Merge pull request #932 from rnc/GL1

Add logging. Fix project naming in gitlab. Handle PKIX issues.
redhat-appstudio · Nov 23, 2023 · 7d5b7e1 · 7d5b7e1
2 parents 011a4af + fa3250c
commit 7d5b7e1
Show file tree

Hide file tree

Showing 12 changed files with 90 additions and 15 deletions.
diff --git a/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml b/deploy/crds/base/jvmbuildservice.io_jbsconfigs.yaml
@@ -89,6 +89,8 @@ spec:
                 type: boolean
               gitSourceArchive:
                 properties:
+                  disableSSLVerification:
+                    type: boolean
                   identity:
                     type: string
                   url:

diff --git a/deploy/overlays/dev-template/config.yaml b/deploy/overlays/dev-template/config.yaml
@@ -16,6 +16,7 @@ spec:
   gitSourceArchive:
     identity: GIT_DEPLOY_IDENTITY
     url: GIT_DEPLOY_URL
+    disableSSLVerification: GIT_DISABLE_SSL_VERIFICATION
   relocationPatterns:
     - relocationPattern:
         buildPolicy: "default"

diff --git a/deploy/patch-yaml.sh b/deploy/patch-yaml.sh
@@ -53,5 +53,9 @@ fi
 if [ -z "${GIT_DEPLOY_IDENTITY}" ]; then
     GIT_DEPLOY_IDENTITY=""
 fi
-find $DIR -path \*development\*.yaml -exec $SED -i s/GIT_DEPLOY_URL/${GIT_DEPLOY_URL}/ {} \;
+if [ -z "${GIT_DISABLE_SSL_VERIFICATION}" ]; then
+    GIT_DISABLE_SSL_VERIFICATION="false"
+fi
+find $DIR -path \*development\*.yaml -exec $SED -i s%GIT_DEPLOY_URL%${GIT_DEPLOY_URL}% {} \;
 find $DIR -path \*development\*.yaml -exec $SED -i s%GIT_DEPLOY_IDENTITY%${GIT_DEPLOY_IDENTITY}% {} \;
+find $DIR -path \*development\*.yaml -exec $SED -i s%GIT_DISABLE_SSL_VERIFICATION%${GIT_DISABLE_SSL_VERIFICATION}% {} \;
diff --git a/...est-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/DeployCommand.java b/...est-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/DeployCommand.java
@@ -134,6 +134,9 @@ public class DeployCommand implements Runnable {
     @CommandLine.Option(names = "--git-identity")
     String gitIdentity;
 
+    @CommandLine.Option(names = "--git-disable-ssl-verification")
+    boolean gitDisableSSLVerification;
+
     @CommandLine.Option(names = "--build-id")
     String buildId;
     // Testing only ; used to disable image deployment
@@ -155,7 +158,8 @@ public void run() {
         try {
             // Save the source first regardless of deployment checks
             if (isNotEmpty(gitIdentity) && gitToken.isPresent()) {
-                var git = Git.builder(gitURL, gitIdentity, gitToken.get());
+                Log.infof("Git credentials are identity '%s' and URL '%s'", gitIdentity, gitURL);
+                var git = Git.builder(gitURL, gitIdentity, gitToken.get(), gitDisableSSLVerification);
                 git.create(scmUri);
                 git.add(sourcePath, commit, imageId);
             }

diff --git a/...d-request-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/Git.java b/...d-request-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/Git.java
@@ -19,6 +19,8 @@ public abstract class Git {
 
     protected CredentialsProvider credentialsProvider;
 
+    protected boolean disableSSLVerification;
+
     public abstract void create(String name)
             throws IOException, URISyntaxException;
 
@@ -35,14 +37,28 @@ public abstract void add(Path path, String commit, String imageId)
      */
     public static Git builder(String endpoint, String identity, String token)
             throws IOException {
+        return builder(endpoint, identity, token, true);
+    }
+
+    /**
+     *
+     * @param endpoint URL of the GitHub or GitLab instance.
+     * @param identity Might be user or organisation name.
+     * @param token Authorisation token.
+     * @param disableSSLVerification Whether to enable SSLVerification (Default: true).
+     * @return Valid Git instance
+     * @throws IOException if an error occurs
+     */
+    public static Git builder(String endpoint, String identity, String token, boolean disableSSLVerification)
+            throws IOException {
         // TODO: This could be a bit presumptuous to assume
         //    an on-premise installation will always contain some determinable
         //    information. Alternative would be forcing the user to configure
         //    endpoint, token, AND type [gitlab|github]
         if (endpoint != null && endpoint.contains("gitlab")) {
-            return new GitLab(endpoint, identity, token);
+            return new GitLab(endpoint, identity, token, disableSSLVerification);
         } else {
-            return new GitHub(endpoint, identity, token);
+            return new GitHub(endpoint, identity, token, disableSSLVerification);
         }
     }
 
