kubernetes-watch 0.1.5__py3-none-any.whl → 0.1.9__py3-none-any.whl

kube_watch/modules/providers/git.py

@@ -1,33 +1,121 @@
-import os
-from git import Repo
-
-from prefect import get_run_logger
-
-logger = get_run_logger()
-
-def clone_repo(git_pat, git_url, clone_base_path):
-    # Retrieve environment variables
-    access_token = git_pat # os.environ.get('GIT_PAT')
-    repo_url = git_url # os.environ.get('GIT_URL')
-    
-    if not access_token or not repo_url:
-        raise ValueError("Environment variables GIT_PAT or GIT_URL are not set")
-
-    # Correctly format the URL with the PAT
-    if 'https://' in repo_url:
-        # Splitting the URL and inserting the PAT
-        parts = repo_url.split('https://', 1)
-        repo_url = f'https://{access_token}@{parts[1]}'
-    else:
-        raise ValueError("URL must begin with https:// for PAT authentication")
-
-    # Directory where the repo will be cloned
-    repo_path = os.path.join(clone_base_path, 'manifest-repo')
-
-    # Clone the repository
-    if not os.path.exists(repo_path):
-        logger.info(f"Cloning repository into {repo_path}")
-        repo = Repo.clone_from(repo_url, repo_path)
-        logger.info("Repository cloned successfully.")
-    else:
+import os
+from git import Repo
+import shutil
+import subprocess
+import tempfile
+from pathlib import Path
+
+from prefect import get_run_logger
+
+logger = get_run_logger()
+
+
+def clone_ssh_repo(
+    git_url: str,
+    clone_base_path: str,
+    repo_dir_name: str = "manifest-repo",
+    depth: int = 1,
+    ssh_key_env: str = "GIT_SSH_PRIVATE_KEY",
+    known_hosts_env: str = "GIT_SSH_KNOWN_HOSTS",
+) -> Path:
+    """
+    Clone or update a Git repo using an SSH private key & known_hosts provided via env vars.
+
+    Env vars:
+      - GIT_SSH_PRIVATE_KEY: the full private key (RSA/ED25519) including BEGIN/END lines
+      - GIT_SSH_KNOWN_HOSTS: one or more known_hosts lines (from `ssh-keyscan github.com`)
+
+    Args:
+        git_url: SSH URL like 'git@github.com:your-org/your-repo.git'
+        clone_base_path: directory where repo_dir_name will be created
+        repo_dir_name: folder name for the clone
+        depth: shallow clone depth (1 == latest)
+
+    Returns:
+        Path to the cloned/updated repository.
+    """
+    if not git_url.startswith("git@"):
+        raise ValueError("git_url must be an SSH URL like 'git@github.com:org/repo.git'")
+
+    priv_key = os.environ.get(ssh_key_env)
+    kh_data  = os.environ.get(known_hosts_env)
+    if not priv_key:
+        raise ValueError(f"Missing env var {ssh_key_env}")
+    if not kh_data:
+        raise ValueError(f"Missing env var {known_hosts_env}")
+
+    base = Path(clone_base_path).expanduser().resolve()
+    base.mkdir(parents=True, exist_ok=True)
+    repo_path = base / repo_dir_name
+
+    # Secure temp dir for SSH material
+    tmpdir = Path(tempfile.mkdtemp(prefix="git_ssh_"))
+    key_path = tmpdir / "id_rsa"
+    kh_path  = tmpdir / "known_hosts"
+
+    try:
+        key_path.write_text(priv_key, encoding="utf-8")
+        kh_path.write_text(kh_data, encoding="utf-8")
+
+        try:
+            os.chmod(key_path, 0o600)
+        except PermissionError:
+            pass  # Windows quirk
+
+        ssh_cmd = (
+            f"ssh -i {key_path} -o IdentitiesOnly=yes "
+            f"-o UserKnownHostsFile={kh_path} "
+            f"-o StrictHostKeyChecking=yes -o StrictModes=no"
+        )
+
+        env = os.environ.copy()
+        env["GIT_SSH_COMMAND"] = ssh_cmd
+
+        if not repo_path.exists():
