verbose switch

.gitlab-ci.yml

@@ -5,9 +5,12 @@ stages:
 variables:
   REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
   IMAGE_NAME: $REGISTRY/$CI_PROJECT_NAME
+  DTRACK_API_URL: https://dtrack-api-rd.krohne.com
+  DEFECTDOJO_API_URL: https://defectdojo-rd.krohne.com
+  KROHNE_CA_URL: https://devwiki.krohnegroup.com/lib/exe/fetch.php?media=krohne-ca.crt
+  KROHNE_CA_CHECKSUM: a921e440a742f1e67c7714306e2c0d76
 
-
+.generate-api:
-generate-dtrack-api:
   stage: generate-api-clients
   image: openapitools/openapi-generator-cli:v7.12.0
   tags:
@@ -17,12 +20,21 @@ generate-dtrack-api:
   rules:
     - if: '$CI_COMMIT_BRANCH == "main"'
     - if: '$CI_COMMIT_TAG'
+  before_script:
+    - curl --insecure $KROHNE_CA_URL -o krohne-ca.crt
+    - echo "$KROHNE_CA_CHECKSUM  krohne-ca.crt" | md5sum -c 
+    - mv krohne-ca.crt /usr/local/share/ca-certificates
+    - update-ca-certificates
+
+
+generate-dtrack-api:
+  extends: .generate-api
   artifacts:
     paths:
       - dtrack-api-client.tgz
     expire_in: 1 week
   script:
-    - curl https://dtrack-api.hottis.de/api/openapi.json > dependencytrack-openapi.json
+    - curl ${DTRACK_API_URL}/api/openapi.json > dependencytrack-openapi.json
     - |
       docker-entrypoint.sh \
       author template \
@@ -42,21 +54,13 @@ generate-dtrack-api:
 
 
 generate-defectdojo-api:
-  stage: generate-api-clients
+  extends: .generate-api
-  image: openapitools/openapi-generator-cli:v7.12.0
-  tags:
-    - linux
-    - docker
-    - bash
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "main"'
-    - if: '$CI_COMMIT_TAG'
   artifacts:
     paths:
       - defectdojo-api-client.tgz
     expire_in: 1 week
   script:
-    - curl https://defectdojo.hottis.de/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
+    - curl ${DEFECTDOJO_API_URL}/api/v2/oa3/schema/?format=json > defectdojo-openapi.json
     - |
       docker-entrypoint.sh \
       generate \
@@ -76,7 +80,11 @@ dockerize:
   rules:
     - if: '$CI_COMMIT_TAG'
   script:
-        - docker build --tag $IMAGE_NAME:latest 
+    - tar -xzf defectdojo-api-client.tgz
+    - tar -xzf dtrack-api-client.tgz
+    - docker build --build-arg ADDITIONAL_CA_URL="$KROHNE_CA_URL"
+                   --build-arg ADDITIONAL_CA_CHECKSUM=$KROHNE_CA_CHECKSUM
+                   --tag $IMAGE_NAME:latest 
                    --tag $IMAGE_NAME:$CI_COMMIT_SHA
                    --tag $IMAGE_NAME:$CI_COMMIT_TAG
                    .

Dockerfile

@@ -6,12 +6,26 @@ ENV DEFECTDOJO_URL=""
 ENV DEFECTDOJO_TOKEN=""
 
 ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL="x"
+ARG ADDITIONAL_CA_CHECKSUM="y"
 
 RUN \
+  set -e &&\
   apk add --no-cache syft &&\
   adduser -s /bin/sh -D user &&\
   mkdir -p $APP_DIR &&\
-  chown user:user $APP_DIR
+  chown user:user $APP_DIR &&\
+  echo $ADDITIONAL_CA_URL &&\
+  echo $ADDITIONAL_CA_CHECKSUM &&\
+  if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
+    cd /usr/local/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "$ADDITIONAL_CA_CHECKSUM  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+    echo "custom ca added"; \
+  else \
+    echo "no additional ca"; \
+  fi 
 
 USER user
 WORKDIR $APP_DIR

src/entrypoint.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 # entrypoint.sh
 
-source ./.venv/bin/activate
+source /opt/app/.venv/bin/activate
 
-PYTHONPATH="$PYTHONPATH:./dependencytrack-client"
+PYTHONPATH="$PYTHONPATH:/opt/app/dependencytrack-client"
-PYTHONPATH="$PYTHONPATH:./defectdojo-client"
+PYTHONPATH="$PYTHONPATH:/opt/app/defectdojo-client"
 export PYTHONPATH
 
-exec python sbom-dt-dd.py "$@"
+exec python /opt/app/sbom-dt-dd.py "$@"
 

src/sbom-dt-dd.py

@@ -16,7 +16,9 @@ class MyLocalException(Exception): pass
 
 def executeApiCall(apiClient, ApiClass, EndpointMethod, RequestClass, requestParams, additionalParams=[]):
     try:
-        logger.info(f"Calling {ApiClass}.{EndpointMethod} with {RequestClass} ({additionalParams}, {requestParams})")
+        logger.info(f"Calling {ApiClass=}.{EndpointMethod=} with {RequestClass=})")
+        if VERBOSE:
+            logger.debug(f"{additionalParams=}, {requestParams=}")
         instance = ApiClass(apiClient)
         if RequestClass:
             request = RequestClass(**requestParams)
@@ -85,6 +87,11 @@ parser.add_argument('--sbomfile', '-F',
 parser.add_argument('--target', '-T',
                     help='Target to scan, either path name for sources or docker image tag',
                     required=False)
+parser.add_argument('--verbose', '-v',
+                    help='A lot of debug output',
+                    required=False,
+                    action='store_true',
+                    default=False)
 args = parser.parse_args()
 projectName = args.name
 projectVersion = args.version
@@ -98,6 +105,8 @@ if uploadSbomFlag:
 else:
     target = args.target
 
+VERBOSE = args.verbose
+
 
 # ---- main starts here --------------------------------------------------------------------------------------------------