \"#{source}\" \"#{opts[:context]}/#{dest}\""
+          end
+        end
+
+        def kaniko_cmd # rubocop:disable Metrics/AbcSize
+          ["\"#{opts[:command]}\" --context \"#{opts[:context]}\"",
+           "--dockerfile \"#{opts[:dockerfile]}\"", flags, options, build_args,
+           ignore_paths, insecure_registries, registry_certificates, registry_mirrors,
+           destinations, skip_tls_verify_registries].reject(&:empty?).join(' ')
+        end
+
+        def flags
+          flags = opts[:flags].clone
+          flags << 'no-push' if opts[:destinations].empty?
+          flags.uniq.map { |f| "--#{f}" }.join(' ')
+        end
+
+        def options
+          opts[:options].map { |k, v| "--#{k}=\"#{v}\"" }.join(' ')
+        end
+
+        def build_args
+          opts[:build_args].map { |k, v| "--build-arg #{k}=\"#{v}\"" }.join(' ')
+        end
+
+        def ignore_paths
+          Array(opts[:ignore_paths]).map { |p| "--ignore-path #{p}" }.join(' ')
+        end
+
+        def insecure_registries
+          Array(opts[:insecure_registries]).map do |r|
+            "--insecure-registry #{r}"
+          end.join(' ')
+        end
+
+        def registry_certificates
+          opts[:registry_certificates].map do |k, v|
+            "--registry-certificate #{k}=\"#{v}\""
+          end.join(' ')
+        end
+
+        def registry_mirrors
+          Array(opts[:registry_mirrors]).map { |r| "--registry-mirror #{r}" }.join(' ')
+        end
+
+        def destinations
+          opts[:destinations].map { |d| "--destination #{d}" }.join(' ')
+        end
+
+        def skip_tls_verify_registries
+          Array(opts[:skip_tls_verify_registry]).map do |r|
+            "--skip-tls-verify-registry #{r}"
+          end.join(' ')
+        end
+      end
+    end
+  end
+end

data/lib/pipedawg/job/kaniko.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    # Pipedawg::Job::Kaniko class
+    class Kaniko < Job
+      def initialize(name, opts = {})
+        opts = {
+          command: '/kaniko/executor',
+          image: { entrypoint: [''], name: 'gcr.io/kaniko-project/executor:debug' }
+        }.merge(opts)
+        super name, opts
+      end
+    end
+  end
+end

