Skip to content

Commit ca43907

Browse files
jatin-jangir-0220jatin-jangir-0220
authoredMar 12, 2024··
feat: Cosign plugin (#4543)
* Create 213_cosign_plugin.up.sql * Create 213_cosign_plugin.down.sql * Update 213_cosign_plugin.up.sql * Add files via upload * Update 213_cosign_plugin.up.sql * change file number * updatedd print statement * updated migration number * Update 225_cosign_plugin.up.sql * Update and rename 225_cosign_plugin.up.sql to 226_cosign_plugin.up.sql * Rename 225_cosign_plugin.down.sql to 226_cosign_plugin.down.sql * Update description * Update 226_cosign_plugin.up.sql * compress image * compress image * compress image
·
v1.4.0v0.6.29
1 parent e308cf2 commit ca43907

File tree

3 files changed

+102
-0
lines changed

3 files changed

+102
-0
lines changed
 

‎assets/cosign-logo.png

8.98 KB
Loading

‎scripts/sql/226_cosign_plugin.down.sql

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
DELETE FROM plugin_step_variable where plugin_step_id=(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false);
2+
DELETE FROM plugin_stage_mapping where plugin_id=(SELECT id from plugin_metadata where name='Cosign v1.0.0');
3+
DELETE FROM plugin_step where plugin_id=(SELECT id FROM plugin_metadata WHERE name='Cosign v1.0.0');
4+
DELETE FROM plugin_tag_relation WHERE plugin_id=(SELECT id FROM plugin_metadata WHERE name='Cosign v1.0.0');
5+
DELETE FROM pipeline_stage_step_variable where pipeline_stage_step_id in (select id from pipeline_stage_step where name ='Cosign v1.0.0');
6+
DELETE FROM pipeline_stage_step WHERE name ='Cosign v1.0.0';
7+
DELETE FROM plugin_metadata where name='Cosign v1.0.0';