@@ -61,6 +77,9 @@ protected void pushRepository(Path path, String httpTransportUrl, String commit,
             Log.infof("Updating current origin of %s to %s", jConfig.getString("remote", "origin", "url"),
                     httpTransportUrl);
             jConfig.setString("remote", "origin", "url", httpTransportUrl);
+            if (disableSSLVerification) {
+                jConfig.setBoolean("http", null, "sslVerify", false);
+            }
             jConfig.save();
             Log.infof("Pushing to %s with content from %s (branch %s, commit %s, tag %s)", httpTransportUrl, path,
                     jRepo.getBranch(), commit, tagName);
@@ -97,11 +116,13 @@ protected void pushRepository(Path path, String httpTransportUrl, String commit,
      * @return a reformatted name to use as the new repository name.
      * @throws URISyntaxException if an error occurs.
      */
-    protected static String parseScmURI(String scmUri)
+    protected String parseScmURI(String scmUri)
             throws URISyntaxException {
         String path = new URI(scmUri).getPath().substring(1);
         String group = path.substring(0, path.lastIndexOf("/"));
         String name = (path.endsWith(".git") ? path.substring(0, path.length() - 4) : path).substring(group.length() + 1);
-        return group + "--" + name;
+        return group + groupSplit() + name;
     }
+
+    abstract String groupSplit();
 }
diff --git a/...equest-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/GitHub.java b/...equest-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/GitHub.java
@@ -29,7 +29,7 @@ enum Type {
 
     private GHRepository repository;
 
-    public GitHub(String endpoint, String identity, String token)
+    public GitHub(String endpoint, String identity, String token, boolean ssl)
             throws IOException {
         if (isNotEmpty(token)) {
             github = new GitHubBuilder().withEndpoint(endpoint == null ? GITHUB_URL : endpoint)
@@ -41,6 +41,7 @@ public GitHub(String endpoint, String identity, String token)
         }
         owner = identity;
         credentialsProvider = new UsernamePasswordCredentialsProvider(token, "");
+        disableSSLVerification = ssl;
 
         switch (github.getUser(identity).getType()) {
             case "User" -> type = Type.USER;
@@ -49,6 +50,11 @@ public GitHub(String endpoint, String identity, String token)
         Log.infof("Type %s", type);
     }
 
+    GitHub() {
+        owner = null;
+        github = null;
+    }
+
     @Override
     public void create(String scmUri)
             throws IOException, URISyntaxException {
@@ -85,4 +91,9 @@ public void add(Path path, String commit, String imageId) {
         }
         pushRepository(path, repository.getHttpTransportUrl(), commit, imageId);
     }
+
+    @Override
+    String groupSplit() {
+        return "--";
+    }
 }
diff --git a/...equest-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/GitLab.java b/...equest-processor/src/main/java/com/redhat/hacbs/container/analyser/deploy/git/GitLab.java
@@ -20,16 +20,27 @@ public class GitLab extends Git {
 
     private Project project;
 
-    public GitLab(String endpoint, String identity, String token) {
+    public GitLab(String endpoint, String identity, String token, boolean ssl) {
         gitLabApi = new GitLabApi(endpoint, token);
         owner = identity;
         credentialsProvider = new UsernamePasswordCredentialsProvider("", token);
+        disableSSLVerification = ssl;
+
+        if (disableSSLVerification) {
+            gitLabApi.setIgnoreCertificateErrors(true);
+        }
+    }
+
+    GitLab() {
+        owner = null;
+        gitLabApi = null;
     }
 
     @Override
     public void create(String scmUri)
             throws URISyntaxException {
         String name = parseScmURI(scmUri);
+        Log.infof("Creating repository with name %s", name);
         try {
             project = gitLabApi.getProjectApi().getUserProjectsStream(owner, new ProjectFilter().withSearch(name))
                     .filter(p -> p.getName().equals(name))
@@ -62,4 +73,9 @@ public void add(Path path, String commit, String imageId)
         }
         pushRepository(path, project.getHttpUrlToRepo(), commit, imageId);
     }
+
+    @Override
+    String groupSplit() {
+        return "-";
+    }
 }
diff --git a/...a/com/redhat/hacbs/container/analyser/deploy/mavenrepository/MavenRepositoryDeployer.java b/...a/com/redhat/hacbs/container/analyser/deploy/mavenrepository/MavenRepositoryDeployer.java
@@ -49,6 +49,8 @@ public MavenRepositoryDeployer(BootstrapMavenContext mvnCtx, String username, St
         this.system = mvnCtx.getRepositorySystem();
         this.session = MavenRepositorySystemUtils.newSession();
 
