From d2623eb897f44be95154529761bd1e4c10aed3f1 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Thu, 25 Apr 2024 11:10:12 -0500 Subject: [PATCH 1/7] ROX-22889: Create new genesis dump (#1486) --- image/scanner/dump/genesis_manifests.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/image/scanner/dump/genesis_manifests.json b/image/scanner/dump/genesis_manifests.json index 611ccd6dc..c4a2b7240 100644 --- a/image/scanner/dump/genesis_manifests.json +++ b/image/scanner/dump/genesis_manifests.json @@ -446,6 +446,16 @@ "dumpLocationInGS": "gs://stackrox-scanner-ci-vuln-dump/genesis-20231025151131.zip", "timestamp": "2023-10-25T15:11:31.926496239Z", "uuid": "93AEC554-29EE-4E24-96D6-744092A98444" + }, + { + "dumpLocationInGS": "gs://stackrox-scanner-ci-vuln-dump/genesis-20240228002053.zip", + "timestamp": "2024-02-28T00:20:53.211664833Z", + "uuid": "c73d1bf5-49cb-48cb-b475-46702de2be73" + }, + { + "dumpLocationInGS": "gs://stackrox-scanner-ci-vuln-dump/genesis-20240424180825.zip", + "timestamp": "2024-04-24T18:08:25.500332002Z", + "uuid": "3460152f-270b-4699-b668-688822016735" } ] } From b4216769eab453fbd1a806697209d7fc5b898a0c Mon Sep 17 00:00:00 2001 From: Yi Li Date: Tue, 23 Jan 2024 14:18:17 -0600 Subject: [PATCH 2/7] Fix image scanning e2e test (#1382) --- e2etests/testcase_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index f7a07a2cc..995de85bb 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -1435,7 +1435,7 @@ var testCases = []testCase{ }, { Name: "CVE-2020-1597", - Description: "

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.

\n

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.

\n

The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

\n", + Description: "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\nA remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.\nThe update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.\n", Link: "https://nvd.nist.gov/vuln/detail/CVE-2020-1597", Metadata: map[string]interface{}{ "NVD": map[string]interface{}{ @@ -3511,7 +3511,7 @@ var testCases = []testCase{ NamespaceName: "rhel:9", Version: "1:3.0.1-23.el9_0.x86_64", VersionFormat: "rpm", - FixedBy: "1:3.0.7-16.el9_2", + FixedBy: "1:3.0.7-25.el9_3", Vulnerabilities: []apiV1.Vulnerability{ { Name: "RHSA-2022:7288", @@ -3553,7 +3553,7 @@ For more details about the security issue(s), including the impact, a CVSS score NamespaceName: "rhel:9", Version: "1:3.0.1-23.el9_0.x86_64", VersionFormat: "rpm", - FixedBy: "1:3.0.7-16.el9_2", + FixedBy: "1:3.0.7-25.el9_3", Vulnerabilities: []apiV1.Vulnerability{ { Name: "RHSA-2022:7288", From 5621c2e71911cebda6e9dd4a010462c5198d6d38 Mon Sep 17 00:00:00 2001 From: Yi Li Date: Thu, 8 Feb 2024 19:39:18 -0600 Subject: [PATCH 3/7] Fix E2E test (#1402) --- e2etests/testcase_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index 995de85bb..504940407 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -3595,6 +3595,7 @@ For more details about the security issue(s), including the impact, a CVSS score NamespaceName: "rhel:9", Version: "1.26.5-3.el9.noarch", VersionFormat: "rpm", + FixedBy: "1.26.5-3.el9_3.1", }, { AddedBy: "sha256:2412e60e610160d090f7e974a208c6ffd26b2d530361b7c9aa8967e160ac7996", @@ -3841,7 +3842,7 @@ Applications using RegexRequestMatcher with '.' in the regular expression are po FixedBy: "3.0.2-0ubuntu1.7", }, }, - FixedBy: "3.0.2-0ubuntu1.12", + FixedBy: "3.0.2-0ubuntu1.14", // This image installs the openssl pacakge in the second layer; // however, the first layer already installed libssl3 whose source package is openssl. // Therefore, we claim openssl