data/lib/pipedawg/job/qualys/scan.rb

@@ -0,0 +1,125 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    class Qualys
+      # Pipedawg::Job::Qualys::Scan class
+      class Scan < Job::Qualys # rubocop:disable Metrics/ClassLength
+        def initialize(name, opts = {})
+          opts = {
+            acceptable_risk: '${QUALYS_ACCEPTABLE_IMAGE_RISK}',
+            artifacts: { expire_in: '1 month', paths: ['software.json', 'vulnerabilities.json'], when: 'always' },
+            config: { auths: { '$CI_REGISTRY': { username: '$CI_REGISTRY_USER', password: '$CI_REGISTRY_PASSWORD' } } },
+            gateway: '${QUALYS_GATEWAY}', image: nil, password: '${QUALYS_PASSWORD}',
+            scan_image: '${QUALYS_IMAGE}', scan_target_prefix: 'qualys_scan_target',
+            user: '${QUALYS_USERNAME}', variables: { GIT_STRATEGY: 'clone' }
+          }.merge(opts)
+          super name, opts
+          update
+        end
+
+        def update # rubocop:disable Metrics/AbcSize
+          require 'json'
+          opts[:script] =
+            debug + config + image + clean_config + token + scan_start +
+            scan_complete + artifacts + severities + outputs
+        end
+
+        private
+
+        def debug # rubocop:disable Metrics/MethodLength
+          if opts[:debug]
+            super + [
+              'echo Qualys settings:', "echo   Qualys gateway: \"#{opts[:gateway]}\"",
+              "echo   Qualys username: \"#{opts[:user]}\"",
+              "if [ \"#{opts[:password]}\" != '' ]; then " \
+              'echo   Qualys password is not empty; else ' \
+              'echo   Qualys password is not set; exit 1; fi'
+            ]
+          else
+            []
+          end
+        end
+
+        def config
+          ['export CONFIG=$(mktemp -d)', "echo #{opts[:config].to_json.inspect} > \"${CONFIG}/config.json\""]
+        end
+
+        def image
+          [
+            "image_target=\"#{opts[:scan_target_prefix]}:$(echo #{opts[:scan_image]} | sed 's/^[^/]*\\///'| sed 's/[:/]/-/g')\"", # rubocop:disable Layout/LineLength
+            "docker --config=\"${CONFIG}\" pull \"#{opts[:scan_image]}\"",
+            "docker image tag \"#{opts[:scan_image]}\" \"${image_target}\"",
+            "image_id=$(docker inspect --format=\"{{index .Id}}\" \"#{opts[:scan_image]}\" | cut -c8-19)",
+            'echo "Image ID: ${image_id}"'
+          ]
+        end
+
+        def clean_config
+          [
+            'rm -f "${CONFIG}/config.json"',
+            'rmdir "${CONFIG}"'
+          ]
+        end
+
+        def token
+          ["token=$(curl -s --location --request POST \"https://#{opts[:gateway]}/auth\" --header \"Content-Type: application/x-www-form-urlencoded\" --data-urlencode \"username=#{opts[:user]}\" --data-urlencode \"password=#{opts[:password]}\" --data-urlencode \"token=true\")"] # rubocop:disable Layout/LineLength
+        end
+
+        def scan_start
+          [
+            'while true; do ' \
+            "result=$(curl -s -o /dev/null -w ''%{http_code}'' --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id\" --header \"Authorization: Bearer $token\"); " + # rubocop:disable Layout/LineLength, Style/FormatStringToken
+              'echo "Waiting for scan to start..."; ' \
+              'echo "  Result: ${result}"; ' \
+              'if [ "${result}" = "200" ]; then break; fi; ' \
+              'sleep 10; done'
+          ]
+        end
+
+        def scan_complete
+          [
+            'while true; do ' \
+            "result=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id\" --header \"Authorization: Bearer $token\" | jq -r '.scanStatus'); " + # rubocop:disable Layout/LineLength
+              'echo "Waiting for scan to complete..."; ' \
+              'echo "  Result: ${result}"; ' \
+              'if [ "${result}" = "SUCCESS" ]; then break; fi; ' \
+              'sleep 10; done; sleep 30'
+          ]
+        end
+
+        def artifacts
+          [
+            "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/software\" --header \"Authorization: Bearer $token\" | jq . > software.json", # rubocop:disable Layout/LineLength
+            "curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/vuln\" --header \"Authorization: Bearer $token\" | jq . > vulnerabilities.json" # rubocop:disable Layout/LineLength
+          ]
+        end
+
+        def severities
+          [
+            "response=$(curl -s --location --request GET \"https://#{opts[:gateway]}/csapi/v1.2/images/$image_id/vuln/count\" --header \"Authorization: Bearer $token\")", # rubocop:disable Layout/LineLength
+            'severity5=$(jq -r ".severity5Count" <<< "${response}")',
+            'severity4=$(jq -r ".severity4Count" <<< "${response}")'
+          ]
+        end
+
+        def outputs # rubocop:disable Metrics/MethodLength
+          [
+            'if [ "$severity5" = "null" ]; then ' \
+            'echo "ERROR: Wrong ImageID or problem during vulnerabilities count." >&2; ' \
+            'exit 1; fi',
+            'if [ "$severity4" = "null" ]; then ' \
+            'echo "ERROR: Wrong ImageID or problem during vulnerabilities count." >&2; ' \
+            'exit 1; fi',
+            'echo "Severity5: $severity5, Severity4: $severity4"',
+            'risk=$((($severity5*3)+($severity4)))',
+            'echo "Risk: $risk"',
+            "if (($risk > \"#{opts[:acceptable_risk]}\")); then " \
+            'echo "Too many vulnerabilities. Severity5: $severity5, Severity4: $severity4" >&2; ' \
+            'exit 1; fi'
+          ]
+        end
+      end
+    end
+  end
+end

data/lib/pipedawg/job/qualys.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    # Pipedawg::Job::Qualys class
+    class Qualys < Job
+      def initialize(name, opts = {})
+        super name, opts
+      end
+    end
+  end
+end

