From c6284efe34498ed282d3ced11d700420c8314383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= Date: Wed, 30 Oct 2024 15:31:13 -0400 Subject: [PATCH 1/3] rl scanning scripts --- .gitignore | 3 +- package.json | 1 + .../bindings/npm/linux-arm64-gnu/package.json | 3 +- .../npm/linux-arm64-musl/package.json | 3 +- .../bindings/npm/linux-x64-gnu/package.json | 3 +- .../bindings/npm/linux-x64-musl/package.json | 3 +- packages/bindings/package.json | 1 + packages/dependencies/package.json | 1 + packages/histogram/package.json | 3 +- packages/instrumentations/package.json | 3 +- packages/module/package.json | 3 +- packages/proto/package.json | 3 +- packages/sampling/package.json | 1 + packages/solarwinds-apm/package.json | 1 + scripts/lambda.js | 8 +- scripts/scan.js | 111 ++++++++++++++++++ turbo.json | 5 + 17 files changed, 143 insertions(+), 13 deletions(-) create mode 100644 scripts/scan.js diff --git a/.gitignore b/.gitignore index caaf586e..af06124c 100644 --- a/.gitignore +++ b/.gitignore @@ -8,7 +8,8 @@ node_modules/ .turbo/ # Package archives -package.tgz +*.tgz +scan/ # Common build outputs *.tsbuildinfo diff --git a/package.json b/package.json index d97baf54..5554a65c 100644 --- a/package.json +++ b/package.json @@ -19,6 +19,7 @@ "lint": "prettier --check *.json *.md .github && turbo run lint --continue", "lint:fix": "prettier --write *.json *.md .github && turbo run lint:fix --continue", "publish": "turbo run build && turbo run release", + "scan": "turbo run scan && node scripts/lambda.js solarwinds-apm && node scripts/scan.js", "test": "turbo run test --continue", "test:watch": "turbo watch test", "version:latest": "node scripts/version.js", diff --git a/packages/bindings/npm/linux-arm64-gnu/package.json b/packages/bindings/npm/linux-arm64-gnu/package.json index 23d9b794..799883dc 100644 --- a/packages/bindings/npm/linux-arm64-gnu/package.json +++ b/packages/bindings/npm/linux-arm64-gnu/package.json @@ -8,7 +8,8 @@ "directory": "packages/bindings/npm/linux-arm64-gnu" }, "scripts": { - "release": "node ../../../../scripts/publish.js" + "release": "node ../../../../scripts/publish.js", + "scan": "node ../../../../scripts/scan.js" }, "os": [ "linux" diff --git a/packages/bindings/npm/linux-arm64-musl/package.json b/packages/bindings/npm/linux-arm64-musl/package.json index 51ae15e2..c4ac7d00 100644 --- a/packages/bindings/npm/linux-arm64-musl/package.json +++ b/packages/bindings/npm/linux-arm64-musl/package.json @@ -8,7 +8,8 @@ "directory": "packages/bindings/npm/linux-arm64-musl" }, "scripts": { - "release": "node ../../../../scripts/publish.js" + "release": "node ../../../../scripts/publish.js", + "scan": "node ../../../../scripts/scan.js" }, "os": [ "linux" diff --git a/packages/bindings/npm/linux-x64-gnu/package.json b/packages/bindings/npm/linux-x64-gnu/package.json index c4eafe79..c6823a5e 100644 --- a/packages/bindings/npm/linux-x64-gnu/package.json +++ b/packages/bindings/npm/linux-x64-gnu/package.json @@ -8,7 +8,8 @@ "directory": "packages/bindings/npm/linux-x64-gnu" }, "scripts": { - "release": "node ../../../../scripts/publish.js" + "release": "node ../../../../scripts/publish.js", + "scan": "node ../../../../scripts/scan.js" }, "os": [ "linux" diff --git a/packages/bindings/npm/linux-x64-musl/package.json b/packages/bindings/npm/linux-x64-musl/package.json index 06f62676..1545382d 100644 --- a/packages/bindings/npm/linux-x64-musl/package.json +++ b/packages/bindings/npm/linux-x64-musl/package.json @@ -8,7 +8,8 @@ "directory": "packages/bindings/npm/linux-x64-musl" }, "scripts": { - "release": "node ../../../../scripts/publish.js" + "release": "node ../../../../scripts/publish.js", + "scan": "node ../../../../scripts/scan.js" }, "os": [ "linux" diff --git a/packages/bindings/package.json b/packages/bindings/package.json index 6caee0ca..a8492430 100644 --- a/packages/bindings/package.json +++ b/packages/bindings/package.json @@ -35,6 +35,7 @@ "lint": "prettier --check . && eslint . --max-warnings=0 && clang-format src/*.hh src/*/* -n --Werror", "lint:fix": "eslint --fix . && prettier --write . && clang-format src/*.hh src/*/* -i --Werror", "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js", "test": "swtest", "oboe": "node oboe.js" }, diff --git a/packages/dependencies/package.json b/packages/dependencies/package.json