was installed in the first layer. From 0f3a3462f16b206ae6786deef723e61208e3fb08 Mon Sep 17 00:00:00 2001 From: Ross Tannenbaum Date: Wed, 14 Feb 2024 13:01:40 -0800 Subject: [PATCH 4/7] fix(e2e): update test (#1408) --- e2etests/testcase_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index 504940407..0e5f3a6ab 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -3657,7 +3657,7 @@ For more details about the security issue(s), including the impact, a CVSS score NamespaceName: "rhel:8", VersionFormat: "rpm", Version: "6.0.6-1.el8_6.x86_64", - FixedBy: "6.0.26-1.el8_9", + FixedBy: "6.0.27-1.el8_9", Vulnerabilities: []apiV1.Vulnerability{ { Name: "RHBA-2022:5747", @@ -3696,7 +3696,7 @@ Bug Fix(es) and Enhancement(s): NamespaceName: "rhel:8", VersionFormat: "rpm", Version: "6.0.6-1.el8_6.x86_64", - FixedBy: "6.0.26-1.el8_9", + FixedBy: "6.0.27-1.el8_9", Vulnerabilities: []apiV1.Vulnerability{ { Name: "RHBA-2022:5747", From 229291e8ef1bea09313441145e3c50e07861159a Mon Sep 17 00:00:00 2001 From: Ross Tannenbaum Date: Fri, 8 Mar 2024 13:30:11 -0800 Subject: [PATCH 5/7] e2e: migrate GCR image to Quay (#1441) --- e2etests/testcase_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index 0e5f3a6ab..b73aab631 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -1009,10 +1009,10 @@ var testCases = []testCase{ }, }, { - image: "us.gcr.io/stackrox-ci/qa/apache/server:latest", - registry: "https://us.gcr.io", - username: "_json_key", - password: os.Getenv("GOOGLE_SA_CIRCLECI_SCANNER"), + image: "quay.io/rhacs-eng/qa:apache-server-scannerci", + registry: "https://quay.io", + username: os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"), + password: os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"), source: "NVD", namespace: "ubuntu:14.04", expectedFeatures: []apiV1.Feature{ From 7ae77479cd454df28997f46e0ce2bf5d7f9d2061 Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Tue, 9 Apr 2024 12:30:15 -0500 Subject: [PATCH 6/7] ROX-19862: Add manual entry for CVE-2023-32697 (#1464) --- e2etests/testcase_test.go | 44 +++++++++++++++++++ pkg/vulnloader/nvdloader/manual.go | 68 ++++++++++++++++++++++++++++++ scripts/ci/lib.sh | 31 +++++++++++--- 3 files changed, 137 insertions(+), 6 deletions(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index b73aab631..eb9058fad 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -4231,4 +4231,48 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda }, }, }, + { + image: "quay.io/rhacs-eng/qa:sqlite-jdbc-CVE-2023-32697", + registry: "https://quay.io", + username: os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"), + password: os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"), + source: "NVD", + namespace: "rhel:9", + onlyCheckSpecifiedVulns: true, + expectedFeatures: []apiV1.Feature{ + { + Name: "sqlite-jdbc", + VersionFormat: component.JavaSourceType.String(), + Version: "3.41.2.1", + Location: "sqlite-jdbc-3.41.2.1.jar", + Vulnerabilities: []apiV1.Vulnerability{ + { + Name: "CVE-2023-32697", + Description: "SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.