Merge branch 'opendevstack:master' into patch-1

Author: mobilutz

.devcontainer/devcontainer.json

@@ -0,0 +1,8 @@
+{
+  "image": "gradle:jdk11-focal",
+  "containerEnv": {
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/go:1": {"version": "1.15"}
+  }
+}

.github/workflows/changelog-enforcer.yml

@@ -8,7 +8,7 @@ jobs:
   changelog:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.2.1
+      - uses: actions/checkout@v4.2.2
       - uses: dangoslen/changelog-enforcer@v3
         with:
           changeLogPath: 'CHANGELOG.md'

.github/workflows/gradle.yml

@@ -7,7 +7,7 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout
-              uses: actions/checkout@v4.2.1
+              uses: actions/checkout@v4.2.2
 
             - name: check the value of github.workspace and runner.temp
               run: |

CHANGELOG.md

@@ -3,10 +3,14 @@
 ## Unreleased
 
 ### Added
+* add devcontainer setup ([#1172](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1172))
 
 ### Changed
 * Enhance SSDS Document Generation Performance using New Atlassian APIs ([#1084](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1084))
 * Deprecation of vuln-type and scanners config in Trivy ([#1150](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1150))
+* Add preserve-digests cli option to skopeo copy command in CopyImageStage ([#1166](https://github.com/opendevstack/ods-jenkins-shared-library/issues/1166))
+* Allow registry/image:tag sources in CopyImageStage instead of directly falling back to internal registry ([#1177](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1177))
+* Simplify successor management since now issue links are no longer inherited ([#1116](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1116))
 
 ### Fixed
 * Fix Tailor deployment drifts for D, Q envs ([#1055](https://github.com/opendevstack/ods-jenkins-shared-library/pull/1055))

docs/modules/jenkins-shared-library/partials/odsComponentStageCopyImage.adoc

@@ -27,6 +27,13 @@ _List<String>_
  Next to exact matches, it also supports prefixes (e.g. `feature/`) and all branches (`*`).
 
 
+| *preserveDigests* +
+_Boolean_
+|preserveDigests allows to sync the source and destination image digests
+
+ The default is false, set to true to preserve digests
+
+
 | *sourceCredential* +
 _String_
 |sourceCredential is the token to use, if any, to access the source registry

src/org/ods/component/CopyImageOptions.groovy

@@ -29,6 +29,13 @@ class CopyImageOptions extends Options {
      */
     Boolean verifyTLS
 
+    /**
+     * preserveDigests allows to sync the source and destination image digests
+     *
+     * The default is false, set to true to preserve digests
+     */
+    Boolean preserveDigests
+
     @SuppressWarnings('UnusedPrivateField')
     private String registry
     @SuppressWarnings('UnusedPrivateField')

src/org/ods/component/CopyImageStage.groovy

@@ -27,6 +27,10 @@ class CopyImageStage extends Stage {
             config.verifyTLS = true
         }
 
+        if (config.preserveDigests == null) {
+            config.preserveDigests = false
+        }
+
         this.options = new CopyImageOptions(config)
         this.openShift = openShift
         this.logger = logger
@@ -52,7 +56,10 @@ class CopyImageStage extends Stage {
 
         def sourcetoken = options.sourceCredential ? "--src-creds ${options.sourceCredential}" : ''
 
-        int status = copyImage(sourcetoken, targetInternalRegistryToken, STR_DOCKER_PROTOCOL)
+        def copyparams = ""
+        if (this.options.preserveDigests) { copyparams += "--all --preserve-digests" }
+
+        int status = copyImage(sourcetoken, targetInternalRegistryToken, STR_DOCKER_PROTOCOL, copyparams)
         if (status != 0) {
             script.error("Could not copy `${this.options.sourceImageUrlIncludingRegistry}', status ${status}")
         }
@@ -83,11 +90,15 @@ class CopyImageStage extends Stage {
         }
     }
 