index d2285f91..9ac26daa 100644 --- a/packages/dependencies/package.json +++ b/packages/dependencies/package.json @@ -32,6 +32,7 @@ "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js", "test": "swtest -p test/tsconfig.json -c src" }, "dependencies": { diff --git a/packages/histogram/package.json b/packages/histogram/package.json index ef4816ae..6baf270d 100644 --- a/packages/histogram/package.json +++ b/packages/histogram/package.json @@ -31,7 +31,8 @@ "build": "tsc", "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", - "release": "node ../../scripts/publish.js" + "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js" }, "devDependencies": { "@opentelemetry/api": "^1.3.0", diff --git a/packages/instrumentations/package.json b/packages/instrumentations/package.json index 4e8b4793..d2c8959e 100644 --- a/packages/instrumentations/package.json +++ b/packages/instrumentations/package.json @@ -31,7 +31,8 @@ "build": "tsc && node ./dist/compatibility.js", "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", - "release": "node ../../scripts/publish.js" + "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js" }, "dependencies": { "@opentelemetry/instrumentation": "~0.54.0", diff --git a/packages/module/package.json b/packages/module/package.json index 7f6eef58..b8d76c27 100644 --- a/packages/module/package.json +++ b/packages/module/package.json @@ -32,7 +32,8 @@ "build": "tsc", "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", - "release": "node ../../scripts/publish.js" + "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js" }, "devDependencies": { "@solarwinds-apm/eslint-config": "workspace:^", diff --git a/packages/proto/package.json b/packages/proto/package.json index b7530d56..6dcf1d19 100644 --- a/packages/proto/package.json +++ b/packages/proto/package.json @@ -31,7 +31,8 @@ "build": "node build.js", "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", - "release": "node ../../scripts/publish.js" + "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js" }, "dependencies": { "protobufjs": "^7.4.0" diff --git a/packages/sampling/package.json b/packages/sampling/package.json index fa1a46ce..51c11547 100644 --- a/packages/sampling/package.json +++ b/packages/sampling/package.json @@ -32,6 +32,7 @@ "lint": "prettier --check . && eslint . --max-warnings=0", "lint:fix": "eslint --fix . && prettier --write .", "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js", "test": "swtest -p test/tsconfig.json -c src" }, "dependencies": { diff --git a/packages/solarwinds-apm/package.json b/packages/solarwinds-apm/package.json index 250143a7..012f25dc 100644 --- a/packages/solarwinds-apm/package.json +++ b/packages/solarwinds-apm/package.json @@ -52,6 +52,7 @@ "lint": "node build.js && prettier --check . && eslint . --max-warnings=0", "lint:fix": "node build.js && eslint --fix . && prettier --write .", "release": "node ../../scripts/publish.js", + "scan": "node ../../scripts/scan.js", "test": "swtest -p test/tsconfig.json -c src" }, "dependencies": { diff --git a/scripts/lambda.js b/scripts/lambda.js index 8ec03b01..8e31ea5a 100644 --- a/scripts/lambda.js +++ b/scripts/lambda.js @@ -27,10 +27,10 @@ const { argv } = require("node:process") const archiver = require("archiver") const ora = require("ora") -const [name, version] = argv.slice(2) -const apiVersion = JSON.parse( - readFileSync("packages/solarwinds-apm/package.json"), -).peerDependencies["@opentelemetry/api"] +const json = JSON.parse(readFileSync("packages/solarwinds-apm/package.json")) + +const [name, version = json.version] = argv.slice(2) +const apiVersion = json.peerDependencies["@opentelemetry/api"] const rm = (...args) => { try { diff --git a/scripts/scan.js b/scripts/scan.js new file mode 100644 index 00000000..bd742d0c --- /dev/null +++ b/scripts/scan.js @@ -0,0 +1,111 @@ +/* +Copyright 2023-2024 SolarWinds Worldwide, LLC. