feat: added git-path

Signed-off-by: Christian Kotzbauer <[email protected]>

README.md

@@ -43,6 +43,7 @@ All parameters are cli-flags.
 | `git-workingtree` | `false` | `/work` | Directory to place the git-repo. |
 | `git-repository` | `true` | `""` | Git-Repository-URL (HTTPS). |
 | `git-branch` | `false` | `main` | Git-Branch to checkout. |
+| `git-path` | `false` | `""` | Folder-Path inside the Git-Repository. |
 | `git-access-token` | `true` | `""` | Git-Personal-Access-Token with write-permissions. |
 | `git-author-name` | `true` | `""` | Author name to use for Git-Commits. |
 | `git-author-email` | `true` | `""` | Author email to use for Git-Commits. |

deploy/deployment.yaml

@@ -24,10 +24,12 @@ spec:
                 name: "sbom-git-operator"
                 key: "accessToken"
         args:
+          # example values
           - --cron="0 6 * * * *"
           - [email protected]
           - --git-author-name=mybotuser
           - --git-repository=https://github.com/myorg/my-sbom-repo
+          - --git-path=dev-cluster/sboms
           - --pod-label-selector=sbom-operator\=true
         ports:
         - containerPort: 8080
@@ -38,7 +40,7 @@ spec:
             drop:
             - ALL
           privileged: false
-          readOnlyRootFilesystem: false
+          readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 101
         volumeMounts:

internal/daemon/daemon.go

@@ -3,6 +3,7 @@ package daemon
 import (
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 	"time"
 
@@ -44,6 +45,8 @@ func (c *CronService) printNextExecution() {
 func (c *CronService) runBackgroundService() {
 	logrus.Info("Execute background-service")
 	workingTree := viper.GetString("git-workingtree")
+	gitPath := viper.GetString("git-path")
+	workPath := path.Join(workingTree, gitPath)
 
 	gitAccount := git.New(viper.GetString("git-access-token"), viper.GetString("git-author-name"), viper.GetString("git-author-email"))
 	gitAccount.PrepareRepository(viper.GetString("git-repository"), workingTree, viper.GetString("git-branch"))
@@ -60,7 +63,7 @@ func (c *CronService) runBackgroundService() {
 		digests := client.GetContainerDigests(pods)
 
 		for _, d := range digests {
-			sbomPath := syft.ExecuteSyft(d, workingTree)
+			sbomPath := syft.ExecuteSyft(d, workingTree, gitPath)
 			processedSbomFiles = append(processedSbomFiles, sbomPath)
 		}
 
@@ -69,7 +72,7 @@ func (c *CronService) runBackgroundService() {
 
 	logrus.Debug("Start to remove old SBOMs")
 	ignoreDirs := []string{".git"}
-	err := filepath.Walk(workingTree, deleteObsoleteFiles(workingTree, ignoreDirs, processedSbomFiles, gitAccount))
+	err := filepath.Walk(workPath, deleteObsoleteFiles(workingTree, ignoreDirs, processedSbomFiles, gitAccount))
 	if err != nil {
 		logrus.WithError(err).Error("Could not cleanup old SBOMs")
 	} else {
@@ -79,15 +82,15 @@ func (c *CronService) runBackgroundService() {
 	c.printNextExecution()
 }
 
-func deleteObsoleteFiles(workingTree string, ignoreDirs, processedSbomFiles []string, gitAccount git.GitAccount) filepath.WalkFunc {
-	return func(path string, info os.FileInfo, err error) error {
+func deleteObsoleteFiles(workPath string, ignoreDirs, processedSbomFiles []string, gitAccount git.GitAccount) filepath.WalkFunc {
+	return func(p string, info os.FileInfo, err error) error {
 		if err != nil {
-			logrus.WithError(err).Errorf("An error occurred while processing %s", path)
+			logrus.WithError(err).Errorf("An error occurred while processing %s", p)
 			return nil
 		}
 
 		if info.IsDir() {
-			dir := filepath.Base(path)
+			dir := filepath.Base(p)
 			for _, d := range ignoreDirs {
 				if d == dir {
 					return filepath.SkipDir
@@ -98,19 +101,19 @@ func deleteObsoleteFiles(workingTree string, ignoreDirs, processedSbomFiles []st
 		if info.Name() == "sbom.json" {
 			found := false
 			for _, f := range processedSbomFiles {
-				if f == path {
+				if f == p {
 					found = true
 					break
 				}
 			}
 
 			if !found {
-				rel, _ := filepath.Rel(workingTree, path)
-				gitAccount.RemoveFile(workingTree, rel)
+				rel, _ := filepath.Rel(workPath, p)
+				gitAccount.RemoveFile(workPath, rel)
 				if err != nil {
-					logrus.WithError(err).Errorf("File could not be deleted %s", path)
+					logrus.WithError(err).Errorf("File could not be deleted %s", p)
 				} else {
-					logrus.Debugf("Deleted old SBOM: %s", path)
+					logrus.Debugf("Deleted old SBOM: %s", p)
 				}
 			}
 		}

internal/syft/syft.go

@@ -5,6 +5,7 @@ import (
 	"math/rand"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"strings"
 
@@ -13,9 +14,9 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func ExecuteSyft(img kubernetes.ImageDigest, gitWorkingTree string) string {
+func ExecuteSyft(img kubernetes.ImageDigest, gitWorkingTree, gitPath string) string {
 	name := strings.ReplaceAll(img.Digest, "@", "/")
-	name = strings.ReplaceAll(gitWorkingTree+"/"+name+"/sbom.json", ":", "_")
+	name = strings.ReplaceAll(path.Join(gitWorkingTree, gitPath, name, "sbom.json"), ":", "_")
 
 	if pathExists(name) {
 		logrus.Debugf("Skip image %s", img.Digest)

main.go

@@ -48,6 +48,7 @@ func init() {
 	rootCmd.PersistentFlags().String("git-workingtree", "/work", "Directory to place the git-repo.")
 	rootCmd.PersistentFlags().String("git-repository", "", "Git-Repository-URL (HTTPS).")
 	rootCmd.PersistentFlags().String("git-branch", "main", "Git-Branch to checkout.")
+	rootCmd.PersistentFlags().String("git-path", "", "Folder-Path inside the Git-Repository.")
 	rootCmd.PersistentFlags().String("git-access-token", "", "Git-Access-Token.")
 	rootCmd.PersistentFlags().String("git-author-name", "", "Author name to use for Git-Commits.")
 	rootCmd.PersistentFlags().String("git-author-email", "", "Author email to use for Git-Commits.")
@@ -69,8 +70,8 @@ func printVersion() {
 }
 
 func health(w http.ResponseWriter, req *http.Request) {
-	fmt.Fprint(w, "Running!")
 	w.WriteHeader(200)
+	fmt.Fprint(w, "Running!")
 }
 
 func main() {