-    private int copyImage(sourcetoken, targetInternalRegistryToken, String dockerProtocol) {
+    private int copyImage(sourcetoken, targetInternalRegistryToken, String dockerProtocol, String copyparams) {
+        def registryPath = this.options.repo ? \
+           "${this.options.registry}/${this.options.repo}/${this.options.image}" : \
+           "${this.options.registry}/${this.options.image}"
         int status = steps.sh(
             script: """
-                skopeo copy --src-tls-verify=${this.options.verifyTLS} ${sourcetoken} \
-                ${this.options.registry}/${this.options.repo}/${this.options.image} \
+                skopeo copy ${copyparams} \
+                --src-tls-verify=${this.options.verifyTLS} ${sourcetoken} \
+                ${registryPath} \
                 --dest-creds openshift:${targetInternalRegistryToken} \
                 ${dockerProtocol}${context.clusterRegistryAddress}/${context.cdProject}/${this.options.image} \
                 --dest-tls-verify=${this.options.verifyTLS}
@@ -99,9 +110,12 @@ class CopyImageStage extends Stage {
     }
 
     protected String stageLabel() {
+        def registryPath = this.options.repo ? \
+            "${this.options.registry}/${this.options.repo}/${this.options.image}" : \
+            "${this.options.registry}/${this.options.image}"
         return "${STAGE_NAME} " +
             "(${context.componentId}) " +
-            "${this.options.registry}/${this.options.repo}/${this.options.image}'"
+            "${registryPath}'"
     }
 
 }

src/org/ods/orchestration/util/Project.groovy

@@ -1301,6 +1301,8 @@ class Project {
             logger.info("loadJiraData: Found a predecessor project version with ID '${previousVersionId}'. Loading its data.")
             def savedDataFromOldVersion = this.loadSavedJiraData(previousVersionId)
             def mergedData = this.mergeJiraData(savedDataFromOldVersion, newData)
+            mergedData = this.overrideDeltaDocgenDataLinks(mergedData, newData)
+            mergedData = this.removeObsoleteIssuesFromComponents(mergedData)
             result << this.addKeyAndVersionToComponentsWithout(mergedData)
             result.previousVersion = previousVersionId
         } else {
@@ -1349,6 +1351,75 @@ class Project {
         }
     }
 
+    /**
+     * It uses the data from the deltadocgen of the latest version as a source of truth in terms of links.
+     * If an issue appears in the deltadocgen report, we use all its data adding the expanded predecessors.
+     * If an issue appears as a link in the old data but in the deltadocgen report doesn't show the same link in the other
+     * direction, then we remove that link.
+     *
+     * @param mergedData resulting data of merging last release json report and deltadocgen
+     * @param deltaDocgenData result of deltadocgen endpoint for the latest version
+     * @return the merged data with the proper links
+     */
+    protected Map overrideDeltaDocgenDataLinks(Map<String,Map> mergedData, Map<String,Map> deltaDocgenData) {
+        mergedData.findAll { JiraDataItem.REGULAR_ISSUE_TYPES.contains(it.key) }.each { issueType, issues ->
+            issues.values().each { Map issueToUpdate ->
+                if(deltaDocgenData[issueType] && deltaDocgenData[issueType][issueToUpdate.key]) {
+                    def resultData = deltaDocgenData[issueType][issueToUpdate.key]
+                    resultData << [expandedPredecessors: mergedData[issueType][issueToUpdate.key]['expandedPredecessors']]
+                    mergedData[issueType][issueToUpdate.key] = resultData
+                } else {
+                    mergedData[issueType][issueToUpdate.key].findAll { JiraDataItem.REGULAR_ISSUE_TYPES.contains(it.key) }.each { relatedIssueType, relatedIssues ->
+                        def relatedIssuesToRemove = findRelatedIssuesToRemove(relatedIssues, deltaDocgenData, relatedIssueType, issueType, issueToUpdate)
+                        mergedData[issueType][issueToUpdate.key][relatedIssueType].removeAll { relatedIssuesToRemove.contains(it) }
+                    }
+                }
+            }
+        }
+        return mergedData
+    }
+
+    /**
+     * The method checks each issue in the 'relatedIssues' list against the related issues in the 'deltaDocgenData'.
+     * If the issueToUpdate key does not appear in the deltaDocgenData as a related issue but the deltaDocGen has some
+     * issues related for that issue type, the issue is added to the list of issues to be removed.
+     *
+     * @param relatedIssues A list of related issues to be examined.
+     * @param deltaDocgenData A map containing data from the deltaDocGen
+     * @param relatedIssueType The type of the related issue.
+     * @param issueType The type of the issue.
+     * @param issueToUpdate A map containing the issue to be updated.
+     *
+     * @return A list of related issues that need to be removed.
+     */
+    protected static List findRelatedIssuesToRemove(List<String> relatedIssues, Map deltaDocgenData, String relatedIssueType, String issueType, Map issueToUpdate) {
+        def relatedIssuesToRemove = []
+        relatedIssues.each {
+            if (deltaDocgenData[relatedIssueType][it] && deltaDocgenData[relatedIssueType][it][issueType] && !deltaDocgenData[relatedIssueType][it][issueType].contains(issueToUpdate.key)) {
+                relatedIssuesToRemove.add(it)
+            }
+        }
+        return relatedIssuesToRemove
+    }
+
+    /**
+     * It removes any issue in the components map that does not appear under the technology map it should belong
+     *
+     * @param mergedData resulting data of merging last release json report and deltadocgen
+     * @return the merged data with the proper issues in the components map
+     */
+    protected Map removeObsoleteIssuesFromComponents(Map<String,Map> mergedData) {
+        mergedData[JiraDataItem.TYPE_COMPONENTS].collectEntries { component, componentIssues ->
+            JiraDataItem.REGULAR_ISSUE_TYPES.each { issueType ->
+                if(componentIssues[issueType]) {
+                    componentIssues[issueType].removeAll { !mergedData[issueType].keySet().contains(it) }
+                }
+            }
+            [(component): componentIssues]
+        }
+        return mergedData
+    }
+
     protected Map loadJiraDataBugs(Map tests, String versionName = null) {
         if (!this.jiraUseCase) return [:]
         if (!this.jiraUseCase.jira) return [:]

