stackrox · Mar 27, 2023
diff --git a/‎.circleci/check-workflow-live.sh
-20 b/‎.circleci/check-workflow-live.sh
-20
diff --git a/‎.circleci/config.yml
-367 b/‎.circleci/config.yml
-367
diff --git a/‎.circleci/create-cluster.sh
-107 b/‎.circleci/create-cluster.sh
-107
diff --git a/‎.circleci/mirror-repository
-39 b/‎.circleci/mirror-repository
-39
diff --git a/‎.circleci/setUpJenkinsPlugin.sh
-48 b/‎.circleci/setUpJenkinsPlugin.sh
-48
diff --git a/‎.circleci/waitForJenkinService.sh
-20 b/‎.circleci/waitForJenkinService.sh
-20
diff --git a/‎.github/workflows/tests.yaml
+102-1 b/‎.github/workflows/tests.yaml
+102-1
diff --git a/‎README.md
+13-17 b/‎README.md
+13-17
diff --git a/‎functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy
+4-4 b/‎functionaltest-jenkins-plugin/src/main/groovy/RestApiClient.groovy
+4-4
diff --git a/‎functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy
+26 b/‎functionaltest-jenkins-plugin/src/main/groovy/util/Config.groovy
+26
diff --git a/‎functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy
+3-1 b/‎functionaltest-jenkins-plugin/src/test/groovy/ImageScanningTest.groovy
+3-1
diff --git a/‎jenkins/Dockerfile
+4 b/‎jenkins/Dockerfile
+4
diff --git a/‎jenkins/config.xml
+4 b/‎jenkins/config.xml
+4
diff --git a/‎jenkins/jenkins-app-deployment.yaml
-35 b/‎jenkins/jenkins-app-deployment.yaml
-35
diff --git a/‎jenkins/jenkins-service.yaml
-12 b/‎jenkins/jenkins-service.yaml
-12
@@ -2,11 +2,24 @@ name: Tests
 
 on:
   push:
+  schedule:
+  - cron:  '0 5 * * *'
 
 jobs:
-  build:
+  style:
     runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+        cache: 'gradle'
+    - name: Check style
+      run: make -C functionaltest-jenkins-plugin style
 
+  build:
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-java@v3
@@ -16,3 +29,91 @@ jobs:
         cache: 'maven'
     - name: Build with Maven
       run: cd stackrox-container-image-scanner && ./mvnw -B verify package hpi:hpi cyclonedx:makeAggregateBom
+    - uses: actions/upload-artifact@v3
+      with:
+        name: stackrox-container-image-scanner.hpi
+        path: stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi
+
+  e2e:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/checkout@v3
+      with:
+        repository: stackrox/stackrox
+        path: stackrox
+    - uses: docker/setup-buildx-action@v2
+    - uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+        cache: 'gradle'
+    - name: Install kubectl
+      run: sudo snap install kubectl --classic
+    - name: Install gcloud
+      run: |
+        sudo snap install google-cloud-cli --classic
+        echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
+        curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
+        sudo apt-get update
+        sudo apt-get install google-cloud-sdk-gke-gcloud-auth-plugin
+    - uses: actions/download-artifact@v3
+      with:
+        name: stackrox-container-image-scanner.hpi
+        path: jenkins
+    - name: Build jenkins image
+      uses: docker/build-push-action@v4
+      with:
+        tags: jenkins-test
+        context: jenkins
+        push: false
+        load: true
+    - name: Run jenkins in background
+      run: docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
+    - name: Create GKE cluster
+      id: create-cluster
+      env:
+        GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX: ${{ secrets.GCLOUD_SERVICE_ACCOUNT_OPENSHIFT_CI_ROX }}
+      run: |
+        cd stackrox
+        source "scripts/ci/gke.sh"
+        provision_gke_cluster "jenkins-plugin-e2e" 3 e2-standard-4
+        echo "CLUSTER_NAME=${CLUSTER_NAME}" >> $GITHUB_OUTPUT
+        wait_for_cluster
+    - name: Deploy Stackrox
+      id: deploy
+      env:
+        MAIN_IMAGE_TAG: latest
+        MONITORING_SUPPORT: false
+      run: |
+        cd stackrox
+        ./deploy/k8s/central.sh
+        pass=$(cat deploy/k8s/central-deploy/password)
+        echo "ROX_PASSWORD=$(cat deploy/k8s/central-deploy/password)" >> $GITHUB_OUTPUT
+    - name: Run proxy
+      env:
+        port: 8000
+      run: |
+        pid="$(lsof -n -i "tcp:${port}" | grep kubectl | awk '{print $2}' | uniq)"
+        [[ -n "${pid}" ]] || { einfo "No kubectl port-forward is running on port ${port}."; exit 0; }
+        kill "${pid}" || die "Kill failed"
+        kubectl port-forward -n 'stackrox' svc/central "8000:443"  --address='0.0.0.0' &
+    - name: Wait for API
+      run: |
+        cd stackrox
+        source "tests/e2e/lib.sh"
+        wait_for_api
+    - name: Run tests
+      env:
+        ROX_PASSWORD: ${{ steps.deploy.outputs.ROX_PASSWORD }}
+        ROX_ENDPOINT: https://localhost:8000
+        JENKINS_ROX_ENDPOINT: https://host.docker.internal:8000
+      run: make -C functionaltest-jenkins-plugin test
+    - name: Teardown GKE cluster
+      if: always() && steps.create-cluster.outputs.CLUSTER_NAME != ''
+      env:
+        CLUSTER_NAME: ${{ steps.create-cluster.outputs.CLUSTER_NAME }}
+      run: |
+        source "stackrox/scripts/ci/gke.sh"
+        teardown_gke_cluster
@@ -12,37 +12,33 @@ Please take a look at [plugin README](stackrox-container-image-scanner/README.md
 
