diff --git a/cve-vulner-manager/Dockerfile b/cve-vulner-manager/Dockerfile index 79e27b602713cd6aa5acf8c6b0f6960b05b01aaf..fe1c0b28c4fd0249ccbc0eb0159e29afa76d161b 100644 --- a/cve-vulner-manager/Dockerfile +++ b/cve-vulner-manager/Dockerfile @@ -1,17 +1,25 @@ -FROM golang:1.18.8 as BUILDER +FROM openeuler/openeuler:23.03 as BUILDER +RUN dnf update -y && \ + dnf install -y golang && \ + go env -w GOPROXY=https://goproxy.cn,direct + LABEL maintainer="zhangjianjun" # build binary -RUN mkdir -p /go/src/gitee.com/openeuler/cve-manager -COPY . /go/src/gitee.com/openeuler/cve-manager -RUN cd /go/src/gitee.com/openeuler/cve-manager && CGO_ENABLED=1 go build -v -o ./cve-manager main.go +WORKDIR /go/src/gitee.com/openeuler/cve-manager +COPY . . +RUN GO111MODULE=on CGO_ENABLED=1 go build -v -o cve-manager . # copy binary config and utils FROM openeuler/openeuler:22.03 -RUN mkdir -p /opt/app/conf/ -COPY ./conf/product_app.conf /opt/app/conf/app.conf -# overwrite config yaml -COPY --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-manager /opt/app +RUN dnf -y update && \ + dnf in -y shadow && \ + groupadd -g 1000 manager && \ + useradd -u 1000 -g manager -s /bin/bash -m manager + +USER manager + +COPY --chown=manager ./conf/product_app.conf /opt/app/conf/app.conf +COPY --chown=manager --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-manager /opt/app/cve-manager -WORKDIR /opt/app/ ENTRYPOINT ["/opt/app/cve-manager"] \ No newline at end of file diff --git a/cve-vulner-manager/models/hookevent.go b/cve-vulner-manager/models/hookevent.go index 318cc98324cba8c7726977531d8646b8530b0e32..27200c3671ad484b5ecddd02e6b8b99ed6bee976 100644 --- a/cve-vulner-manager/models/hookevent.go +++ b/cve-vulner-manager/models/hookevent.go @@ -177,6 +177,7 @@ type PullRequestIssue struct { CveNumber string Branch string BrFlag bool + MergeAt int64 } //GetLabelsStr labels slice to string diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index ab69fbebcc44001fa92dbe1a32eabac70e0ea322..fc12ba7f82f17aa73f9b1b0e163fa218be7cd207 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1305,6 +1305,16 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, continue } } + + // Branches that have been fixed before the release no longer publish announcements + if releaseTimeOfVersion, ok := releaseDate[affectBranch]; ok { + if iv.MergeAt < releaseTimeOfVersion { + tpl.IsIgnore = 1 + models.UpdateIssueTemplate(&tpl, "is_ignore") + continue + } + } + err = models.ReplacePackageByCveId(pkgList, tpl.CveId, affectBranch) if err != nil { logs.Error("ReplacePackageByCveId, err: ", err, "tpl.CveId: ", tpl.CveId) @@ -1369,32 +1379,15 @@ func getRepoIssueAllPR(affectBranch, token, owner, repo string, startTime, pt = mt } - // Branches that have been fixed before the release no longer publish announcements - if releaseTimeOfVersion, ok := releaseDate[affectBranch]; ok { - if pt < releaseTimeOfVersion { - isTemp.IsIgnore = 1 - models.UpdateIssueTemplate(&isTemp, "is_ignore") - continue - } - } - if pt >= startTime && pt <= releaseTime { if v["base"].(map[string]interface{})["label"].(string) == affectBranch { - //if v["base"].(map[string]interface{})["repo"].(map[string]interface{})["path"] == repo { - // if v["base"].(map[string]interface{})["repo"].(map[string]interface{})["namespace"].(map[string]interface{})["path"] == owner { - // pr.Id = int64(v["id"].(float64)) - // pr.Number = isTemp.IssueNum - // pr.CveNumber = isTemp.CveNum - // pr.Repo = repo - // prList = append(prList, pr) - // } - //} pr.Id = int64(v["id"].(float64)) pr.Number = isTemp.IssueNum pr.CveNumber = isTemp.CveNum pr.Repo = repo pr.BrFlag = true pr.Branch = affectBranch + pr.MergeAt = pt prList = append(prList, pr) } }