Merge pull request #12 from rocky-linux/refactor-module

.github/workflows/build.yml

@@ -0,0 +1,47 @@
+---
+name: Build container images for OVAL
+
+on:
+  push:
+    branches: [ $default-branch ]
+  pull_request:
+    branches: [ $default-branch ]
+
+jobs:
+  buildx:
+    runs-on: 
+      - ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          install: true
+
+      - name: Login to ghcr
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le
+          context: .
+          file: Containerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ghcr.io/rocky-linux/oval:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Containerfile

@@ -0,0 +1,14 @@
+FROM docker.io/rockylinux:8-minimal AS base
+
+RUN microdnf -y install python3-pip
+
+RUN python3 -m pip install --upgrade pip
+
+COPY . /workdir
+RUN python3 -m pip install /workdir
+
+# FROM docker.io/rockylinux:8-minimal
+
+# COPY 
+
+ENTRYPOINT ["oval"]

oval_control.py → oval/control.py

@@ -1,8 +1,6 @@
-import oval_transform as xfrm
-import requests as rq
-import pandas as pd
-
 """
+OVAL Control
+
 An advisory record has the following structure:
 	type                     str
 	shortCode                str
@@ -21,39 +19,44 @@
 	rpms_Rocky_Linux_8_nvras []str
 """
 
+import requests as rq
+import pandas as pd
+
+from oval import transform as xfrm
+
 # base API for gathering advisories
-baseapi = "https://apollo.build.resf.org/v2"
-basefilter = "/advisories?filters.type=TYPE_SECURITY&filters.includeRpms=true"
+BASEAPI = "https://apollo.build.resf.org/v2"
+BASEFILTER = "/advisories?filters.type=TYPE_SECURITY&filters.includeRpms=true"
 
 # used to limit the total advisories for testing
-page_limit = 2000
-per_rq_limit = 100
+PAGE_LIMIT = 2000
+PER_RQ_LIMIT = 100
+PER_RQ_TIMEOUT = 2000 # ms
 
 def ingest( rl_version ) :
     """
     ingest advisories from API as list of JSON strings
     """
 
-    alist = [ ]
-
+    alist = []
     page = 1
-    while True :
+    while True:
+        product_filter = f"&filters.product=Rocky%20Linux%20{rl_version}"
+        url = f"{BASEAPI}{BASEFILTER}{product_filter}&page={page}&limit={PER_RQ_LIMIT}"
 
-        productfilter = "&filters.product=Rocky%20Linux%20" + str( rl_version )
-        advisory_items = rq.get( baseapi + basefilter + productfilter +
-            "&page=" + str( page ) + "&limit=" + str( per_rq_limit ) ).json( )
-        if advisory_items[ 'advisories' ] == [ ] or page > page_limit :
+        advisory_items = rq.get(url, timeout=PER_RQ_TIMEOUT).json()
+
+        if not advisory_items['advisories'] or page > PAGE_LIMIT:
             break
-
-        for a in advisory_items.get( "advisories" ) :
-            advisory = rq.get( baseapi + "/advisories/" + a.get( "name" ) ).json( )
-            alist.append( advisory )
 
-        page = page + 1
+        for advisory_item in advisory_items['advisories']:
+            url = f"{BASEAPI}/advisories/{advisory_item['name']}"
+            advisory = rq.get(url, timeout=PER_RQ_TIMEOUT).json()
+            alist.append(advisory)
 
+        page += 1
     return alist
 
-
 def normalize( alist ) :
     """
     normalize list of JSON strings to dataframes
@@ -71,7 +74,6 @@ def normalize( alist ) :
 
     return advisories
 
-
 def filter( advisories ) :
     """
     filter all advisories from a dataframe other than security type