+            cmd = ["git", "clone"]
+            if depth and depth > 0:
+                cmd += ["--depth", str(depth)]
+            cmd += [git_url, str(repo_path)]
+            subprocess.check_call(cmd, env=env)
+        else:
+            if not (repo_path / ".git").exists():
+                raise RuntimeError(f"Path exists but is not a git repo: {repo_path}")
+            subprocess.check_call(["git", "remote", "set-url", "origin", git_url], cwd=repo_path, env=env)
+            subprocess.check_call(["git", "fetch", "--all", "--prune"], cwd=repo_path, env=env)
+            subprocess.check_call(["git", "pull", "--ff-only", "origin"], cwd=repo_path, env=env)
+
+        return repo_path
+
+    finally:
+        try:
+            shutil.rmtree(tmpdir)
+        except Exception:
+            pass
+
+
+def clone_pat_repo(git_pat, git_url, clone_base_path):
+    # Retrieve environment variables
+    access_token = git_pat # os.environ.get('GIT_PAT')
+    repo_url = git_url # os.environ.get('GIT_URL')
+    
+    if not access_token or not repo_url:
+        raise ValueError("Environment variables GIT_PAT or GIT_URL are not set")
+
+    # Correctly format the URL with the PAT
+    if 'https://' in repo_url:
+        # Splitting the URL and inserting the PAT
+        parts = repo_url.split('https://', 1)
+        repo_url = f'https://{access_token}@{parts[1]}'
+    else:
+        raise ValueError("URL must begin with https:// for PAT authentication")
+
+    # Directory where the repo will be cloned
+    repo_path = os.path.join(clone_base_path, 'manifest-repo')
+
+    # Clone the repository
+    if not os.path.exists(repo_path):
+        logger.info(f"Cloning repository into {repo_path}")
+        repo = Repo.clone_from(repo_url, repo_path)
+        logger.info("Repository cloned successfully.")
+    else:
         logger.info(f"Repository already exists at {repo_path}")

kube_watch/modules/providers/github.py

@@ -1,126 +1,126 @@
-import requests
-from datetime import datetime, timedelta
-import pytz
-
-from prefect import get_run_logger
-
-logger = get_run_logger()
-
-def parse_datetime(dt_str):
-    """Parse a datetime string into a datetime object."""
-    return datetime.strptime(dt_str, "%Y-%m-%dT%H:%M:%SZ").replace(tzinfo=pytz.UTC)
-
-
-def add_version_dependency(versions):
-    """
-    Finds untagged versions that were created within 2 minutes of any tagged version.
-
-    Args:
-    versions (list of dict): List of dictionaries, each containing 'created_at' and possibly 'tags'.
-
-    Returns:
-    list: A list of untagged versions that meet the criteria.
-    """
-    tagged_versions = [v for v in versions if v['metadata']['container']['tags']]
-    untagged_versions = [v for v in versions if not v['metadata']['container']['tags']]
-
-    # Convert all creation times to datetime objects
-    for v in versions:
-        v['created_datetime'] = parse_datetime(v['created_at'])
-
-    # Check each untagged version against all tagged versions
-    for v in versions:
-        if v in untagged_versions:
-            for tagged in tagged_versions:
-                time_diff = abs(tagged['created_datetime'] - v['created_datetime'])
-                if time_diff < timedelta(minutes=2):
-                    v['tag'] = tagged['tag']
-                    break  # Stop checking once a close tagged version is found
-
-    return versions
-
-
-def get_github_package_versions(token, organization, package_type, package_name):
-    """
-    This function returns all available versions in a github package registry `ghcr`.