data/lib/pipedawg/job/skopeo/copy.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    class Skopeo
+      # Pipedawg::Job::Skopeo::Copy class
+      class Copy < Job::Skopeo
+        def initialize(name, opts = {})
+          opts = {
+            config: {}, copy_image: name, destinations: [{ copy_image: nil, flags: [], options: {} }], flags: [],
+            logins: {}, options: {}, stage: '${CI_PROJECT_DIR}/stage', trusted_ca_cert_source_files: [],
+            trusted_ca_cert_target_file: '/etc/docker/certs.d/ca.crt'
+          }.merge(opts)
+          super name, opts
+          update
+        end
+
+        def update # rubocop:disable Metrics/AbcSize
+          require 'json'
+          opts[:script] = debug + config + cert_copies + login + mkstage + pull + (
+            opts[:destinations].map { |d| push(d) }
+          ).flatten(1)
+        end
+
+        private
+
+        def config
+          ['export CONFIG=$(mktemp -d)', "echo #{opts[:config].to_json.inspect} > \"${CONFIG}/config.json\""]
+        end
+
+        def cert_copies
+          ["mkdir -p $(dirname \"#{opts[:trusted_ca_cert_target_file]}\")"] +
+            Array(opts[:trusted_ca_cert_source_files]).map do |cert|
+              "cat \"#{cert}\" >> \"#{opts[:trusted_ca_cert_target_file]}\""
+            end
+        end
+
+        def login
+          opts.fetch(:logins, {}).map do |k, v|
+            begin
+              command = "echo \"#{v['password']}\" | #{opts[:command]} login --authfile \"${CONFIG}/config.json\" --username \"#{v['username']}\" --password-stdin \"#{k}\"" # rubocop:disable Layout/LineLength
+              `#{command}`
+              puts "Login succeeded for #{k}"
+            rescue RuntimeError => e
+              puts "Login failed for #{k}: #{e.message}"
+            end
+          end
+        end
+
+        def mkstage
+          ["mkdir -p \"#{opts[:stage]}\""]
+        end
+
+        def pull
+          copy(opts, "docker://#{opts[:copy_image]}", "\"dir://#{opts[:stage]}\"")
+        end
+
+        def push(destination_opts)
+          copy(destination_opts, "\"dir://#{opts[:stage]}\"", "docker://#{destination_opts[:copy_image]}")
+        end
+
+        def copy(copy_opts, source, destination)
+          Array(["#{opts[:command]} copy --authfile \"${CONFIG}/config.json\"", flags(copy_opts), options(copy_opts),
+                 source, destination].reject(&:empty?).join(' '))
+        end
+
+        def flags(opts)
+          opts.fetch(:flags, []).uniq.map { |f| "--#{f}" }.join(' ')
+        end
+
+        def options(opts)
+          opts.fetch(:options, {}).map { |k, v| "--#{k} \"#{v}\"" }.join(' ')
+        end
+      end
+    end
+  end
+end

data/lib/pipedawg/job/skopeo.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  class Job
+    # Pipedawg::Job::Skopeo class
+    class Skopeo < Job
+      def initialize(name, opts = {})
+        opts = {
+          command: 'skopeo',
+          image: { entrypoint: [''], name: 'quay.io/skopeo/stable:latest' }
+        }.merge(opts)
+        super name, opts
+      end
+    end
+  end
+end

data/lib/pipedawg/job.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  # job class
+  class Job
+    attr_accessor :name, :opts
+
+    def initialize(name = 'build', opts = {}) # rubocop:disable Metrics/MethodLength
+      @name = name
+      @opts = {
+        artifacts: {},
+        cache: {},
+        debug: true,
+        image: { name: 'ruby:2.5' },
+        needs: [],
+        retry: nil,
+        rules: nil,
+        script: [],
+        stage: 'build',
+        tags: [],
+        variables: nil
+      }.merge(opts)
+    end
+
+    def to_hash
+      keys = %i[artifacts cache image needs retry rules script stage tags variables]
+      { "#{name}": opts.slice(*keys).compact }
+    end
+
+    private
+
+    def debug
+      if opts[:debug]
+        Pipedawg::Util.echo_proxy_vars
+      else
+        []
+      end
+    end
+  end
+end

data/lib/pipedawg/pipeline.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  # pipeline class
+  class Pipeline
+    attr_accessor :name, :opts
+
+    def initialize(name = 'pipeline', opts = {})
+      @name = name
+      @opts = {
+        jobs: [Pipedawg::Job.new],
+        stages: ['build'],
+        workflow: nil
+      }.merge(opts)
+      update
+    end
+
+    def to_yaml
+      require 'json'
+      require 'yaml'
+      pipeline = opts.compact.reject { |k, _| %i[jobs].include? k }
+      opts[:jobs].each do |job|
+        pipeline.merge!(job.to_hash)
+      end
+      JSON.parse(pipeline.to_json).to_yaml
+    end
+
+    def to_yaml_file(file = 'pipeline.yml')
+      File.write(file, to_yaml)
+    end
+
+    def update
+      stages = []
+      opts[:jobs].each do |job|
+        stage = stage_from_needs(opts[:jobs], job.name)
+        stages << stage
+        job.opts[:stage] = stage.to_s
+      end
+      opts[:stages] = stages.uniq.sort.map(&:to_s)
+    end
+
+    private
+
+    def stage_from_needs(jobs, job_name)
+      if jobs.select { |job| job.name == job_name }[0].opts.fetch(:needs, []) == []
+        1
+      else
+        jobs.select { |job| job.name == job_name }[0].opts[:needs].map { |need| stage_from_needs(jobs, need) }.max + 1
+      end
+    end
+  end
+end