\n", + Link: "https://nvd.nist.gov/vuln/detail/CVE-2023-32697", + Severity: "Critical", + FixedBy: "3.41.2.2", + Metadata: map[string]interface{}{ + "NVD": map[string]interface{}{ + "CVSSv2": map[string]interface{}{ + "ExploitabilityScore": 0.0, + "ImpactScore": 0.0, + "Score": 0.0, + "Vectors": "", + }, + "CVSSv3": map[string]interface{}{ + "ExploitabilityScore": 3.9, + "ImpactScore": 5.9, + "Score": 9.8, + "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + }, + }, + }, + }, + }, + FixedBy: "3.41.2.2", + AddedBy: "sha256:65801021513c110642748b4d5462a0e123f0b09077cda2844ef97b05135369a2", + }, + }, + }, } diff --git a/pkg/vulnloader/nvdloader/manual.go b/pkg/vulnloader/nvdloader/manual.go index 312af05cd..cbface2a4 100644 --- a/pkg/vulnloader/nvdloader/manual.go +++ b/pkg/vulnloader/nvdloader/manual.go @@ -1266,4 +1266,72 @@ Subsequent use of the cloned handle that does not explicitly set a source to loa ////////////////////////////////// // End HTTP/2 Rapid Reset vulns // ////////////////////////////////// + + // CVE-2023-32697 was not being detected for `org.xerial.sqlite-jdbc-3.41.2.1.jar`. + // This entry adds an additional CPE URI to enable matching. + "CVE-2023-32697": { + CVE: &schema.CVEJSON40{ + CVEDataMeta: &schema.CVEJSON40CVEDataMeta{ + ASSIGNER: "", + ID: "CVE-2023-32697", + }, + DataFormat: "", + DataType: "", + DataVersion: "", + Description: &schema.CVEJSON40Description{ + DescriptionData: []*schema.CVEJSON40LangString{ + { + Lang: "en", + Value: "SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.\n", + }, + }, + }, + Problemtype: nil, + References: nil, + }, + Configurations: &schema.NVDCVEFeedJSON10DefConfigurations{ + CVEDataVersion: "", + Nodes: []*schema.NVDCVEFeedJSON10DefNode{ + { + CPEMatch: []*schema.NVDCVEFeedJSON10DefCPEMatch{ + { + Cpe23Uri: `cpe:2.3:a:sqlite_jdbc_project:sqlite_jdbc:*:*:*:*:*:*:*:*`, + VersionEndExcluding: "3.41.2.2", + VersionStartIncluding: "3.6.14.1", + Vulnerable: true, + }, + { + Cpe23Uri: `cpe:2.3:a:xerial:sqlite-jdbc:*:*:*:*:*:*:*:*`, + VersionEndExcluding: "3.41.2.2", + VersionStartIncluding: "3.6.14.1", + Vulnerable: true, + }, + }, + Operator: "OR", + }, + }, + }, + Impact: &schema.NVDCVEFeedJSON10DefImpact{ + BaseMetricV3: &schema.NVDCVEFeedJSON10DefImpactBaseMetricV3{ + CVSSV3: &schema.CVSSV30{ + AttackComplexity: "LOW", + AttackVector: "NETWORK", + AvailabilityImpact: "HIGH", + BaseScore: 9.8, + BaseSeverity: "CRITICAL", + ConfidentialityImpact: "HIGH", + IntegrityImpact: "HIGH", + PrivilegesRequired: "NONE", + Scope: "UNCHANGED", + UserInteraction: "NONE", + VectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + Version: "3.1", + }, + ExploitabilityScore: 3.9, + ImpactScore: 5.9, + }, + }, + LastModifiedDate: "2024-04-04T00:00Z", + PublishedDate: "2023-05-23T23:15Z", + }, } diff --git a/scripts/ci/lib.sh b/scripts/ci/lib.sh index 7170e699b..84fe01689 100755 --- a/scripts/ci/lib.sh +++ b/scripts/ci/lib.sh @@ -329,6 +329,7 @@ pr_has_label() { # get_pr_details() from GitHub and display the result. Exits 1 if not run in CI in a PR context. _PR_DETAILS="" +_PR_DETAILS_CACHE_FILE="/tmp/PR_DETAILS_CACHE.json" get_pr_details() { local pull_request local org @@ -336,10 +337,16 @@ get_pr_details() { if [[ -n "${_PR_DETAILS}" ]]; then echo "${_PR_DETAILS}" - return + return 0 + fi + if [[ -e "${_PR_DETAILS_CACHE_FILE}" ]]; then + _PR_DETAILS="$(cat "${_PR_DETAILS_CACHE_FILE}")" + echo "${_PR_DETAILS}" + return 0 fi _not_a_PR() { + echo "This does not appear to be a PR context" >&2 echo '{ "msg": "this is not a PR" }' exit 1 } @@ -354,29 +361,41 @@ get_pr_details() { org=$(jq -r <<<"$CLONEREFS_OPTIONS" '.refs[0].org') repo=$(jq -r <<<"$CLONEREFS_OPTIONS" '.refs[0].repo') else - echo "Expect a JOB_SPEC or CLONEREFS_OPTIONS" + echo "Expect a JOB_SPEC or CLONEREFS_OPTIONS" >&2 exit 2 fi [[ "${pull_request}" == "null" ]] && _not_a_PR + elif is_GITHUB_ACTIONS; then + pull_request="$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")" || _not_a_PR + [[ "${pull_request}" == "null" ]] && _not_a_PR + org="${GITHUB_REPOSITORY_OWNER}" + repo="${GITHUB_REPOSITORY#*/}" else - echo "Expect OpenShift CI" + echo "Unsupported CI" >&2 exit 2 fi + local headers url pr_details + headers=() if [[ -n "${GITHUB_TOKEN:-}" ]]; then headers+=(-H "Authorization: token ${GITHUB_TOKEN}") fi url="https://api.github.com/repos/${org}/${repo}/pulls/${pull_request}" - pr_details=$(curl --retry 5 -sS "${headers[@]}" "${url}") + + if ! pr_details=$(curl --retry 5 -sS "${headers[@]}" "${url}"); then + echo "Github API error: $pr_details, exit code: $?" >&2 + exit 2 + fi + if [[ "$(jq .id <<<"$pr_details")" == "null" ]]; then # A valid PR response is expected at this point - echo "Invalid response from GitHub: $pr_details" + echo "Invalid response from GitHub: $pr_details" >&2 exit 2 fi _PR_DETAILS="$pr_details" - echo "$pr_details" + echo "$pr_details" | tee "${_PR_DETAILS_CACHE_FILE}" } GATE_JOBS_CONFIG="$SCRIPTS_ROOT/scripts/ci/gate-jobs-config.json" From 3c519b09e89170ecc12644539a94d836087e169b Mon Sep 17 00:00:00 2001 From: David Caravello <119438707+dcaravel@users.noreply.github.com> Date: Thu, 25 Apr 2024 17:30:21 -0500 Subject: [PATCH 7/7] Revert "ROX-19862: Add manual entry for CVE-2023-32697 (#1464)" This reverts commit 7ae77479cd454df28997f46e0ce2bf5d7f9d2061. --- e2etests/testcase_test.go | 44 ------------------- pkg/vulnloader/nvdloader/manual.go | 68 ------------------------------ scripts/ci/lib.sh | 31 +++----------- 3 files changed, 6 insertions(+), 137 deletions(-) diff --git a/e2etests/testcase_test.go b/e2etests/testcase_test.go index eb9058fad..b73aab631 100644 --- a/e2etests/testcase_test.go +++ b/e2etests/testcase_test.go @@ -4231,48 +4231,4 @@ All OpenShift Container Platform 4.10 users are advised to upgrade to these upda }, }, }, - { - image: "quay.io/rhacs-eng/qa:sqlite-jdbc-CVE-2023-32697", - registry: "https://quay.io", - username: os.Getenv("QUAY_RHACS_ENG_RO_USERNAME"), - password: os.Getenv("QUAY_RHACS_ENG_RO_PASSWORD"), - source: "NVD", - namespace: "rhel:9", - onlyCheckSpecifiedVulns: true, - expectedFeatures: []apiV1.Feature{ - { - Name: "sqlite-jdbc", - VersionFormat: component.JavaSourceType.String(), - Version: "3.41.2.1", - Location: "sqlite-jdbc-3.41.2.1.jar", - Vulnerabilities: []apiV1.Vulnerability{ - { - Name: "CVE-2023-32697", - Description: "SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.\n", - Link: "https://nvd.nist.gov/vuln/detail/CVE-2023-32697", - Severity: "Critical", - FixedBy: "3.41.2.2", - Metadata: map[string]interface{}{ - "NVD": map[string]interface{}{ - "CVSSv2": map[string]interface{}{ - "ExploitabilityScore": 0.0, - "ImpactScore": 0.0, - "Score": 0.0, - "Vectors": "", - }, - "CVSSv3": map[string]interface{}{ - "ExploitabilityScore": 3.9, - "ImpactScore": 5.9, - "Score": 9.8, - "Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - }, - }, - }, - }, - }, - FixedBy: "3.41.2.2", - AddedBy: "sha256:65801021513c110642748b4d5462a0e123f0b09077cda2844ef97b05135369a2", - }, - }, - }, } diff --git a/pkg/vulnloader/nvdloader/manual.go b/pkg/vulnloader/nvdloader/manual.go index cbface2a4..312af05cd 100644 --- a/pkg/vulnloader/nvdloader/manual.go +++ b/pkg/vulnloader/nvdloader/manual.go @@ -1266,72 +1266,4 @@ Subsequent use of the cloned handle that does not explicitly set a source to loa ////////////////////////////////// // End HTTP/2 Rapid Reset vulns // ////////////////////////////////// - - // CVE-2023-32697 was not being detected for `org.xerial.sqlite-jdbc-3.41.2.1.jar`. - // This entry adds an additional CPE URI to enable matching. - "CVE-2023-32697": { - CVE: &schema.CVEJSON40{ - CVEDataMeta: &schema.CVEJSON40CVEDataMeta{ - ASSIGNER: "", - ID: "CVE-2023-32697", - }, - DataFormat: "", - DataType: "", - DataVersion: "", - Description: &schema.CVEJSON40Description{ - DescriptionData: []*schema.CVEJSON40LangString{ - { - Lang: "en", - Value: "SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.