+        Log.infof("Maven credentials are username '%s' and repository '%s'", username, repository);
+
         // https://maven.apache.org/resolver/third-party-integrations.html states a local repository manager should be added.
         session.setLocalRepositoryManager(system.newLocalRepositoryManager(session, new LocalRepository(artifacts.toFile())));
     }

diff --git a/...quest-processor/src/test/java/com/redhat/hacbs/container/analyser/deploy/git/GitTest.java b/...quest-processor/src/test/java/com/redhat/hacbs/container/analyser/deploy/git/GitTest.java
@@ -37,12 +37,15 @@ public void clearLogs() {
     @Test
     public void parseScmURI()
             throws URISyntaxException {
-        String result = Git.parseScmURI("https://github.com/apache/commons-codec.git");
+
+        String result = new GitHub().parseScmURI("https://github.com/apache/commons-codec.git");
         assertEquals("apache--commons-codec", result);
-        result = Git.parseScmURI("https://gitlab.com/rnc/testRepo");
+        result = new GitHub().parseScmURI("https://gitlab.com/rnc/testRepo");
         assertEquals("rnc--testRepo", result);
-        result = Git.parseScmURI("file:///rnc/testRepo");
+        result = new GitHub().parseScmURI("file:///rnc/testRepo");
         assertEquals("rnc--testRepo", result);
+        result = new GitLab().parseScmURI("https://gitlab.com/rnc/testRepo");
+        assertEquals("rnc-testRepo", result);
     }
 
     @Test
@@ -73,6 +76,11 @@ public void create(String name) {
                 @Override
                 public void add(Path path, String commit, String imageId) {
                 }
+
+                @Override
+                public String groupSplit() {
+                    return null;
+                }
             };
             test.pushRepository(
                     initialRepo,
@@ -98,11 +106,11 @@ public void add(Path path, String commit, String imageId) {
 
     @Test
     public void testIdentity() throws IOException {
-        new GitHub(null, "cekit", null);
+        new GitHub(null, "cekit", null, true);
         List<LogRecord> logRecords = LogCollectingTestResource.current().getRecords();
         assertTrue(logRecords.stream().anyMatch(r -> LogCollectingTestResource.format(r).matches("Type ORGANISATION")));
         LogCollectingTestResource.current().clear();
-        new GitHub(null, "rnc", null);
+        new GitHub(null, "rnc", null, true);
         logRecords = LogCollectingTestResource.current().getRecords();
         assertTrue(logRecords.stream().anyMatch(r -> LogCollectingTestResource.format(r).matches("Type USER")));
     }

diff --git a/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml b/java-components/resource-model/src/main/resources/crds/jvmbuildservice.io_jbsconfigs.yaml
@@ -89,6 +89,8 @@ spec:
                 type: boolean
               gitSourceArchive:
                 properties:
+                  disableSSLVerification:
+                    type: boolean
                   identity:
                     type: string
                   url:

diff --git a/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go b/pkg/apis/jvmbuildservice/v1alpha1/jbsconfig_types.go
@@ -111,8 +111,9 @@ type MavenDeployment struct {
 }
 
 type GitSourceArchive struct {
-	Identity string `json:"identity,omitempty"`
-	URL      string `json:"url,omitempty"`
+	Identity               string `json:"identity,omitempty"`
+	URL                    string `json:"url,omitempty"`
+	DisableSSLVerification bool   `json:"disableSSLVerification,omitempty"`
 }
 
 type RelocationPatternElement struct {

diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go
@@ -666,6 +666,9 @@ func imageRegistryCommands(imageId string, recipe *v1alpha12.BuildRecipe, db *v1
 	if jbsConfig.Spec.GitSourceArchive.URL != "" {
 		mavenArgs = append(mavenArgs, "--git-url="+jbsConfig.Spec.GitSourceArchive.URL)
 	}
+	if jbsConfig.Spec.GitSourceArchive.DisableSSLVerification {
+		mavenArgs = append(mavenArgs, "--git-disable-ssl-verification")
+	}
 	deployArgs = append(deployArgs, mavenArgs...)
 
 	hermeticPreBuildImageArgs := []string{