✨ Add webhook

go-sigma · Jul 29, 2023 · 02bfb42 · 02bfb42
1 parent cb802cc
commit 02bfb42
Show file tree

Hide file tree

Showing 57 changed files with 4,328 additions and 44 deletions.
diff --git a/build/Dockerfile.buildkit b/build/Dockerfile.buildkit
@@ -0,0 +1,9 @@
+FROM moby/buildkit:v0.12.0-rootless
+
+USER root
+RUN apk add --no-cache git-lfs
+
+USER 1000:1000
+
+# docker run -it --rm --entrypoint '' --security-opt seccomp=unconfined --security-opt apparmor=unconfined -e BUILDKITD_FLAGS=--oci-worker-no-process-sandbox docker.io/library/test:dev sh
+# buildctl-daemonless.sh build --frontend dockerfile.v0 --local context=/code --local dockerfile=/code --opt platform=linux/amd64,linux/arm64
diff --git a/cmd/imports/apis.go b/cmd/imports/apis.go
@@ -12,11 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package cmd
+package imports
 
 import (
 	_ "github.com/go-sigma/sigma/pkg/handlers/apidocs"
 	_ "github.com/go-sigma/sigma/pkg/handlers/artifacts"
+	_ "github.com/go-sigma/sigma/pkg/handlers/daemons"
 	_ "github.com/go-sigma/sigma/pkg/handlers/namespaces"
 	_ "github.com/go-sigma/sigma/pkg/handlers/oauth2"
 	_ "github.com/go-sigma/sigma/pkg/handlers/repositories"
@@ -25,4 +26,5 @@ import (
 	_ "github.com/go-sigma/sigma/pkg/handlers/tokens"
 	_ "github.com/go-sigma/sigma/pkg/handlers/users"
 	_ "github.com/go-sigma/sigma/pkg/handlers/validators"
+	_ "github.com/go-sigma/sigma/pkg/handlers/webhooks"
 )
diff --git a/cmd/imports/daemon.go b/cmd/imports/daemon.go
@@ -0,0 +1,21 @@
+// Copyright 2023 sigma
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package imports
+
+import (
+	_ "github.com/go-sigma/sigma/pkg/daemon/gc"
+	_ "github.com/go-sigma/sigma/pkg/daemon/sbom"
+	_ "github.com/go-sigma/sigma/pkg/daemon/vulnerability"
+)
diff --git a/cmd/imports/distribution.go b/cmd/imports/distribution.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package cmd
+package imports
 
 import (
 	_ "github.com/go-sigma/sigma/pkg/handlers/distribution/base"

diff --git a/cmd/imports/mock.go b/cmd/imports/mock.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package cmd
+package imports
 
 import (
 	_ "go.uber.org/mock/mockgen/model"

diff --git a/cmd/imports/storage.go b/cmd/imports/storage.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package cmd
+package imports
 
 import (
 	_ "github.com/go-sigma/sigma/pkg/storage/cos"

diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/alicebob/miniredis/v2 v2.30.4
 	github.com/anchore/syft v0.85.0
 	github.com/aquasecurity/trivy v0.43.1
-	github.com/aws/aws-sdk-go v1.44.307
+	github.com/aws/aws-sdk-go v1.44.309
 	github.com/bytedance/sonic v1.9.2
 	github.com/casbin/casbin/v2 v2.72.1
 	github.com/casbin/gorm-adapter/v3 v3.18.0
@@ -28,7 +28,7 @@ require (
 	github.com/labstack/echo/v4 v4.11.1
 	github.com/matoous/go-nanoid v1.5.0
 	github.com/matoous/go-nanoid/v2 v2.0.0
-	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230724201716-b1e549bb8912
+	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230727054407-60fc69c5ad8a
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/redis/go-redis/v9 v9.0.5
 	github.com/rs/zerolog v1.29.1
@@ -173,7 +173,7 @@ require (
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tklauser/go-sysconf v0.3.11 // indirect
-	github.com/tklauser/numcpus v0.6.0 // indirect
+	github.com/tklauser/numcpus v0.6.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -107,8 +107,8 @@ github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmV
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go v1.44.307 h1:2R0/EPgpZcFSUwZhYImq/srjaOrOfLv5MNRzrFyAM38=
-github.com/aws/aws-sdk-go v1.44.307/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.309 h1:IPJOFBzXekakxmEpDwd4RTKmmBR6LIAiXgNsM51bWbU=
+github.com/aws/aws-sdk-go v1.44.309/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/becheran/wildmatch-go v1.0.0 h1:mE3dGGkTmpKtT4Z+88t8RStG40yN9T+kFEGj2PZFSzA=
 github.com/becheran/wildmatch-go v1.0.0/go.mod h1:gbMvj0NtVdJ15Mg/mH9uxk2R1QCistMyU7d9KFzroX4=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -665,8 +665,8 @@ github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.16.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
-github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230724201716-b1e549bb8912 h1:nyu9NKBn0tog9k9y8rLPWdRvA4cTV4UB78uLbEZsExM=
-github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230724201716-b1e549bb8912/go.mod h1:Va0IMqkjv62YSEytL4sgxrkiD9IzU0T0bX/ZZEtMnSQ=
+github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230727054407-60fc69c5ad8a h1:zNk21Ph0Q18NgGU36yd2v4wTj9aE1TV5LQuxi9LrtHI=
+github.com/opencontainers/distribution-spec/specs-go v0.0.0-20230727054407-60fc69c5ad8a/go.mod h1:Va0IMqkjv62YSEytL4sgxrkiD9IzU0T0bX/ZZEtMnSQ=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
@@ -825,8 +825,9 @@ github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
 github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
 github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
-github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
 github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
+github.com/tklauser/numcpus v0.6.1 h1:ng9scYS7az0Bk4OZLvrNXNSAO2Pxr1XXRAPyjhIx+Fk=
+github.com/tklauser/numcpus v0.6.1/go.mod h1:1XfjsgE2zo8GVw7POkMbHENHzVg3GzmoZ9fESEdAacY=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=