test/groovy/org/ods/orchestration/util/ProjectSpec.groovy

@@ -2319,7 +2319,6 @@ class ProjectSpec extends SpecHelper {
         def firstVersion = '1.0'
         def secondVersion = '2.0'
 
-        def cmp ={  name ->  [key: "CMP-${name}" as String, name: "Component 1"]}
         def req = {  name, String version = null ->  [key: "REQ-${name}" as String, description:name, versions:[version]] }
         def ts = {  name, String version = null ->  [key: "TS-${name}" as String, description:name, versions:[version]] }
         def rsk = {  name, String version = null ->  [key: "RSK-${name}" as String, description:name, versions:[version]] }
@@ -2345,23 +2344,23 @@ class ProjectSpec extends SpecHelper {
         ts1 << [requirements: [req1.key], tests: [tst1.key, tst2.key]]
         rsk1 << [requirements: [req1.key], mitigations: [mit1.key]]
         mit1 << [requirements: [req1.key], risks: [rsk1.key]]
-        req2 << [predecessors: [req1.key], tests: [tst4.key]]
-        tst3 << [predecessors: [tst1.key]]
+        req2 << [predecessors: [req1.key], tests: [tst2.key,tst3.key,tst4.key], techSpecs: [ts2.key], risks: [rsk2.key], mitigations: [mit2.key]]
+        tst3 << [predecessors: [tst1.key], requirements: [req2.key], techSpecs: [ts2.key]]
         tst4 << [requirements: [req2.key]]
-        rsk2 << [predecessors: [rsk1.key], requirements: [req1.key]]
-        mit2 << [predecessors: [mit1.key], requirements: [req1.key], risks: [rsk1.key]]
-        ts2 << [predecessors: [ts1.key]]
+        rsk2 << [predecessors: [rsk1.key], requirements: [req2.key], mitigations: [mit2.key]]
+        mit2 << [predecessors: [mit1.key], requirements: [req2.key], risks: [rsk2.key]]
+        ts2 << [predecessors: [ts1.key], requirements: [req2.key], tests: [tst2.key, tst3.key]]
 