\n", - }, - }, - }, - Problemtype: nil, - References: nil, - }, - Configurations: &schema.NVDCVEFeedJSON10DefConfigurations{ - CVEDataVersion: "", - Nodes: []*schema.NVDCVEFeedJSON10DefNode{ - { - CPEMatch: []*schema.NVDCVEFeedJSON10DefCPEMatch{ - { - Cpe23Uri: `cpe:2.3:a:sqlite_jdbc_project:sqlite_jdbc:*:*:*:*:*:*:*:*`, - VersionEndExcluding: "3.41.2.2", - VersionStartIncluding: "3.6.14.1", - Vulnerable: true, - }, - { - Cpe23Uri: `cpe:2.3:a:xerial:sqlite-jdbc:*:*:*:*:*:*:*:*`, - VersionEndExcluding: "3.41.2.2", - VersionStartIncluding: "3.6.14.1", - Vulnerable: true, - }, - }, - Operator: "OR", - }, - }, - }, - Impact: &schema.NVDCVEFeedJSON10DefImpact{ - BaseMetricV3: &schema.NVDCVEFeedJSON10DefImpactBaseMetricV3{ - CVSSV3: &schema.CVSSV30{ - AttackComplexity: "LOW", - AttackVector: "NETWORK", - AvailabilityImpact: "HIGH", - BaseScore: 9.8, - BaseSeverity: "CRITICAL", - ConfidentialityImpact: "HIGH", - IntegrityImpact: "HIGH", - PrivilegesRequired: "NONE", - Scope: "UNCHANGED", - UserInteraction: "NONE", - VectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - Version: "3.1", - }, - ExploitabilityScore: 3.9, - ImpactScore: 5.9, - }, - }, - LastModifiedDate: "2024-04-04T00:00Z", - PublishedDate: "2023-05-23T23:15Z", - }, } diff --git a/scripts/ci/lib.sh b/scripts/ci/lib.sh index 84fe01689..7170e699b 100755 --- a/scripts/ci/lib.sh +++ b/scripts/ci/lib.sh @@ -329,7 +329,6 @@ pr_has_label() { # get_pr_details() from GitHub and display the result. Exits 1 if not run in CI in a PR context. _PR_DETAILS="" -_PR_DETAILS_CACHE_FILE="/tmp/PR_DETAILS_CACHE.json" get_pr_details() { local pull_request local org @@ -337,16 +336,10 @@ get_pr_details() { if [[ -n "${_PR_DETAILS}" ]]; then echo "${_PR_DETAILS}" - return 0 - fi - if [[ -e "${_PR_DETAILS_CACHE_FILE}" ]]; then - _PR_DETAILS="$(cat "${_PR_DETAILS_CACHE_FILE}")" - echo "${_PR_DETAILS}" - return 0 + return fi _not_a_PR() { - echo "This does not appear to be a PR context" >&2 echo '{ "msg": "this is not a PR" }' exit 1 } @@ -361,41 +354,29 @@ get_pr_details() { org=$(jq -r <<<"$CLONEREFS_OPTIONS" '.refs[0].org') repo=$(jq -r <<<"$CLONEREFS_OPTIONS" '.refs[0].repo') else - echo "Expect a JOB_SPEC or CLONEREFS_OPTIONS" >&2 + echo "Expect a JOB_SPEC or CLONEREFS_OPTIONS" exit 2 fi [[ "${pull_request}" == "null" ]] && _not_a_PR - elif is_GITHUB_ACTIONS; then - pull_request="$(jq -r .pull_request.number "${GITHUB_EVENT_PATH}")" || _not_a_PR - [[ "${pull_request}" == "null" ]] && _not_a_PR - org="${GITHUB_REPOSITORY_OWNER}" - repo="${GITHUB_REPOSITORY#*/}" else - echo "Unsupported CI" >&2 + echo "Expect OpenShift CI" exit 2 fi - local headers url pr_details - headers=() if [[ -n "${GITHUB_TOKEN:-}" ]]; then headers+=(-H "Authorization: token ${GITHUB_TOKEN}") fi url="https://api.github.com/repos/${org}/${repo}/pulls/${pull_request}" - - if ! pr_details=$(curl --retry 5 -sS "${headers[@]}" "${url}"); then - echo "Github API error: $pr_details, exit code: $?" >&2 - exit 2 - fi - + pr_details=$(curl --retry 5 -sS "${headers[@]}" "${url}") if [[ "$(jq .id <<<"$pr_details")" == "null" ]]; then # A valid PR response is expected at this point - echo "Invalid response from GitHub: $pr_details" >&2 + echo "Invalid response from GitHub: $pr_details" exit 2 fi _PR_DETAILS="$pr_details" - echo "$pr_details" | tee "${_PR_DETAILS_CACHE_FILE}" + echo "$pr_details" } GATE_JOBS_CONFIG="$SCRIPTS_ROOT/scripts/ci/gate-jobs-config.json"