data/lib/pipedawg/util.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  # util class
+  class Util
+    def self.expand_env_vars(item) # rubocop:disable Metrics/MethodLength
+      case item
+      when Array
+        item.map { |i| expand_env_vars(i) }
+      when Hash
+        item.each { |k, v| item[k] = expand_env_vars(v) }
+        item.transform_keys! { |k| expand_env_vars(k) }
+        item
+      when String
+        item.gsub(/\${([^} ]+)}/) do |e|
+          ENV[e.gsub('${', '').gsub('}', '')]
+        end
+      else
+        item
+      end
+    end
+
+    def self.puts_proxy_vars
+      puts 'Proxy settings:'
+      puts "http_proxy: #{ENV['http_proxy']}"
+      puts "https_proxy: #{ENV['https_proxy']}"
+      puts "no_proxy: #{ENV['no_proxy']}"
+      puts "HTTP_PROXY: #{ENV['HTTP_PROXY']}"
+      puts "HTTPS_PROXY: #{ENV['HTTPS_PROXY']}"
+      puts "NO_PROXY: #{ENV['NO_PROXY']}"
+    end
+
+    def self.echo_proxy_vars
+      script = ['echo Proxy settings:']
+      script << 'echo   http_proxy: "${http_proxy}"'
+      script << 'echo   https_proxy: "${https_proxy}"'
+      script << 'echo   no_proxy: "${no_proxy}"'
+      script << 'echo   HTTP_PROXY: "${HTTP_PROXY}"'
+      script << 'echo   HTTPS_PROXY: "${HTTPS_PROXY}"'
+      script << 'echo   NO_PROXY: "${NO_PROXY}"'
+      script
+    end
+  end
+end

data/lib/pipedawg/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Pipedawg
+  VERSION = '1.0.1'
+end

data/lib/pipedawg.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'pipedawg/job'
+require 'pipedawg/job/helm'
+require 'pipedawg/job/helm/copy'
+require 'pipedawg/job/kaniko'
+require 'pipedawg/job/kaniko/build'
+require 'pipedawg/job/qualys'
+require 'pipedawg/job/qualys/scan'
+require 'pipedawg/job/skopeo'
+require 'pipedawg/job/skopeo/copy'
+require 'pipedawg/pipeline'
+require 'pipedawg/util'
+require 'pipedawg/version'
+
+module Pipedawg
+  class Error < StandardError; end
+  # Your code goes here...
+end

metadata

@@ -0,0 +1,61 @@
+--- !ruby/object:Gem::Specification
+name: pipedawg-vl
+version: !ruby/object:Gem::Version
+  version: 1.0.1
+platform: ruby
+authors:
+- harbottle
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-05-16 00:00:00.000000000 Z
+dependencies: []
+description: Generate GitLab CI pipelines.
+email:
+- harbottle@room3d3.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/pipedawg.rb
+- lib/pipedawg/job.rb
+- lib/pipedawg/job/helm.rb
+- lib/pipedawg/job/helm/copy.rb
+- lib/pipedawg/job/kaniko.rb
+- lib/pipedawg/job/kaniko/build.rb
+- lib/pipedawg/job/qualys.rb
+- lib/pipedawg/job/qualys/scan.rb
+- lib/pipedawg/job/skopeo.rb
+- lib/pipedawg/job/skopeo/copy.rb
+- lib/pipedawg/pipeline.rb
+- lib/pipedawg/util.rb
+- lib/pipedawg/version.rb
+homepage: https://github.com/ValdrinLushaj/pipedawg
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/ValdrinLushaj/pipedawg
+  source_code_uri: https://github.com/ValdrinLushaj/pipedawg
+  changelog_uri: https://github.com/ValdrinLushaj/pipedawg
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: Generate GitLab CI pipelines.
+test_files: []