-        def req2Updated = req2.clone() + [tests: [tst4.key, tst3.key, tst2.key], techSpecs: [ts2.key], risks: [rsk2.key], mitigations: [mit2.key]]
+        def req2Updated = req2.clone()
         req2Updated  << [expandedPredecessors: [[key: req1.key, versions: req1.versions]]]
-        def tst2Updated = tst2.clone() + [requirements: [req2.key], techSpecs: [ts2.key]]
-        def tst3Updated = tst3.clone() + [requirements: [req2.key], techSpecs: [ts2.key]]
+        def tst2Updated = tst2.clone()
+        def tst3Updated = tst3.clone()
         tst3Updated << [expandedPredecessors: [[key: tst1.key, versions: tst1.versions]]]
-        def rsk2Updated = rsk2.clone() + [requirements: [req2.key], mitigations: [mit2.key]]
+        def rsk2Updated = rsk2.clone()
         rsk2Updated << [expandedPredecessors: [[key: rsk1.key, versions: rsk1.versions]]]
-        def mit2Updated = mit2.clone() + [requirements: [req2.key], risks: [rsk2.key]]
+        def mit2Updated = mit2.clone()
         mit2Updated << [expandedPredecessors: [[key: mit1.key, versions: mit1.versions]]]
-        def ts2Updated = ts2.clone() + [requirements: [req2.key], tests: [tst3.key, tst2.key]]
+        def ts2Updated = ts2.clone()
         ts2Updated  << [expandedPredecessors: [[key: ts1.key, versions: ts1.versions]]]
 
         def storedData = [

test/groovy/vars/OdsComponentStageCopyImageSpec.groovy

@@ -19,6 +19,7 @@ class OdsComponentStageCopyImageSpec extends PipelineSpockTestBase {
         def cfg = [
             sourceImageUrlIncludingRegistry: sourceImageUrlIncludingRegistry,
             verifyTLS                      : verifyTLS,
+            preserveDigests                : preserveDigests,
             tagIntoTargetEnv               : tagIntoTargetEnv,
         ]
         def ctxCfg = [
@@ -51,7 +52,8 @@ class OdsComponentStageCopyImageSpec extends PipelineSpockTestBase {
         assertCallStackContains("Resolved source Image data: ${sourceImageUrlIncludingRegistry}")
         assertCallStackContains("importing into: docker://internal-registry/project-cd/${imageName}:${imageTag}")
         // FIXME: this should probably verify that the steps.sh is called with the correct string rather than checking the full callstack
-        assertCallStackContains("skopeo copy --src-tls-verify=${expectedVerifyTLS}                  docker://${sourceImageUrlIncludingRegistry}                 --dest-creds openshift:secret-token                 docker://internal-registry/project-cd/image:1f3d1                 --dest-tls-verify=${expectedVerifyTLS}")
+        assertCallStackContains("skopeo copy ${expectedCopyParams}")
+        assertCallStackContains("--src-tls-verify=${expectedVerifyTLS}                  docker://${sourceImageUrlIncludingRegistry}                 --dest-creds openshift:secret-token                 docker://internal-registry/project-cd/image:1f3d1                 --dest-tls-verify=${expectedVerifyTLS}")
         if (tagIntoTargetEnv) {
             1 * openShiftService.importImageTagFromProject('project-dev', imageName, 'project-cd', imageTag, imageTag)
             1 * openShiftService.findOrCreateImageStream('project-dev', imageName)
@@ -60,13 +62,13 @@ class OdsComponentStageCopyImageSpec extends PipelineSpockTestBase {
         assertJobStatusSuccess()
 
         where:
-        registry      || repo   || imageName || imageTag || verifyTLS || expectedVerifyTLS || tagIntoTargetEnv
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || true      || true              || true
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || true      || true              || false
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || false     || false             || true
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || false     || false             || false
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || null      || true              || true
-        'example.com' || 'repo' || 'image'   || '1f3d1'  || null      || true              || false
+        registry      || repo   || imageName || imageTag || preserveDigests || expectedCopyParams          || verifyTLS || expectedVerifyTLS || tagIntoTargetEnv
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || true            || '--all --preserve-digests ' || true      || true              || true
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || true            || '--all --preserve-digests ' || true      || true              || false
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || false           || ''                          || false     || false             || true
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || false           || ''                          || false     || false             || false
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || null            || ''                          || null      || true              || true
+        'example.com' || 'repo' || 'image'   || '1f3d1'  || null            || ''                          || null      || true              || false
 
     }
 }