-
-    :param: token: GitHub token with proper permissions
-    :param: organization: GitHub organization name
-    :param: package_type: GitHub package type (e.g. container, npm)
-    :param: package_name: GitHub package name
-    """
-    base_url = f"https://api.github.com/orgs/{organization}/packages/{package_type}/{package_name}/versions"
-    headers = {
-        'Authorization': f'token {token}',
-        'Accept': 'application/vnd.github.v3+json'
-    }
-    versions = []
-    url = base_url
-
-    while url:
-        logger.info(f"Requesting: {url}")  # Debug output to check the URL being requested
-        response = requests.get(url, headers=headers)
-        if response.status_code == 200:
-            page_versions = response.json()
-            versions.extend(page_versions)
-            link_header = response.headers.get('Link', None)
-            if link_header:
-                links = {rel.split('; ')[1][5:-1]: rel.split('; ')[0][1:-1] for rel in link_header.split(', ')}
-                url = links.get("next", None)  # Get the URL for the next page
-                if url:
-                    logger.info(f"Next page link found: {url}")  # Debug output to check the next page link
-                else:
-                    logger.info("No next page link found in header.")  # End of pagination
-            else:
-                logger.info("No 'Link' header present, likely the last page.")  # If no 'Link' header, it's the last page
-                url = None
-        else:
-            logger.error(f"Failed to retrieve package versions: {response.status_code}, {response.text}")
-            url = None
-            
-    for item in versions:
-        tags = item['metadata']['container']['tags']
-        item['tag'] = tags[0] if len(tags) > 0 else None
-        
-    return versions
-
-
-def delete_versions(versions, token, organization, package_type, package_name):
-    """
-    :param: versions: list of versions to be deleted
-    :param: token: GitHub token with proper permissions
-    :param: organization: GitHub organization name
-    :param: package_type: GitHub package type (e.g. container, npm)
-    :param: package_name: GitHub package name
-    """
-    headers = {
-        'Authorization': f'token {token}',
-        'Accept': 'application/vnd.github.v3+json'
-    }
-    for version in versions:
-        delete_url = f"https://api.github.com/orgs/{organization}/packages/{package_type}/{package_name}/versions/{version['id']}"
-        response = requests.delete(delete_url, headers=headers)
-        if response.status_code == 204:
-            logger.info(f"Successfully deleted version: {version['metadata']['container']['tags']} (ID: {version['id']})")
-        else:
-            logger.info(f"Failed to delete version: {version['metadata']['container']['tags']} (ID: {version['id']}), {response.status_code}, {response.text}")
-
-
-
-def delete_untaged_versions(versions, token, organization, package_type, package_name):
-    # Identifying untagged versions that are related to a tagged version
-    untag_test = list(filter(lambda ver: ver['tag'] is None, versions))
-    logger.info(f"UNTAGGED BEFORE: {len(untag_test)}")
-    versions   = add_version_dependency(versions)
-    untag_vers = list(filter(lambda ver: ver['tag'] is None, versions))
-    logger.info(f"UNTAGGED BEFORE: {len(untag_vers)}")
-    
-    delete_versions(untag_vers, token, organization, package_type, package_name)
-
-
-def task_get_latest_image_digest(versions, tag_name):
-    lst = list(filter(lambda ver: ver['tag'] == tag_name, versions))
-    if len(lst) == 0:
-        raise ValueError(f"Provided tag: {tag_name} was not found.")
-    
-    return lst[0]['name']
+import requests
+from datetime import datetime, timedelta
+import pytz
+
+from prefect import get_run_logger
+
+logger = get_run_logger()
+
+def parse_datetime(dt_str):
+    """Parse a datetime string into a datetime object."""
+    return datetime.strptime(dt_str, "%Y-%m-%dT%H:%M:%SZ").replace(tzinfo=pytz.UTC)
+
+
+def add_version_dependency(versions):
+    """
+    Finds untagged versions that were created within 2 minutes of any tagged version.
+
+    Args:
+    versions (list of dict): List of dictionaries, each containing 'created_at' and possibly 'tags'.
+
+    Returns:
+    list: A list of untagged versions that meet the criteria.
