Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
105
Merge Requests
105
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
slapos
Commits
95b51c22
Commit
95b51c22
authored
Jun 28, 2024
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Dependency-Track: new software
parent
1a48a547
Pipeline
#35946
failed with stage
in 0 seconds
Changes
11
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
402 additions
and
0 deletions
+402
-0
software/dependency-track/README.md
software/dependency-track/README.md
+5
-0
software/dependency-track/buildout.hash.cfg
software/dependency-track/buildout.hash.cfg
+3
-0
software/dependency-track/instance-dependency-track-input-schema.json
...endency-track/instance-dependency-track-input-schema.json
+6
-0
software/dependency-track/instance-dependency-track-output-schema.json
...ndency-track/instance-dependency-track-output-schema.json
+12
-0
software/dependency-track/instance.cfg.in
software/dependency-track/instance.cfg.in
+228
-0
software/dependency-track/software.cfg
software/dependency-track/software.cfg
+27
-0
software/dependency-track/software.cfg.json
software/dependency-track/software.cfg.json
+15
-0
software/dependency-track/test/README.md
software/dependency-track/test/README.md
+1
-0
software/dependency-track/test/setup.py
software/dependency-track/test/setup.py
+52
-0
software/dependency-track/test/test.py
software/dependency-track/test/test.py
+46
-0
software/slapos-sr-testing/software.cfg
software/slapos-sr-testing/software.cfg
+7
-0
No files found.
software/dependency-track/README.md
0 → 100644
View file @
95b51c22
# OWASP Dependency Track
https://dependencytrack.org/
Can be used to ingest SBOM of slapos software release produced with
[
nxdbom
](
https://lab.nexedi.com/nexedi/nxd-bom
)
software/dependency-track/buildout.hash.cfg
0 → 100644
View file @
95b51c22
[instance-profile]
filename = instance.cfg.in
md5sum = 5545f52ea36d5116523c5569999915ae
software/dependency-track/instance-dependency-track-input-schema.json
0 → 100644
View file @
95b51c22
{
"$schema"
:
"http://json-schema.org/draft-04/schema#"
,
"type"
:
"object"
,
"additionalProperties"
:
false
,
"properties"
:
{}
}
software/dependency-track/instance-dependency-track-output-schema.json
0 → 100644
View file @
95b51c22
{
"$schema"
:
"https://json-schema.org/draft-04/schema#"
,
"type"
:
"object"
,
"properties"
:
{
"url"
:
{
"title"
:
"URL"
,
"description"
:
"URL to access Dependency-Track."
,
"type"
:
"string"
,
"format"
:
"uri"
}
}
}
software/dependency-track/instance.cfg.in
0 → 100644
View file @
95b51c22
[buildout]
parts =
publish-connection-parameter
extends = ${monitor2-template:output}
eggs-directory = ${buildout:eggs-directory}
develop-eggs-directory = ${buildout:develop-eggs-directory}
offline = true
[dependency-track-instance]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:service}/$${:_buildout_section_name_}
command-line =
${java:location}/bin/java
-jar ${dependency-track-bundled.jar:location}/dependency-track-bundled.jar
-host $${:ip}
-port $${:port}
environment =
ALPINE_DATABASE_MODE=external
ALPINE_DATABASE_URL=jdbc:postgresql://$${postgresql:ipv4}:$${postgresql:port}/$${postgresql:dbname}
ALPINE_DATABASE_DRIVER=org.postgresql.Driver
ALPINE_DATABASE_USERNAME=$${postgresql:superuser}
ALPINE_DATABASE_PASSWORD=$${postgresql:password}
HOME=$${directory:srv-dependency-track}
hash-existing-files =
$${buildout:directory}/software_release/buildout.cfg
ip = $${instance-parameter:ipv4-random}
port = 18080
promises =
$${dependency-track-promise:name}
[dependency-track-frontend-certificate]
recipe = plone.recipe.command
command =
if [ ! -e $${:cert-file} ]
then
${openssl-output:openssl} req -x509 -nodes -sha256 -days 3650 \
-subj "/C=AA/ST=X/L=X/O=Dis/CN=$${:common-name}" \
-newkey rsa -keyout $${:cert-file} \
-out $${:cert-file}
fi
update-command = $${:command}
cert-file = $${directory:var}/$${:_buildout_section_name_}.pem
common-name = $${dependency-track-frontend-config:ip}
location =
$${:cert-file}
[dependency-track-frontend-config]
recipe = slapos.recipe.template:jinja2
url = ${stack-haproxy-default-backend-config:target}
output = $${directory:etc}/$${:_buildout_section_name_}
context =
key pidfile :pidfile
key content :content
content =
listen app
log global
bind $${:ip}:$${:port} ssl crt $${dependency-track-frontend-certificate:cert-file} alpn h2,http/1.1
server app $${dependency-track-instance:ip}:$${dependency-track-instance:port}
pidfile = $${directory:run}/$${:_buildout_section_name_}.pid
ip = $${instance-parameter:ipv6-random}
port = 8443
[dependency-track-frontend]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:services}/$${:_buildout_section_name_}
command-line =
${haproxy:location}/sbin/haproxy -f $${dependency-track-frontend-config:output}
url = https://[$${dependency-track-frontend-config:ip}]:$${dependency-track-frontend-config:port}
[dependency-track-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url= $${dependency-track-frontend:url}/
[postgresql-password]
recipe = slapos.cookbook:generate.password
[postgresql]
recipe = slapos.cookbook:postgres
bin = ${postgresql:location}/bin
services = $${directory:service}