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +const { execSync } = require("node:child_process") +const { + mkdirSync, + readFileSync, + readdirSync, + createWriteStream, +} = require("node:fs") +const { userInfo } = require("node:os") +const path = require("node:path") + +const archiver = require("archiver") +const ora = require("ora") + +const root = path.dirname(__dirname) +const dir = path.join(root, "scan") +mkdirSync(dir, { recursive: true }) + +if (process.cwd() === root) { + // We're running in the project root which means we can pack and submit + const user = userInfo() + const { version } = JSON.parse( + readFileSync("packages/solarwinds-apm/package.json", { + encoding: "utf-8", + }), + ) + + const spinner = ora("zipping packages") + + const archive = archiver("zip", { zlib: { level: 9 } }) + archive + .on("error", (err) => { + spinner.fail(err.message) + throw err + }) + .on("warning", (warn) => { + spinner.fail(warn.message) + throw warn + }) + .on("entry", (e) => { + spinner.text = e.name + spinner.render() + }) + + const out = createWriteStream(path.join(dir, "solarwinds-apm.zip")) + out.on("error", (err) => { + spinner.fail(err.message) + throw err + }) + + archive.pipe(out) + for (const file of readdirSync(dir)) { + if (file === "solarwinds-apm.zip") { + continue + } + + // Add every package tarball + archive.file(path.join(dir, file), { + name: `solarwinds-apm/${version}/${file}`, + }) + } + // Add the lambda layer + archive.file(path.join(root, "lambda", "layer.zip"), { + name: `solarwinds-apm/${version}/lambda.zip`, + }) + + const command = [ + "docker run --rm", + `-u ${user.uid}:${user.gid}`, + `-v ${dir}:/packages`, + `-e RLPORTAL_ACCESS_TOKEN=${process.env.RLPORTAL_ACCESS_TOKEN}`, + "reversinglabs/rl-scanner-cloud rl-scan", + "--rl-portal-server solarwinds", + "--rl-portal-org SolarWinds", + "--rl-portal-group SaaS-Agents-SWO", + `--purl apm-js/solarwinds-apm@${version}`, + `--file-path /packages/solarwinds-apm.zip`, + "--submit-only", + "--replace", + ] + archive.finalize().then(() => { + spinner.succeed("zipped") + // Submit everything once it's zipped + execSync(command.join(" "), { stdio: "inherit" }) + }) +} else { + // We're running in a package directory, download our tarball from npm + const { name, version } = JSON.parse( + readFileSync("package.json", { + encoding: "utf-8", + }), + ) + execSync(`npm pack ${name}@${version} --pack-destination ${dir}`, { + stdio: "inherit", + }) +} diff --git a/turbo.json b/turbo.json index 36cbb5d9..d7a117ba 100644 --- a/turbo.json +++ b/turbo.json @@ -26,6 +26,11 @@ "release": { "dependsOn": ["^release"] }, + "scan": { + "dependsOn": [], + "inputs": ["package.json"], + "outputs": ["*.tgz"] + }, "start": { "dependsOn": ["build"] }, From 316f670ba45ea85534263142c09e89ac89ca8dfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= Date: Wed, 30 Oct 2024 15:38:06 -0400 Subject: [PATCH 2/3] rl scanning gh workflow --- .github/workflows/release.yml | 5 +++++ .github/workflows/scan.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 .github/workflows/scan.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7807aa31..acd611cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -38,6 +38,11 @@ jobs: version: ${{ needs.publish.outputs.version }} secrets: inherit + scan: + needs: publish + uses: ./.github/workflows/scan.yml + secrets: inherit + draft: needs: - publish diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 00000000..421e03f1 --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,27 @@ +name: Scan packages +on: + workflow_dispatch: + workflow_call: + secrets: + RLPORTAL_ACCESS_TOKEN: + required: true + +jobs: + scan: + runs-on: ubuntu-latest + env: + RLPORTAL_ACCESS_TOKEN: ${{ secrets.RLPORTAL_ACCESS_TOKEN }} + YARN_ENABLE_IMMUTABLE_INSTALLS: false + + steps: + - uses: actions/checkout@v4 + with: + lfs: true + submodules: true + - uses: actions/setup-node@v4 + with: + node-version: 20 + - run: corepack enable + + - run: yarn install + - run: yarn scan From 190ff05c39db31d5e74842163d3eb9441fdf8c3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= Date: Wed, 30 Oct 2024 15:38:37 -0400 Subject: [PATCH 3/3] mark version bumps --- .yarn/versions/b3544001.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .yarn/versions/b3544001.yml diff --git a/.yarn/versions/b3544001.yml b/.yarn/versions/b3544001.yml new file mode 100644 index 00000000..71cfbcc6 --- /dev/null +++ b/.yarn/versions/b3544001.yml @@ -0,0 +1,9 @@ +declined: + - "@solarwinds-apm/bindings" + - "@solarwinds-apm/dependencies" + - "@solarwinds-apm/histogram" + - "@solarwinds-apm/instrumentations" + - "@solarwinds-apm/module" + - "@solarwinds-apm/proto" + - "@solarwinds-apm/sampling" + - solarwinds-apm