 0. Requirements
 
-- K8s cluster to run Jenkins
-- kubectl
-- Maven
+- Podman/Docker
 - Java 8
-- curl
-- jq
 
-1. Deploy Jenkins
+1. Create HPI file
 
 ```
-kubectl create namespace jenkins
-kubectl apply -f jenkins/jenkins-app-deployment.yaml
-kubectl apply -f jenkins/jenkins-service.yaml
-nohup kubectl port-forward -n jenkins svc/jenkins 8080:8080 &
+ cd stackrox-container-image-scanner
+ ./mvnw package && ./mvnw hpi:hpi
 ```
 
-2. Create HPI file
+2. Run Jenkins with plugin installed
 
 ```
- cd stackrox-container-image-scanner
- ./mvnw package && ./mvnw hpi:hpi
+cp  stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi jenkins/
+docker build -t jenkins-test  jenkins
+docker run -d --add-host host.docker.internal:host-gateway -p 8080:8080 jenkins-test
 ```
 
-3. Install Plugin
+4. Run the E2E tests
 
 ```
-export JENKIS_CRUMB=`curl  --cookie-jar cookies.txt -s http://localhost:8080/crumbIssuer/api/json | jq .crumb -r`
-curl -b cookies.txt -i -F file=@stackrox-container-image-scanner/target/stackrox-container-image-scanner.hpi http://localhost:8080/pluginManager/uploadPlugin\?Jenkins-Crumb=$JENKIS_CRUMB
+export JENKINS_ROX_ENDPOINT='https://host.docker.internal:8000' # endpoint accessed by jenkins
+export ROX_ENDPOINT='https://localhost:8000' # endpoint accessed from local machine
+export ROX_PASSWORD=... # stackrox admin password
+make -C functionaltest-jenkins-plugin test
 ```
 
-4. Create a new job with the plugin
 5. This project uses [Lombok](https://projectlombok.org/) so you may need to [enable Annotation Processing](https://stackoverflow.com/q/9424364/1387612)
 
 ### Updating API Schema
 
@@ -10,6 +10,8 @@ import com.stackrox.model.StoragePolicy
 import com.stackrox.model.V1GenerateTokenRequest
 import com.stackrox.model.V1Metadata
 
+import util.Config
+
 @CompileStatic
 class RestApiClient {
 
@@ -18,13 +20,11 @@ class RestApiClient {
     ApiTokenServiceApi tokenApi
 
     RestApiClient() {
-        def env = System.getenv()
-
         OkHttpClient client = UnsafeOkHttpClient.getUnsafeOkHttpClient()
         ApiClient apiClient = new ApiClient(client)
-        apiClient.setBasePath("https://localhost:8000")
+        apiClient.setBasePath(Config.roxEndpoint)
         apiClient.setUsername("admin")
-        apiClient.setPassword(env['ROX_PASSWORD'])
+        apiClient.setPassword(Config.roxPassword)
 
         policyServiceApi = new PolicyServiceApi(apiClient)
         metadataApi = new MetadataServiceApi(apiClient)
 
@@ -0,0 +1,26 @@
+package util
+
+import groovy.transform.CompileStatic
+
+@CompileStatic
+class Config {
+    static String getCentralUri() {
+        return getEnv("JENKINS_ROX_ENDPOINT")
+    }
+
+    static String getRoxEndpoint() {
+        return getEnv("ROX_ENDPOINT")
+    }
+
+    static String getRoxPassword() {
+        return getEnv("ROX_PASSWORD")
+    }
+
+    static String getEnv(String name) {
+        String val = System.getenv(name)
+        if (val == null) {
+            throw new IllegalArgumentException(name + " is not specified!")
+        }
+        return val
+    }
+}
@@ -13,11 +13,13 @@ import com.stackrox.model.StorageListPolicy
 import com.stackrox.model.StoragePolicy
 import com.stackrox.model.StoragePolicyFields
 
+import util.Config
+
 import spock.lang.Unroll
 
 class ImageScanningTest extends BaseSpecification {
 
-    protected static final String CENTRAL_URI = "https://central.stackrox:443"
+    protected static final String CENTRAL_URI = Config.centralUri
 
     @Unroll
     def "image scanning test with toggle enforcement(#imageName, #policyName,  #enforcements, #endStatus)"() {
 
@@ -0,0 +1,4 @@
+FROM jenkins/jenkins:2.395-alpine
+ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false
+COPY --chown=jenkins:jenkins stackrox-container-image-scanner.hpi /var/jenkins_home/plugins/stackrox-container-image-scanner.hpi
+COPY config.xml /var/jenkins_home/
@@ -0,0 +1,4 @@
+<?xml version='1.1' encoding='UTF-8'?>
+<hudson>
+  <useSecurity>false</useSecurity>
+</hudson>