Support Index cli (#2)

* Add sbom support from index-cli

* Drop error channel

* return value is treated as an Invoke Op

* Add the index-cli-plugin

* Fix sample again

* Build platforms in multi-arch Docker build

* change go.sh for /bin/sh env in alpine

* Add workflow

Author: slimslenderslacks

.dockerignore

@@ -0,0 +1 @@
+pod-atomisthq-tools.docker

.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  releases-matrix:
+    name: Release Go Binary
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # build and publish in parallel: linux/386, linux/amd64, linux/arm64, windows/386, windows/amd64, darwin/amd64, darwin/arm64
+        goos: [linux, windows, darwin]
+        goarch: [amd64, arm64]
+        exclude:
+          - goarch: arm64
+            goos: windows
+    steps:
+    - uses: actions/checkout@v3
+    - uses: wangyoucao577/go-release-action@v1.35
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+        goos: ${{ matrix.goos }}
+        goarch: ${{ matrix.goarch }}
+        goversion: 1.19.1
+        binary_name: "pod-atomisthq-tools.docker"
+        release_tag: "v0.1.0"
+        overwrite: TRUE
+        compress_assets: OFF
+

.gitignore

@@ -6,3 +6,7 @@
 /pod-babashka-docker-0.1.0-macos-aarch64.zip
 /pod-atomisthq-docker
 /pod-atomisthq-docker-0.1.0-macos-aarch64.zip
+/.nrepl-port
+/pod-atomisthq-tools.docker
+/pod-atomisthq-tools.docker-0.1.0-macos-aarch64.zip
+/pod-atomisthq-tools.docker-0.1.0-macos-arm64.zip

Dockerfile

@@ -0,0 +1,20 @@
+FROM golang:1.19-alpine AS build
+
+WORKDIR /app
+
+COPY go.mod ./
+COPY go.sum ./
+
+RUN go mod download
+
+COPY main.go ./
+COPY docker/ ./docker/
+COPY babashka/ ./babashka/
+
+RUN CGO_ENABLED=0 go build -o pod-atomisthq-tools.docker
+
+FROM alpine:3.17
+
+COPY repository/ /root/.babashka/pods/repository
+COPY --from=build /app/pod-atomisthq-tools.docker /root/.babashka/pods/repository/atomisthq/tools.docker/0.1.0
+RUN chmod 755 /root/.babashka/pods/repository/atomisthq/tools.docker/0.1.0/pod-atomisthq-tools.docker