dbname = dependency-track_db
superuser = dependency-track-psql
password = $${postgresql-password:passwd}
pgdata-directory = $${directory:srv}/postgresql
ipv4 = $${instance-parameter:ipv4-random}
# disable listening on ipv6
ipv6 =
port = 5432
promises = $${postgresql-promise:name}
[postgresql-psql]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line =
$${postgresql:bin}/psql
-h $${postgresql:pgdata-directory}
-U $${postgresql:superuser}
-d $${postgresql:dbname}
[postgresql-promise]
<= monitor-promise-base
promise = check_command_execute
name = promise-postgresql.py
config-command = $${postgresql-psql:wrapper-path} -c '\q'
[postgresql-backup-crontab-entry]
recipe = slapos.cookbook:cron.d
name = $${:_buildout_section_name_}
cron-entries = $${cron:cron-entries}
time = daily
command = $${postgresql-backup:wrapper-path}
[postgresql-backup]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
# XXX there's a recipe for backup in slapos cookbook, but it does not create
# the backup file in an atomic way, which is not acceptable here, because we
# don't want to risk pulling a partial file. To prevent this, we create a
# temp file and move it when finished.
command-line =
sh -c "$${postgresql:bin}/pg_dump \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
--format=custom \
-f $${:backup-file}.tmp \
$${postgresql:dbname} \
&& mv $${:backup-file}.tmp $${:backup-file}"
backup-file = $${directory:srv-backup}/backup.pg_dump
[postgresql-restore-backup]
recipe = slapos.cookbook:wrapper
wrapper-path = $${directory:bin}/$${:_buildout_section_name_}
command-line =
sh -e -c "\
echo 'This will replace current database with latest backup. Hit Ctrl+C to cancel';
sleep 10;
$${postgresql:bin}/dropdb \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
--if-exists \
$${postgresql:dbname};
$${postgresql:bin}/createdb \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
$${postgresql:dbname};
$${postgresql:bin}/pg_restore \
--exit-on-error \
-h $${postgresql:pgdata-directory} \
-U $${postgresql:superuser} \
-d $${postgresql:dbname} \
$${postgresql-backup:backup-file}"
[cron]
recipe = slapos.cookbook:cron
dcrond-binary = ${dcron-output:crond}
cron-entries = $${directory:etc-cron.d}
crontabs = $${directory:var-crontabs}
cronstamps = $${directory:var-cronstamps}
catcher = $${cron-simplelogger:wrapper}
binary = $${directory:bin}/crond
[cron-service]
recipe = slapos.cookbook:wrapper
command-line = $${cron:binary}
wrapper-path = $${directory:services}/crond
hash-existing-files = $${buildout:directory}/software_release/buildout.cfg
[cron-simplelogger]
recipe = slapos.cookbook:simplelogger
wrapper = $${directory:bin}/cron_simplelogger
log = $${directory:log}/cron.log
[rapidcdn-frontend]
<= slap-connection
recipe = slapos.cookbook:requestoptional
name = Dependency Track Frontend
# XXX We have hardcoded SR URL here.
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
shared = true
config-url = $${dependency-track-frontend:url}
return = domain secure_access
[rapidcdn-frontend-available-promise]
<= monitor-promise-base
promise = check_url_available
name = $${:_buildout_section_name_}.py
config-url = $${rapidcdn-frontend:connection-secure_access}
[instance-parameter]
recipe = slapos.cookbook:slapconfiguration
computer = $${slap-connection:computer-id}
partition = $${slap-connection:partition-id}
url = $${slap-connection:server-url}
key = $${slap-connection:key-file}
cert = $${slap-connection:cert-file}
[directory]
recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc
etc-cron.d = $${:etc}/cron.d
var = $${buildout:directory}/var
var-crontabs = $${:var}/crontabs
var-cronstamps = $${:var}/cronstamps
var-cron-entries = $${:var}/cron-entries
srv = $${buildout:directory}/srv
bin = $${buildout:directory}/bin
tmp = $${buildout:directory}/tmp
run = $${buildout:directory}/run
service = $${:etc}/service
srv-dependency-track = $${:srv}/dependency-track
srv-backup = $${:srv}/backup
[publish-connection-parameter]
recipe = slapos.cookbook:publish
url = $${rapidcdn-frontend-available-promise:config-url}
backup-crontab = $${postgresql-backup-crontab-entry:name}
restore-backup-script = $${postgresql-restore-backup:wrapper-path}
software/dependency-track/software.cfg
0 → 100644
View file @
95b51c22
[buildout]
extends =
../../component/defaults.cfg
../../component/java/buildout.cfg
../../component/postgresql/buildout.cfg
../../component/dcron/buildout.cfg
../../stack/haproxy/default-backend.cfg
../../stack/slapos.cfg
buildout.hash.cfg
../../stack/monitor/buildout.cfg
parts =
slapos-cookbook
instance-profile
[java]
<= java-re-temurin-21
[dependency-track-bundled.jar]
recipe = slapos.recipe.build:download
url = https://github.com/DependencyTrack/dependency-track/releases/download/4.11.4/dependency-track-bundled.jar
md5sum = a1c5e8f216a999b6d497b133c93588a6
[instance-profile]
recipe = slapos.recipe.template
url = ${:_profile_base_location_}/${:filename}
output = ${buildout:directory}/instance.cfg
software/dependency-track/software.cfg.json
0 → 100644
View file @
95b51c22
{
"name"
:
"Dependency-Track"
,
"description"
:
"Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain."