+    """
+    tagged_versions = [v for v in versions if v['metadata']['container']['tags']]
+    untagged_versions = [v for v in versions if not v['metadata']['container']['tags']]
+
+    # Convert all creation times to datetime objects
+    for v in versions:
+        v['created_datetime'] = parse_datetime(v['created_at'])
+
+    # Check each untagged version against all tagged versions
+    for v in versions:
+        if v in untagged_versions:
+            for tagged in tagged_versions:
+                time_diff = abs(tagged['created_datetime'] - v['created_datetime'])
+                if time_diff < timedelta(minutes=2):
+                    v['tag'] = tagged['tag']
+                    break  # Stop checking once a close tagged version is found
+
+    return versions
+
+
+def get_github_package_versions(token, organization, package_type, package_name):
+    """
+    This function returns all available versions in a github package registry `ghcr`.
+
+    :param: token: GitHub token with proper permissions
+    :param: organization: GitHub organization name
+    :param: package_type: GitHub package type (e.g. container, npm)
+    :param: package_name: GitHub package name
+    """
+    base_url = f"https://api.github.com/orgs/{organization}/packages/{package_type}/{package_name}/versions"
+    headers = {
+        'Authorization': f'token {token}',
+        'Accept': 'application/vnd.github.v3+json'
+    }
+    versions = []
+    url = base_url
+
+    while url:
+        logger.info(f"Requesting: {url}")  # Debug output to check the URL being requested
+        response = requests.get(url, headers=headers)
+        if response.status_code == 200:
+            page_versions = response.json()
+            versions.extend(page_versions)
+            link_header = response.headers.get('Link', None)
+            if link_header:
+                links = {rel.split('; ')[1][5:-1]: rel.split('; ')[0][1:-1] for rel in link_header.split(', ')}
+                url = links.get("next", None)  # Get the URL for the next page
+                if url:
+                    logger.info(f"Next page link found: {url}")  # Debug output to check the next page link
+                else:
+                    logger.info("No next page link found in header.")  # End of pagination
+            else:
+                logger.info("No 'Link' header present, likely the last page.")  # If no 'Link' header, it's the last page
+                url = None
+        else:
+            logger.error(f"Failed to retrieve package versions: {response.status_code}, {response.text}")
+            url = None
+            
+    for item in versions:
+        tags = item['metadata']['container']['tags']
+        item['tag'] = tags[0] if len(tags) > 0 else None
+        
+    return versions
+
+
+def delete_versions(versions, token, organization, package_type, package_name):
+    """
+    :param: versions: list of versions to be deleted
+    :param: token: GitHub token with proper permissions
+    :param: organization: GitHub organization name
+    :param: package_type: GitHub package type (e.g. container, npm)
+    :param: package_name: GitHub package name
+    """
+    headers = {
+        'Authorization': f'token {token}',
+        'Accept': 'application/vnd.github.v3+json'
+    }
+    for version in versions:
+        delete_url = f"https://api.github.com/orgs/{organization}/packages/{package_type}/{package_name}/versions/{version['id']}"
+        response = requests.delete(delete_url, headers=headers)
+        if response.status_code == 204:
+            logger.info(f"Successfully deleted version: {version['metadata']['container']['tags']} (ID: {version['id']})")
+        else:
+            logger.info(f"Failed to delete version: {version['metadata']['container']['tags']} (ID: {version['id']}), {response.status_code}, {response.text}")
+
+
+
+def delete_untaged_versions(versions, token, organization, package_type, package_name):
+    # Identifying untagged versions that are related to a tagged version
+    untag_test = list(filter(lambda ver: ver['tag'] is None, versions))
+    logger.info(f"UNTAGGED BEFORE: {len(untag_test)}")
+    versions   = add_version_dependency(versions)
+    untag_vers = list(filter(lambda ver: ver['tag'] is None, versions))
+    logger.info(f"UNTAGGED BEFORE: {len(untag_vers)}")
+    
+    delete_versions(untag_vers, token, organization, package_type, package_name)
+
+
+def task_get_latest_image_digest(versions, tag_name):
+    lst = list(filter(lambda ver: ver['tag'] == tag_name, versions))
+    if len(lst) == 0:
+        raise ValueError(f"Provided tag: {tag_name} was not found.")
+    
+    return lst[0]['name']