README.md

@@ -41,6 +41,12 @@ To build the golang `parser` binary locally, run `go build`.
 go build -o pod-babashka-docker
 ```
 
+Create `vonwig/pod-atomisthq-tools.docker` which is a manifest list with pod binaries for both `amd64` and `arm64`.  This image is a good way to pull the pod binaries into skill containers.
+
+```bash
+bb build-pod-image
+```
+
 ## Contributing
 
 You can find information about contributing to this project in the CONTRIBUTING.md

babashka/ops.go

@@ -71,6 +71,20 @@ func WriteInvokeResponse(inputMessage *Message, value any) error {
 	return nil
 }
 
+func WriteNotDoneInvokeResponse(inputMessage *Message, value any) error {
+       if value == nil {
+		return nil
+	}
+	resultValue, err := json.Marshal(value)
+	if err != nil {
+		return err
+	}
+	response := InvokeResponse{Id: inputMessage.Id, Status: []string{}, Value: string(resultValue)}
+	writeResponse(response)
+
+	return nil
+}
+
 func WriteErrorResponse(inputMessage *Message, err error) {
 	errorResponse := ErrorResponse{Id: inputMessage.Id, Status: []string{"done", "error"}, ExMessage: err.Error()}
 	writeResponse(errorResponse)

bb.edn

@@ -1,15 +1,26 @@
 {:tasks
  {:requires ([babashka.fs :as fs])
-  :init (do 
+  :init (do
           (def n "pod-atomisthq-tools.docker")
           (def os "macos")
           (def version "0.1.0"))
-  build (shell (format "go build -o %s" n))
-  aarch64 (do 
+  check-for-builder {:task (-> (shell "docker buildx inspect buildx-multi-arch"))}
+  setup-builder {:task (if (= 1 (:exit check-for-builder))
+                         (shell {:continue true} "docker buildx create --name=buildx-multi-arch --driver=docker-container --driver-opt=network=host")
+                         (println "buildx-multi-arch is already running"))
+                 :depends [check-for-builder]}
+  build-pod-image {:task (shell "docker buildx build --builder=buildx-multi-arch --push --platform=linux/amd64,linux/arm64 --tag=vonwig/pod-atomisthq-tools.docker .")
+                   :depends [setup-builder]}
+
+  build (do (shell (format "go build -o %s" n))
+            (fs/copy "pod-atomisthq-tools.docker" "/Users/slim/.babashka/pods/repository/atomisthq/tools.docker/0.1.0/" {:replace-existing true})
+            (fs/copy "pod-atomisthq-tools.docker" "/Users/slim/.vscode/extensions/docker.slim-docker-lsp-client-0.0.1/" {:replace-existing true})
+            (fs/copy "pod-atomisthq-tools.docker" "/Users/slim/kipz/docker-vscode-project-extension/" {:replace-existing true}))
+  aarch64 (do
             (shell (format "zip %s-%s-%s-%s.zip %s" n version os "aarch64" n) {}))
-  x86     (do 
+  x86     (do
             (shell (format "zip %s-%s-%s-%s.zip %s" n version os "x86_64" n) {}))
-  linux-x86 
-          (do
-            (shell (format "zip %s-%s-%s-%s.zip %s" n version "linux" "amd64" n) {}))}}
+  linux-x86
+  (do
+    (shell (format "zip %s-%s-%s-%s.zip %s" n version "linux" "amd64" n) {}))}}
 

deps.edn

@@ -1,3 +1,6 @@
 {:sources ["dev"]
  :deps {babashka/babashka.pods {:mvn/version "0.1.0"}
-        com.cognitect/transit-clj {:mvn/version "1.0.324"}}}
+        babashka/process {:mvn/version "0.4.13"}
+        com.cognitect/transit-clj {:mvn/version "1.0.324"}}
+ :aliases {:main {:extra-paths ["main"]
+                  :exec-fn user1/transact-hashes}}}

dev/user.clj

@@ -1,20 +1,26 @@
 (ns user
-  (:require [babashka.pods :as pods]))
+  (:require [babashka.pods :as pods]
+            [clojure.edn :as edn]))
 
 (pods/load-pod 'atomisthq/tools.docker "0.1.0")
 (require '[pod.atomisthq.docker :as docker])
 
 ;; parse image names using github.com/docker/distribution 
 ;; turns golang structs into clojure maps
-(docker/parse-image-name "gcr.io/whatever:tag") 
+(docker/parse-image-name "gcr.io/whatever:tag")
 ;; automatically turns golang errors into Exceptions
 (try
   (docker/parse-image-name "gcr.io/whatever/:tag")
-  (catch Exception e 
+  (catch Exception e
     ;; invalid reference format
     (println (.getMessage e))))
 
 ;; parse dockerfiles using github.com/moby/buildkit
 ;; returns the Result struct transformed to a clojure map
 (docker/parse-dockerfile "FROM \\\n    gcr.io/whatever:tag\nCMD [\"run\"]")
 
