Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ContainerRegistry] <DO NOT MERGE> Add 'acrcssc' extension for public preview #8530

Draft
wants to merge 189 commits into
base: main
Choose a base branch
from
Draft

[ContainerRegistry] <DO NOT MERGE> Add 'acrcssc' extension for public preview #8530

wants to merge 189 commits into from

Conversation

cegraybl
Copy link

@cegraybl cegraybl commented Mar 6, 2025
edited
Loading

This checklist is used to make sure that common guidelines for a pull request are followed.

Related command

CSSC (Container Secure Supply Chain) is an extension that configures your registry for continuous scanning and patching of container images. With the Continuous Patching feature in Azure Container Registry, you can automatically scan and patch designated artifacts for OS-level vulnerabilities. The workflow allows you to schedule recurring ACR tasks that scan your list of configured images for vulnerabilities (CVEs) using Trivy and then patch them using Copa.

General Guidelines

  • Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
  • Have you run python scripts/ci/test_index.py -q locally? (pip install wheel==0.30.0 required)
  • My extension version conforms to the Extension version schema

For new extensions:

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your pull request is merged into main branch, a new pull request will be created to update src/index.json automatically.
You only need to update the version information in file setup.py and historical information in file HISTORY.rst in your PR but do not modify src/index.json.

Pending items before the publishing PR

pwalecha and others added 30 commits June 4, 2024 21:30
@pwalecha
add code for cssc
d9e88db
@pwalecha
# Correct the Delete repository method - it is only deleting Tag
cdb363c 
# Fix LINT and Style issues
# Add more unit test
# Add defer_run_immediately support in the CLI command
# Change the command from supply-chain task to supply-chain workflow - Need to read document
# Change the show command to display cadence as "n"d instead of cron expression, order the list by name
# Check if Resource_group is coming as mandatory field Or it can be set in the config and can be fetched directly from there
@pwalecha
update new yamls
b1f89dc 
remove redundant files
@pwalecha
add support for streaming logging as well
a898153
@pwalecha
add support for logging
5a0ce0d
@pwalecha
add support for streamed logs only giving acr-cli logs
7b86532
@pwalecha
Delete old files
5c783c9 
Fix formatting
Fix bugs
@pwalecha
fix dry run
968fafd 
breaking test cases
@pwalecha
remove redundant files
d7538ba
@pwalecha
simplify print code
add2048
@cegraybl
add user confirmation before deletion
71680a3
@cegraybl
Merge branch 'users/puwalech/acrcssc' of https://github.com/pwalecha/…
dbd5113 
…azure-cli-extensions into users/puwalech/acrcssc
@cegraybl
allow update to be done on cadence or config (or both)
be52009
@pwalecha
fix:
1848240 
upload of dry-run quick task should be done from temp folder
improve logging feedback
Increase time for MI setup
Make cadence and config file updates optional
@pwalecha
merge latest
8a72e2d
@pwalecha
remove redundant code
94403bb
@cegraybl
add template file paths to the extension build
69788e2
@cegraybl
Merge branch 'users/puwalech/acrcssc' of https://github.com/pwalecha/…
8919cb8 
…azure-cli-extensions into users/puwalech/acrcssc
@pwalecha
fix minor bugs:
2bfad35 
help file
default values in documentation
test invalid json values
@pwalecha
fix update issue
e04fd35
@pwalecha
update from warning to print
63cd2f9
@pwalecha
fix:
13b1373 
regex for days validation
change error messages
refactor code
fix test cases related to refactoring
@cegraybl
fix minor issues, supress stderror from acr login
84fc89e
@pwalecha
add logging for better experience
d9360b3
@pwalecha
Merge branch 'users/puwalech/acrcssc' of https://github.com/pwalecha/…
01667f2 
…azure-cli-extensions into users/puwalech/acrcssc
@pwalecha
remove redundant line
f535211
@pwalecha
fix minor bugs:
f0e71c3
@cegraybl
update yaml for trigger task to 0.11, update filter parameter for dryrun
d48e9d7
@cegraybl
fix acr-cli version and env variable for dryrun yaml
ffa4998
@cegraybl
fix alot of style checks, some pylint issues
e87f0ec
cegraybl and others added 9 commits March 5, 2025 10:59
@cegraybl
add additional error checking when modifying the logger level
03eb29c
@cegraybl
Add log message when retrieving configuration from registry
3c83455
@cegraybl
fix issues with configuration handling, make image limit check to ru…
d5e1639 
…n under a Poller
@cegraybl
remove dots from validation message, spinner already includes them
af6f182
@cegraybl
resolve comment on possible using acr_archive_utils_logger_level befo…
dbfb3fd 
…re it is assigned
@cegraybl
remove debug comment
dafed5b
@cegraybl
Merge pull request #20 from AzureCR/cegraybl/cssc_31229526_image_limi…
b9814a5 
…t_check

feat(cssc): 31229526 add image limit check during create and update
@cegraybl
remove LongRunningOperation wrapper around task update to avoid polle…
9f20733 
…r issues
@cegraybl
Merge pull request #26 from AzureCR/cegraybl/cssc_31670277_remove_lon…
e68da31 
…grunning

fix(cssc): 31670277 Remove LongRunningOperation wrapper for task updates
@azure-client-tools-bot-prd azure-client-tools-bot-prd
Copy link

Validation for Breaking Change Starting...