diff --git a/pkg/cmds/worker/worker.go b/pkg/cmds/worker/worker.go
@@ -29,10 +29,6 @@ import (
 	"github.com/go-sigma/sigma/pkg/consts"
 	"github.com/go-sigma/sigma/pkg/daemon"
 	"github.com/go-sigma/sigma/pkg/middlewares"
-
-	_ "github.com/go-sigma/sigma/pkg/daemon/gc"
-	_ "github.com/go-sigma/sigma/pkg/daemon/sbom"
-	_ "github.com/go-sigma/sigma/pkg/daemon/vulnerability"
 )
 
 // Worker is the worker initialization

diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go
@@ -48,6 +48,8 @@ const (
 	ContextUser = "user"
 	// HotNamespace top hot namespaces
 	HotNamespace = 3
+	// WebhookSecretHeader ...
+	WebhookSecretHeader = "X-Sigma-Signature-256" // nolint: gosec
 )
 
 // UserAgent represents the user agent

diff --git a/pkg/consts/topics.go b/pkg/consts/topics.go
@@ -21,4 +21,8 @@ const (
 	TopicVulnerability = "vuln"
 	// TopicGc is the topic for the gc
 	TopicGc = "gc"
+	// TopicGcRepository is the topic for the gc repository
+	TopicGcRepository = "gc_repository"
+	// TopicWebhook is the topic for the webhook
+	TopicWebhook = "webhook"
 )
diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go
@@ -36,6 +36,8 @@ var topics = map[enums.Daemon]string{
 	enums.DaemonSbom:          consts.TopicSbom,
 	enums.DaemonVulnerability: consts.TopicVulnerability,
 	enums.DaemonGc:            consts.TopicGc,
+	enums.DaemonGcRepository:  consts.TopicGcRepository,
+	enums.DaemonWebhook:       consts.TopicWebhook,
 }
 
 var (

diff --git a/pkg/daemon/gc/gc_repository.go b/pkg/daemon/gc/gc_repository.go
@@ -0,0 +1,92 @@
+// Copyright 2023 sigma
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gc
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/bytedance/sonic"
+	"github.com/hibiken/asynq"
+
+	"github.com/go-sigma/sigma/pkg/daemon"
+	"github.com/go-sigma/sigma/pkg/dal/dao"
+	"github.com/go-sigma/sigma/pkg/dal/models"
+	"github.com/go-sigma/sigma/pkg/dal/query"
+	"github.com/go-sigma/sigma/pkg/types"
+	"github.com/go-sigma/sigma/pkg/types/enums"
+	"github.com/go-sigma/sigma/pkg/utils"
+	"github.com/go-sigma/sigma/pkg/utils/ptr"
+)
+
+func init() {
+	utils.PanicIf(daemon.RegisterTask(enums.DaemonGcRepository, gcRepositoryRunner))
+}
+
+// gcRepositoryRunner ...
+func gcRepositoryRunner(ctx context.Context, task *asynq.Task) error {
+	var payload types.DaemonGcRepositoryPayload
+	err := sonic.Unmarshal(task.Payload(), &payload)
+	if err != nil {
+		return fmt.Errorf("Unmarshal payload failed: %v", err)
+	}
+	gc := gcRepository{}
+	return gc.runner(ctx, payload)
+}
+
+type gcRepository struct {
+	namespaceServiceFactory  dao.NamespaceServiceFactory
+	repositoryServiceFactory dao.RepositoryServiceFactory
+	daemonServiceFactory     dao.DaemonServiceFactory
+}
+
+func (g gcRepository) runner(ctx context.Context, payload types.DaemonGcRepositoryPayload) error {
+	var namespaceID *int64
+	if payload.Scope != nil {
+		namespaceService := g.namespaceServiceFactory.New()
+		namespaceObj, err := namespaceService.GetByName(ctx, ptr.To(payload.Scope))
+		if err != nil {
+			return err
+		}
+		namespaceID = ptr.Of(namespaceObj.ID)
+	}
+	err := query.Q.Transaction(func(tx *query.Query) error {
+		repositoryService := g.repositoryServiceFactory.New(tx)
+		deletedRepositoryObjs, err := repositoryService.DeleteEmpty(ctx, namespaceID)
+		if err != nil {
+			return err
+		}
+		daemonService := g.daemonServiceFactory.New(tx)
+		daemonLogs := make([]*models.DaemonLog, 0, len(deletedRepositoryObjs))
+		for _, obj := range deletedRepositoryObjs {
+			daemonLogs = append(daemonLogs, &models.DaemonLog{
+				NamespaceID: namespaceID,
+				Type:        enums.DaemonGcRepository,
+				Action:      enums.AuditActionDelete,
+				Resource:    obj,
+				Status:      enums.TaskCommonStatusSuccess,
+			})
+		}
+		err = daemonService.CreateMany(ctx, daemonLogs)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}