,
"serialisation"
:
"xml"
,
"software-type"
:
{
"default"
:
{
"title"
:
"Default"
,
"software-type"
:
"default"
,
"description"
:
"Default"
,
"request"
:
"instance-dependency-track-input-schema.json"
,
"response"
:
"instance-dependency-track-output-schema.json"
,
"index"
:
1
}
}
}
software/dependency-track/test/README.md
0 → 100644
View file @
95b51c22
Tests for DependencyTrack software release
software/dependency-track/test/setup.py
0 → 100644
View file @
95b51c22
##############################################################################
#
# Copyright (c) 2024 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from
setuptools
import
setup
,
find_packages
version
=
'0.0.1.dev0'
name
=
'slapos.test.dependencytrack'
with
open
(
"README.md"
)
as
f
:
long_description
=
f
.
read
()
setup
(
name
=
name
,
version
=
version
,
description
=
"Test for SlapOS' dependencytrack"
,
long_description
=
long_description
,
long_description_content_type
=
'text/markdown'
,
maintainer
=
"Nexedi"
,
maintainer_email
=
"info@nexedi.com"
,
url
=
"https://lab.nexedi.com/nexedi/slapos"
,
packages
=
find_packages
(),
install_requires
=
[
'slapos.core'
,
'slapos.cookbook'
,
'slapos.libnetworkcache'
,
'supervisor'
,
'requests'
],
zip_safe
=
True
,
test_suite
=
'test'
,
)
software/dependency-track/test/test.py
0 → 100644
View file @
95b51c22
##############################################################################
#
# Copyright (c) 2024 Nexedi SA and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import
os
import
requests
from
slapos.testing.testcase
import
makeModuleSetUpAndTestCaseClass
setUpModule
,
InstanceTestCase
=
makeModuleSetUpAndTestCaseClass
(
os
.
path
.
abspath
(
os
.
path
.
join
(
os
.
path
.
dirname
(
__file__
),
'..'
,
'software.cfg'
)))
class
TestDependencyTrack
(
InstanceTestCase
):
__partition_reference__
=
'DT'
# postgresql use a socket in data dir
def
test
(
self
):
url
=
self
.
computer_partition
.
getConnectionParameterDict
()[
'url'
]
resp
=
requests
.
get
(
url
,
verify
=
False
)
self
.
assertTrue
(
resp
.
text
)
self
.
assertTrue
(
resp
.
ok
)
software/slapos-sr-testing/software.cfg
View file @
95b51c22
...
...
@@ -47,6 +47,11 @@ setup = ${slapos-repository:location}/software/backupserver/test/
egg = slapos.test.dufs
setup = ${slapos-repository:location}/software/dufs/test/
[slapos.test.dependency-track-setup]
<= setup-develop-egg
egg = slapos.test.dependencytrack
setup = ${slapos-repository:location}/software/dependency-track/test/
[slapos.test.erp5-setup]
<= setup-develop-egg
egg = slapos.test.erp5
...
...
@@ -355,6 +360,7 @@ eggs +=
${slapos.test.caucase-setup:egg}
${slapos.test.cloudooo-setup:egg}
${slapos.test.dream-setup:egg}
${slapos.test.dependency-track-setup:egg}
${slapos.test.dufs-setup:egg}
${slapos.test.erp5-setup:egg}
${slapos.test.erp5testnode-setup:egg}
...
...
@@ -446,6 +452,7 @@ tests =
caucase ${slapos.test.caucase-setup:setup}
cloudooo ${slapos.test.cloudooo-setup:setup}
dream ${slapos.test.dream-setup:setup}
dependency-track ${slapos.test.dependency-track-setup:setup}
dufs ${slapos.test.dufs-setup:setup}
erp5 ${slapos.test.erp5-setup:setup}
erp5-py3 ${slapos.test.erp5-setup:setup}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment