parse pipeline as code tekton

Author: SUSTAPLE117

models/package_insights.go

@@ -31,6 +31,7 @@ type PackageInsights struct {
 	GithubActionsMetadata  []GithubActionsMetadata `json:"github_actions_metadata"`
 	GitlabciConfigs        []GitlabciConfig        `json:"gitlabci_configs"`
 	AzurePipelines         []AzurePipeline         `json:"azure_pipelines"`
+	PipelineAsCodeTekton   []PipelineAsCodeTekton  `json:"pipeline_as_code_tekton"`
 }
 
 func (p *PackageInsights) GetSourceGitRepoURI() string {

models/pipeline_as_code_tekton.go

@@ -0,0 +1,10 @@
+package models
+
+type PipelineAsCodeTekton struct {
+	ApiVersion string `json:"apiVersion" yaml:"apiVersion"`
+	Kind       string `json:"kind"`
+	Metadata   struct {
+		Name        string            `json:"name"`
+		Annotations map[string]string `json:"annotations"`
+	} `json:"metadata"`
+}

scanner/scanner.go

@@ -154,6 +154,29 @@ func parseGitlabCi(scanner *Scanner, filePath string, fileInfo fs.FileInfo) erro
 	return nil
 }
 
+func parsePipelineAsCodeTekton(scanner *Scanner, filePath string, fileInfo fs.FileInfo) error {
+	relPath, err := filepath.Rel(scanner.Path, filePath)
+	if err != nil {
+		return err
+	}
+
+	data, err := os.ReadFile(filePath)
+	if err != nil {
+		return err
+	}
+
+	pipelineAsCode := models.PipelineAsCodeTekton{}
+	err = yaml.Unmarshal(data, &pipelineAsCode)
+	if err != nil {
+		log.Debug().Err(err).Str("file", relPath).Msg("failed to unmarshal pipeline as code yaml file")
+		return nil
+	}
+
+	scanner.Package.PipelineAsCodeTekton = append(scanner.Package.PipelineAsCodeTekton, pipelineAsCode)
+
+	return nil
+}
+
 type Scanner struct {
 	Path          string
 	Package       *models.PackageInsights
@@ -169,6 +192,7 @@ func NewScanner(path string) Scanner {
 		ParseFuncs: map[*regexp.Regexp]parseFunc{
 			regexp.MustCompile(`(\b|/)action\.ya?ml$`):              parseGithubActionsMetadata,
 			regexp.MustCompile(`^\.github/workflows/[^/]+\.ya?ml$`): parseGithubWorkflows,
+			regexp.MustCompile(`^\.tekton/[^/]+\.ya?ml$`):           parsePipelineAsCodeTekton,
 			regexp.MustCompile(`\.?azure-pipelines(-.+)?\.ya?ml$`):  parseAzurePipelines,
 			regexp.MustCompile(`\.?gitlab-ci(-.+)?\.ya?ml$`):        parseGitlabCi,
 		},

scanner/scanner_test.go

@@ -2,6 +2,7 @@ package scanner
 
 import (
 	"context"
+	"github.com/boostsecurityio/poutine/models"
 	"github.com/boostsecurityio/poutine/opa"
 	"github.com/stretchr/testify/assert"
 	"testing"
@@ -69,3 +70,31 @@ func TestRun(t *testing.T) {
 	assert.Contains(t, s.Package.PackageDependencies, "pkg:docker/alpine%3Alatest")
 	assert.Equal(t, 3, len(s.Package.GitlabciConfigs))
 }
+
+func TestPipelineAsCodeTekton(t *testing.T) {
+	s := NewScanner("testdata")
+	o, _ := opa.NewOpa()
+	err := s.Run(context.TODO(), o)
+	assert.NoError(t, err)
+
+	pipelines := s.Package.PipelineAsCodeTekton
+
+	assert.Len(t, pipelines, 1)
+	expectedAnnotations := map[string]string{
+		"pipelinesascode.tekton.dev/on-event":         "[push, pull_request]",
+		"pipelinesascode.tekton.dev/on-target-branch": "[*]",
+		"pipelinesascode.tekton.dev/task":             "[git-clone]",
+	}
+	expectedPipeline := models.PipelineAsCodeTekton{
+		ApiVersion: "tekton.dev/v1beta1",
+		Kind:       "PipelineRun",
+		Metadata: struct {
+			Name        string            `json:"name"`
+			Annotations map[string]string `json:"annotations"`
+		}{
+			Name:        "linters",
+			Annotations: expectedAnnotations,
+		},
+	}
+	assert.Equal(t, expectedPipeline, pipelines[0])
+}

scanner/testdata/.tekton/pipeline-as-code-tekton.yml

@@ -0,0 +1,58 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: linters
+  annotations:
+    pipelinesascode.tekton.dev/on-event: "[push, pull_request]"
+    pipelinesascode.tekton.dev/on-target-branch: "[*]"
+    pipelinesascode.tekton.dev/task: "[git-clone]"
+spec:
+  params:
+    - name: repo_url
+      value: "{{repo_url}}"
+    - name: revision
+      value: "{{revision}}"
+  pipelineSpec:
+    params:
+      - name: repo_url
+      - name: revision
+    tasks:
+      - name: fetchit
+        displayName: "Fetch git repository"
+        params:
+          - name: url
+            value: $(params.repo_url)
+          - name: revision
+            value: $(params.revision)
+        taskRef:
+          name: git-clone
+        workspaces:
+          - name: output
+            workspace: source
+      - name: vale
+        displayName: "Spelling and Grammar"
+        runAfter:
+          - fetchit
+        taskSpec:
+          workspaces:
+            - name: source
+          steps:
+            - name: vale-lint
+              image: jdkato/vale
+              workingDir: $(workspaces.source.path)
+              script: |
+                vale docs
+        workspaces:
+          - name: source
+            workspace: source
+    workspaces:
+      - name: source
+  workspaces:
+    - name: source
+      volumeClaimTemplate:
+        spec:
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 5Gi