Thanks for your contribution!

@azure-client-tools-bot-prd azure-client-tools-bot-prd
Copy link

Hi @cegraybl,
Please write the description of changes which can be perceived by customers into HISTORY.rst.
If you want to release a new extension version, please update the version in setup.py as well.

@yonzhan
Copy link
Collaborator

yonzhan commented Mar 6, 2025

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2025

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2025
edited
Loading

Hi @cegraybl

⚠️ Release Requirements

Module: acrcssc

  • ⚠️ Please update VERSION to be 1.0.0b1 in src/acrcssc/setup.py

Notes

@yonzhan yonzhan requested review from zhoxing-ms and yanzhudd March 7, 2025 00:32
Ruchi Maheshwari and others added 7 commits March 7, 2025 12:03
added validation for tag-convention allowed values
9294174
Moved version validation check to schema validation and fixed the tag…
8035585 
…-convention schema validation to strictly allow for only incremental or floating
Taking copilots suggestion for exact match
a007578
@Ruchii-27
Merge pull request #28 from AzureCR/ruchi/FixCLIBugForTagConvention
37788cc 
fix(cssc): 31694722 fixed config validation to only allow tag-convention = floating or incremental
When no matching images are found, inform the user instead of continu…
49e9d97 
…ing silently
@Ruchii-27
Merge pull request #30 from AzureCR/ruchi/FixCLIBugWhen0MatchingImages
44cc40d 
fix(cssc): 31694219 inform user when images matching their configuration are 0
@cegraybl
test(cssc): 30926545 add Scenario test for extension, fix style issue…
9c7761b 
…s (2/n) (#25)

- Add ScenarioTest for the extension and the recording
- Fix remaining style and lint issues
- Fix README file to reflect basic usage
- Fix HISTORY and setup.py to have the final release version for private
preview
@github-actions github-actions bot added the release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually. label Mar 10, 2025
Ruchii-27 and others added 2 commits March 10, 2025 16:08
@Ruchii-27
fix(cssc): 31695069 Enhanced repositories schema validation + added t…
5ba93fa 
…ests (#31)

Currently, no validation error is thrown when repositories are empty or
repeated in configuration file.

Bug -
https://msazure.visualstudio.com/AzureContainerRegistry/_workitems/edit/31695069/?view=edit

This PR fixes the issue by enhancing schema validation for repositories
and updating the tests to test for this scenario.


![image](https://github.com/user-attachments/assets/1d7d1f0e-feff-49b1-a955-2dbb85c44ab2)

---------

Co-authored-by: Ruchi Maheshwari <rumahe@microsoft.com>
@Ruchii-27
fix(cssc): 31694510, 31694600 Check for existence of cssc tasks befor…
9deef45 
…e calling list command + enhance log message (#32)

This PR adds a check to ensure that the cssc tasks exist before calling
the list command. It also displays that the list command is executed for
the last n days. Updated tests as well.

With this, below 2 bugs are addressed:
1.
https://msazure.visualstudio.com/AzureContainerRegistry/_workitems/edit/31694510/?view=edit
Before Fix: 

![image](https://github.com/user-attachments/assets/61ced20f-d8c4-42d6-bc8d-67e3ae299ed1)
After Fix:

![image](https://github.com/user-attachments/assets/807745a3-71f5-471c-89b5-62161fbd3fd1)

2.
https://msazure.visualstudio.com/AzureContainerRegistry/_workitems/edit/31694600/?view=edit
After Fix: added a line to indicate list executed for last n days:

![image](https://github.com/user-attachments/assets/fe832467-d337-4f18-a2c7-f713452e5c3a)

---------

Co-authored-by: Ruchi Maheshwari <rumahe@microsoft.com>
AllyW
AllyW reviewed Mar 12, 2025
View reviewed changes
src/acrcssc/setup.py
logger.warn("Wheel is not available, disabling bdist_wheel hook")

VERSION = '1.1.1'

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please adjust the initial version for acrcssc to be 1.0.0b1, instead of 1.1.1

For more info about the extension versioning schema, please refer to doc here:https://github.com/Azure/azure-cli/blob/dev/doc/extensions/versioning_guidelines.md#initialization

@Ruchii-27
fix(cssc): 31694592 Added validations to ensure dry run and run immed…
aaa3d7e 
…iately options are mutually exclusive (#33)

Added validation to ensure that the `--dryrun` and `--run-immediately`
options cannot be used together both during create and update.
Also added unit tests for this scenario to ensure the validation works
as expected.

Bug -
https://msazure.visualstudio.com/AzureContainerRegistry/_workitems/edit/31694592/?view=edit

After fix:

![image](https://github.com/user-attachments/assets/b5a2f868-8904-42ea-aa9e-acb561943d2f)

Co-authored-by: Ruchi Maheshwari <rumahe@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AllyW AllyW AllyW left review comments

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@yanzhudd yanzhudd Awaiting requested review from yanzhudd

At least 1 approving review is required to merge this pull request.

Assignees

@zhoxing-ms zhoxing-ms

Labels
release-version-block Updates do not qualify release version rules. NOTE: please do not edit it manually.
Projects
None yet
Milestone
April 2025 (2025-04-01)
Development

Successfully merging this pull request may close these issues.
6 participants
@cegraybl @yonzhan @AllyW @zhoxing-ms @pwalecha @Ruchii-27