add deploy stage

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 stages:
   - generate-api-clients
   - build
+  - deploy
 
 variables:
   REGISTRY: devnexus.krohne.com:18079/repository/docker-krohne
@@ -68,7 +69,7 @@ generate-defectdojo-api:
         -o defectdojo-client \
         --package-name defectdojo_api 
 
-dockerize:
+.dockerize:
   stage: build
   image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
   tags:
@@ -83,44 +84,77 @@ dockerize:
                    --tag $IMAGE_NAME:latest 
                    --tag $IMAGE_NAME:$CI_COMMIT_SHA
                    --tag $IMAGE_NAME:$CI_COMMIT_TAG
+                   -f $DOCKERFILE 
                    .
     - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
     - docker push $IMAGE_NAME:latest
     - docker push $IMAGE_NAME:$CI_COMMIT_SHA
     - docker push $IMAGE_NAME:$CI_COMMIT_TAG
 
-build-windows-binary:
+dockerize-cli:
-  stage: build
+  extends: .dockerize
-  tags:
+  variables:
-    - windows
+    DOCKERFILE: Dockerfile-cli
-    - pwsh
+
-    - python3.13
+dockerize-server:
-  rules:
+  extends: .dockerize
-    - if: '$CI_COMMIT_TAG'
+  variables:
-  artifacts:
+    DOCKERFILE: Dockerfile-server
-    paths:
+
-      - sbom-dt-dd.exe
+.deploy:
+  stage: deploy
+  image: wollud1969/docker-bash:latest
+  image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
+  variables:
+    GIT_STRATEGY: none
+    SERVICE: sbom-dd-dt-integrator
+  dependencies:
+    - dockerize
   script:
+    - VERSION=$CI_COMMIT_SHA
+    - CONTAINER_NAME=$SERVICE"-"$INSTANCE_SPECIFIER
+    - SERVICE_VOLUME=$SERVICE"-"$INSTANCE_SPECIFIER"-data"
+    - docker volume inspect $SERVICE_VOLUME || docker volume create $SERVICE_VOLUME
+    - docker stop $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay"
+    - docker rm $CONTAINER_NAME || echo "$CONTAINER_NAME not running, anyway okay"
+    - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
+    - docker pull $IMAGE_NAME:$VERSION
     - |
-      cd src
+      cat - > /start-scripts/${CONTAINER_NAME}.sh << EOT
-      mv ..\dependencytrack-client .
+        docker run \
-      mv ..\defectdojo-client .
+          -d \
-      & 'C:\Program Files\Python313\python.exe' -m venv venv
+          --restart always
-      .\venv\Scripts\pip.exe install --upgrade pip
+          --name $CONTAINER_NAME \
-      .\venv\Scripts\pip.exe install -r requirements.txt
+          -e DTRACK_API_URL=$DTRACK_API_URL \
-      .\venv\Scripts\pip.exe install -r dependencytrack-client\requirements.txt
+          -e DTRACK_TOKEN=$DTRACK_TOKEN \
-      .\venv\Scripts\pip.exe install -r defectdojo-client\requirements.txt
+          -e DEFECTDOJO_URL=$DEFECTDOJO_URL \
-      .\venv\Scripts\pip.exe install pyinstaller
+          -e DEFECTDOJO_TOKEN=$DEFECTDOJO_TOKEN \
-      .\venv\Scripts\pyinstaller.exe --onefile `
+          $IMAGE_NAME:$VERSION
-        --add-data "dependencytrack-client;dependencytrack-client" `
+      EOT
-        --add-data "defectdojo-client;defectdojo-client" `
+    - chmod 755 /start-scripts/${CONTAINER_NAME}.sh
-        --hidden-import pydantic `
+    - /start-scripts/${CONTAINER_NAME}.sh
-        --hidden-import dateutil.parser `
-        --hidden-import urllib3 `
-        --hidden-import regex `
-        --collect-data cyclonedx `
-        --collect-data license_experssion `
-        sbom-dt-dd.py
-      mv dist\sbom-dt-dd.exe ..
 
+deploy-test:
+  extends: .deploy
+  only:
+    refs:
+      - master
+  tags:
+    -  test-deployment-de01rdtst01
+  variables:
+    INSTANCE_SPECIFIER: test
+  environment:
+    name: test
+
+deploy-dev:
+  extends: .deploy
+  only:
+    refs:
+      - production_deployment
+  tags:
+    - for-common-services-prod-deployment-only
+  variables:
+    INSTANCE_SPECIFIER: prod
+  environment:
+    name: prod
 

Dockerfile-cli

@@ -34,7 +34,7 @@ COPY src/requirements.txt .
 COPY src/sbom_dt_dd.py .
 COPY src/sbom_dt_dd_cli.py .
 COPY src/converter.py .
-COPY src/entrypoint.sh .
+COPY src/entrypoint-cli.sh .
 COPY dependencytrack-client/ ./dependencytrack-client
 COPY defectdojo-client/ ./defectdojo-client
 
@@ -45,7 +45,7 @@ RUN \
   pip install -r dependencytrack-client/requirements.txt &&\
   pip install -r defectdojo-client/requirements.txt
 
-ENTRYPOINT [ "./entrypoint.sh" ] 
+ENTRYPOINT [ "./entrypoint-cli.sh" ] 
 
 
 

Dockerfile-server

@@ -0,0 +1,52 @@
+FROM python:3.12.10-alpine3.22
+
+ENV DTRACK_API_URL=""
+ENV DTRACK_TOKEN=""
+ENV DEFECTDOJO_URL=""
+ENV DEFECTDOJO_TOKEN=""
+
+ARG APP_DIR=/opt/app
+ARG ADDITIONAL_CA_URL="x"
+ARG ADDITIONAL_CA_CHECKSUM="y"
+
+RUN \
+  set -e &&\
+  adduser -s /bin/sh -D user &&\
+  mkdir -p $APP_DIR &&\
+  chown user:user $APP_DIR &&\
+  echo $ADDITIONAL_CA_URL &&\
+  echo $ADDITIONAL_CA_CHECKSUM &&\
+  if [ "$ADDITIONAL_CA_URL" != "x" ]; then \
+    cd /usr/local/share/ca-certificates; \
+    wget --no-check-certificate -O custom-ca.crt $ADDITIONAL_CA_URL; \
+    echo "$ADDITIONAL_CA_CHECKSUM  custom-ca.crt" | md5sum -c; \
+    /usr/sbin/update-ca-certificates; \
+    echo "custom ca added"; \
+  else \
+    echo "no additional ca"; \
+  fi 
+
+USER user
+WORKDIR $APP_DIR
+
+COPY src/requirements.txt .
+COPY src/sbom_dt_dd.py .
+COPY src/sbom_dt_dd_api.py .
+COPY src/converter.py .
+COPY src/entrypoint-server.sh .
+COPY dependencytrack-client/ ./dependencytrack-client
+COPY defectdojo-client/ ./defectdojo-client
+
+RUN \
+  python -m venv .venv &&\
+  . ./.venv/bin/activate &&\
+  pip install -r requirements.txt &&\
+  pip install -r dependencytrack-client/requirements.txt &&\
+  pip install -r defectdojo-client/requirements.txt
+
+EXPOSE 8000
+
+ENTRYPOINT [ "./entrypoint-server.sh" ] 
+
+
+

src/entrypoint-server.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+source /opt/app/.venv/bin/activate
+
+PYTHONPATH="$PYTHONPATH:/opt/app/dependencytrack-client"
+PYTHONPATH="$PYTHONPATH:/opt/app/defectdojo-client"
+export PYTHONPATH
+
+gunicorn sbom_dt_dd_api:app -k uvicorn.workers.UvicornWorker -w 4 -b 0.0.0.0:8000

src/sbom_dt_dd_api.py

@@ -1,4 +1,6 @@
 import os
+import json
+import yaml
 from loguru import logger
 from fastapi import FastAPI, UploadFile, File, Form, HTTPException
 from fastapi.responses import JSONResponse
@@ -56,17 +58,58 @@ async def uploadMinimalSBOM(
     """
     Endpoint to upload a minimal SBOM definition
     """
-    sbom = await file.read()
-
     try:
+        sbom = await file.read()
+
         logger.info("Start converting from minimal format into cyclonedx")
         (sbom, projectName, projectVersion, projectClassifier, projectDescription) = minimalSbomFormatConverter(sbom)
         logger.info("Converted")
     
         loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, sbom, reimport)
         logger.info("Done.")
+    except yaml.scanner.ScannerError as e:
+        logger.warning(f"uploadMinimalSBOM, yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
+        raise HTTPException(status_code=400, detail=f"yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
     except ApiException as e:
+        logger.warning(f"uploadMinimalSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
         raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadMinimalSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+
+    return JSONResponse(content={
+        "message": "Upload successful!"
+    })
+
+@app.post("/uploadSBOM/")
+async def uploadSBOM(
+    file: UploadFile = File(...),
+    projectName: str = Form(...),
+    projectVersion: str = Form(...),
+    projectClassifier: str = Form(...),
+    projectDescription: str = Form(...),
+    reimport: bool = Form(...)
+):
+    """
+    Endpoint to upload a CycloneDX SBOM
+    """
+    sbom = await file.read()
+
+    try:
+        sbomJson = json.loads(sbom)
+        sbom = json.dumps(sbomJson)
+
+        loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, str(sbom), reimport)
+        logger.info("Done.")
+    except json.decoder.JSONDecodeError as e:
+        logger.warning(f"uploadSBOM, JSONDecodeError: {e.msg=}")
+        raise HTTPException(status_code=400, detail=f"JSON decoding error: {e.msg=}, {e.doc=}, {e.pos=}, {e.lineno=}, {e.colno=}")
+    except ApiException as e:
+        logger.warning(f"uploadSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
+        raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
 
     return JSONResponse(content={
         "message": "Upload successful!"

src/server.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-
-./.venv/bin/gunicorn sbom_dt_dd_api:app -k uvicorn.workers.UvicornWorker -w 4 -b 0.0.0.0:8000