+;; run sbom generation on local image
+(docker/sbom "vonwig/clojure-base:jdk17" (fn [event] (println event)))
+
+(docker/hashes "vonwig/malware1:latest" (fn [event] (println event)))
+

docker/ops.go

@@ -2,6 +2,7 @@ package docker
 
 import (
 	"github.com/docker/distribution/reference"
+	"github.com/docker/index-cli-plugin/sbom"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 
 	//"reflect"
@@ -34,7 +35,7 @@ func parse_uri(s string) (Reference, error) {
 
 	ref, err := reference.Parse(s)
 	if err != nil {
-		return Reference{},err;
+		return Reference{}, err
 	}
 	//fmt.Printf("%s\n", reflect.TypeOf(ref));
 
@@ -49,9 +50,52 @@ func parse_uri(s string) (Reference, error) {
 		digest = digested.Digest().String()
 	}
 	//u, err := json.Marshal(Reference{Path: path, Domain: domain, Tag: tag, Digest: digest})
-	return Reference{Path: path, Domain: domain, Tag: tag, Digest: digest}, err;
+	return Reference{Path: path, Domain: domain, Tag: tag, Digest: digest}, err
 }
 
+func generate_sbom(message *babashka.Message, s string) error {
+	tx_channel := make(chan string)
+
+	go func() error {
+		for {
+			tx := <-tx_channel
+			if tx != "" {
+				err := babashka.WriteNotDoneInvokeResponse(message, tx)
+				if err != nil {
+					babashka.WriteErrorResponse(message, err)
+				}
+
+			} else {
+				break
+			}
+		}
+		return nil
+	}()
+
+	return sbom.Send(s, tx_channel)
+}
+
+func generate_hashes(message *babashka.Message, s string) error {
+	tx_channel := make(chan string)
+
+	go func() error {
+		for {
+			tx := <-tx_channel
+			if tx != "" {
+				err := babashka.WriteNotDoneInvokeResponse(message, tx)
+				if err != nil {
+					babashka.WriteErrorResponse(message, err)
+				}
+
+			} else {
+				break
+			}
+		}
+		return nil
+	}()
+
+	return sbom.SendFileHashes(s, tx_channel)
+}
 
 func ProcessMessage(message *babashka.Message) (any, error) {
 	switch message.Op {
@@ -68,6 +112,42 @@ func ProcessMessage(message *babashka.Message) (any, error) {
 						{
 							Name: "parse-dockerfile",
 						},
+						{
+							Name: "sbom",
+							Code: `
+(defn sbom
+  ([image cb]
+   (sbom image cb {}))
+  ([image cb opts]
+   (babashka.pods/invoke
+     "pod.atomisthq.docker"
+     'pod.atomisthq.docker/-generate-sbom
+     [image]
+     {:handlers {:success (fn [event]
+                            (cb event))
+                 :error   (fn [{:keys [:ex-message :ex-data]}]
+                            (binding [*out* *err*]
+                              (println "ERROR:" ex-message)))
+		 :done    (fn [] (println "Done callback"))}})))`,
+						},
+						{
+							Name: "hashes",
+							Code: `
+(defn hashes
+  ([image cb]
+   (hashes image cb {}))
+  ([image cb opts]
+   (babashka.pods/invoke
+     "pod.atomisthq.docker"
+     'pod.atomisthq.docker/-generate-hashes
+     [image]
+     {:handlers {:success (fn [event]
+                            (cb event))
+                 :error   (fn [{:keys [:ex-message :ex-data]}]
+                            (binding [*out* *err*]
+                              (println "ERROR:" ex-message)))
+			      :done    (fn [] (cb {:status "done"}))}})))`,
+						},
 					},
 				},
 			},
@@ -86,8 +166,33 @@ func ProcessMessage(message *babashka.Message) (any, error) {
 			if err := json.Unmarshal([]byte(message.Args), &args); err != nil {
 				return nil, err
 			}
-                        reader := strings.NewReader(args[0])
+			reader := strings.NewReader(args[0])
 			return parser.Parse(reader)
+		case "pod.atomisthq.docker/-generate-sbom":
+			args := []string{}
+			if err := json.Unmarshal([]byte(message.Args), &args); err != nil {
+				return nil, err
+			}
+
+			err := generate_sbom(message, args[0])
+			if err != nil {
+				babashka.WriteErrorResponse(message, err)
+			}
+
+			return "done", nil
+
+		case "pod.atomisthq.docker/-generate-hashes":
+			args := []string{}
+			if err := json.Unmarshal([]byte(message.Args), &args); err != nil {
+				return nil, err
+			}
+
+			err := generate_hashes(message, args[0])
+			if err != nil {
+				babashka.WriteErrorResponse(message, err)
+			}
+
+			return "done", nil
 
 		default:
 			return nil, fmt.Errorf("Unknown var %s", message.Var)