‎scripts/sql/226_cosign_plugin.up.sql

+95
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
INSERT INTO plugin_metadata (id,name,description,type,icon,deleted,created_on,created_by,updated_on,updated_by)
2+
VALUES (nextval('id_seq_plugin_metadata'),'Cosign v1.0.0','This plugin is used to Cosign to sign docker images.','PRESET','https://raw.githubusercontent.com/devtron-labs/devtron/main/assets/cosign-logo.png',false,'now()',1,'now()',1);
3+
4+
INSERT INTO plugin_stage_mapping (id,plugin_id,stage_type,created_on,created_by,updated_on,updated_by)
5+
VALUES (nextval('id_seq_plugin_stage_mapping'),(SELECT id from plugin_metadata where name='Cosign v1.0.0'), 0,'now()',1,'now()',1);
6+
7+
INSERT INTO "plugin_pipeline_script" ("id", "script","type","deleted","created_on", "created_by", "updated_on", "updated_by")
8+
VALUES (
9+
nextval('id_seq_plugin_pipeline_script'),
10+
$$#!/bin/sh
11+
set -eo pipefail
12+
13+
DOCKER_CONFIG_FILE="$HOME/.docker/config.json"
14+
15+
# Extract the first entry in .auths section
16+
DOCKER_AUTHS=$(jq -r '.auths | to_entries | .[0].value' "$DOCKER_CONFIG_FILE")
17+
18+
# Extract registry, username, and password
19+
DOCKER_REGISTRY=$(jq -r '.auths | to_entries | .[0].key' "$DOCKER_CONFIG_FILE" )
20+
DOCKER_USERNAME=$(echo "$DOCKER_AUTHS" | jq -r '.auth' | base64 -d | cut -d ":" -f1)
21+
DOCKER_PASSWORD=$(echo "$DOCKER_AUTHS" | jq -r '.auth' | base64 -d | cut -d ":" -f2)
22+
23+
# Print the extracted values
24+
echo "Registry: $DOCKER_REGISTRY"
25+
echo "Username: $DOCKER_USERNAME"
26+
echo "DOCKER_IMAGE: $DOCKER_IMAGE"
27+
28+
if [ -z "$VariableAsPrivateKey" ]; then
29+
echo "VariableAsPrivateKey is not set. VariableAsPrivateKey must be present."
30+
if [ -z "$PreCommand" ]; then
31+
echo " PreCommand must be present."
32+
if [ -z "$PrivateKeyFilePath" ]; then
33+
echo "PrivateKeyFilePath must be present."
34+
exit 1
35+
else
36+
echo "in PrivateKeyFilePath"
37+
docker run -v $PWD:$PWD -w $PWD/$WORKINGDIR --user=root -e COSIGN_PASSWORD=$CosignPassword gcr.io/projectsigstore/cosign:v2.2.2 -c sign --yes=true --key=$PrivateKeyFilePath --registry-username=$DOCKER_USERNAME --registry-password=$DOCKER_PASSWORD $DOCKER_IMAGE $ExtraArguments
38+
fi
39+
else
40+
if [ -z "$PrivateKeyFilePath" ]; then
41+
echo " PreCommand is set but PrivateKeyFilePath is not, We must define PrivateKeyFilePath ."
42+
exit 1
43+
else
44+
echo "in PreCommand"
45+
$PreCommand
46+
docker run -v $PWD:$PWD -w $PWD/$WORKINGDIR --user=root -e COSIGN_PASSWORD=$CosignPassword gcr.io/projectsigstore/cosign:v2.2.2 sign --yes=true --key=$PrivateKeyFilePath --registry-username=$DOCKER_USERNAME --registry-password=$DOCKER_PASSWORD $DOCKER_IMAGE $ExtraArguments
47+
fi
48+
fi
49+
else
50+
echo "in VariableAsPrivateKey"
51+
echo $VariableAsPrivateKey| base64 -d > cosign_ci.key
52+
docker run -v $PWD:$PWD -w $PWD/$WORKINGDIR --user=root -e COSIGN_PASSWORD=$CosignPassword gcr.io/projectsigstore/cosign:v2.2.2 sign --yes=true --key=cosign_ci.key --registry-username=$DOCKER_USERNAME --registry-password=$DOCKER_PASSWORD $DOCKER_IMAGE $ExtraArguments
53+
fi
54+
55+
$PostCommand
56+
echo "Cosign completed"$$,
57+
'SHELL',
58+
'f',
59+
'now()',
60+
1,
61+
'now()',
62+
1
63+
);
64+
65+
66+
67+
68+
69+
70+
INSERT INTO "plugin_step" ("id", "plugin_id","name","description","index","step_type","script_id","deleted", "created_on", "created_by", "updated_on", "updated_by")
71+
VALUES (nextval('id_seq_plugin_step'), (SELECT id FROM plugin_metadata WHERE name='Cosign v1.0.0'),'Step 1','Step 1 - Cosign v1.0.0','1','INLINE',(SELECT last_value FROM id_seq_plugin_pipeline_script),'f','now()', 1, 'now()', 1);
72+
73+
74+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
75+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'DOCKER_IMAGE','STRING','docker image','f','t',null,null,'INPUT','GLOBAL',null,1,null,'DOCKER_IMAGE','f','now()',1,'now()',1);
76+
77+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
78+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'CosignPassword','STRING','password for cosign private key','t','f',null,null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);
79+
80+
81+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
82+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'VariableAsPrivateKey','STRING','base64 encoded private-key (use scope variable)[highest priority]','t','t',null,null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);
83+
84+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
85+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'PreCommand','STRING','run command to get required conditions to run cosign sign command. (also required PrivateKeyFilePath)','t','t',null,null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);
86+
87+
88+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
89+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'PrivateKeyFilePath','STRING','path of key in git repo. [lowest priority]','t','t','cosign.key',null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);
90+
91+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
92+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'PostCommand','STRING','command to run after cosign sign.','t','t',null,null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);
93+
94+
INSERT INTO plugin_step_variable (id,plugin_step_id,name,format,description,is_exposed,allow_empty_value,default_value,value,variable_type,value_type,previous_step_index,variable_step_index,variable_step_index_in_plugin,reference_variable_name,deleted,created_on,created_by,updated_on,updated_by)
95+
VALUES (nextval('id_seq_plugin_step_variable'),(SELECT ps.id FROM plugin_metadata p inner JOIN plugin_step ps on ps.plugin_id=p.id WHERE p.name='Cosign v1.0.0' and ps."index"=1 and ps.deleted=false),'ExtraArguments','STRING','arguments for cosign sign command','t','t',null,null,'INPUT','NEW',null,1,null,null,'f','now()',1,'now()',1);

0 commit comments

Comments
 (0)
Please sign in to comment.