From a65693bb32a643a19e787821fe96b05a693f91ff Mon Sep 17 00:00:00 2001
From: Holly Gong <39108850+hogo6002@users.noreply.github.com>
Date: Tue, 4 Jun 2024 10:47:18 +1000
Subject: [PATCH] Enable Debian combine-to-osv on prod (#2168)

Deploy `debian-cve-convert` cron job on production.
---
 .../gke-workers/base/debian-cve-convert.yaml  | 30 +++++++++++++++++++
 .../gke-workers/base/kustomization.yaml       |  1 +
 .../oss-vdb-test/debian-cve-convert.yaml      | 19 ------------
 .../oss-vdb-test/kustomization.yaml           |  2 +-
 .../oss-vdb/debian-cve-convert.yaml           | 16 ++++++++++
 .../environments/oss-vdb/kustomization.yaml   |  1 +
 6 files changed, 49 insertions(+), 20 deletions(-)
 create mode 100644 deployment/clouddeploy/gke-workers/base/debian-cve-convert.yaml
 create mode 100644 deployment/clouddeploy/gke-workers/environments/oss-vdb/debian-cve-convert.yaml

diff --git a/deployment/clouddeploy/gke-workers/base/debian-cve-convert.yaml b/deployment/clouddeploy/gke-workers/base/debian-cve-convert.yaml
new file mode 100644
index 00000000000..5498ca0fa64
--- /dev/null
+++ b/deployment/clouddeploy/gke-workers/base/debian-cve-convert.yaml
@@ -0,0 +1,30 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: debian-cve-convert
+spec:
+  schedule: "0 */1 * * *"
+  concurrencyPolicy: Forbid
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: 3600
+      template:
+        spec:
+          containers:
+          - name: debian-cve-convert
+            image: debian-cve-convert
+            imagePullPolicy: Always
+            securityContext:
+              privileged: true
+            resources:
+              requests:
+                cpu: 1
+                memory: "1G"
+              limits:
+                cpu: 1
+                memory: "2G"
+          restartPolicy: OnFailure
+          volumes:
+            - name: "ssd"
+              hostPath:
+                path: "/mnt/disks/ssd0"
\ No newline at end of file
diff --git a/deployment/clouddeploy/gke-workers/base/kustomization.yaml b/deployment/clouddeploy/gke-workers/base/kustomization.yaml
index 43d50eef394..fbc6af94b51 100644
--- a/deployment/clouddeploy/gke-workers/base/kustomization.yaml
+++ b/deployment/clouddeploy/gke-workers/base/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
 - importer-deleter.yaml
 - exporter.yaml
 - alpine-cve-convert.yaml
+- debian-cve-convert.yaml
 - combine-to-osv.yaml
 - debian-convert.yaml
 - debian-first-version.yaml
diff --git a/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/debian-cve-convert.yaml b/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/debian-cve-convert.yaml
index 42ccfa62b76..b7cfdbdcaf7 100644
--- a/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/debian-cve-convert.yaml
+++ b/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/debian-cve-convert.yaml
@@ -3,33 +3,14 @@ kind: CronJob
 metadata:
   name: debian-cve-convert
 spec:
-  schedule: "0 */1 * * *"
-  concurrencyPolicy: Forbid
   jobTemplate:
     spec:
-      activeDeadlineSeconds: 3600
       template:
         spec:
           containers:
           - name: debian-cve-convert
-            image: debian-cve-convert
-            imagePullPolicy: Always
             env:
             - name: GOOGLE_CLOUD_PROJECT
               value: oss-vdb-test
             - name: OUTPUT_GCS_BUCKET
               value: osv-test-cve-osv-conversion
-            securityContext:
-              privileged: true
-            resources:
-              requests:
-                cpu: 1
-                memory: "1G"
-              limits:
-                cpu: 1
-                memory: "2G"
-          restartPolicy: OnFailure
-          volumes:
-            - name: "ssd"
-              hostPath:
-                path: "/mnt/disks/ssd0"
diff --git a/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/kustomization.yaml b/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/kustomization.yaml
index 65ab337b6c5..2d67f0d93fc 100644
--- a/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/kustomization.yaml
+++ b/deployment/clouddeploy/gke-workers/environments/oss-vdb-test/kustomization.yaml
@@ -1,6 +1,5 @@
 resources:
 - ../../base
-- debian-cve-convert.yaml
 patches:
 - path: workers.yaml
 - path: scaler.yaml
@@ -8,6 +7,7 @@ patches:
 - path: importer-deleter.yaml
 - path: exporter.yaml
 - path: alpine-cve-convert.yaml
+- path: debian-cve-convert.yaml
 - path: combine-to-osv.yaml
 - path: debian-convert.yaml
 - path: debian-first-version.yaml
diff --git a/deployment/clouddeploy/gke-workers/environments/oss-vdb/debian-cve-convert.yaml b/deployment/clouddeploy/gke-workers/environments/oss-vdb/debian-cve-convert.yaml
new file mode 100644
index 00000000000..2ba13a11b3b
--- /dev/null
+++ b/deployment/clouddeploy/gke-workers/environments/oss-vdb/debian-cve-convert.yaml
@@ -0,0 +1,16 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: debian-cve-convert
+spec:
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: debian-cve-convert
+            env:
+            - name: GOOGLE_CLOUD_PROJECT
+              value: oss-vdb
+            - name: OUTPUT_GCS_BUCKET
+              value: cve-osv-conversion
\ No newline at end of file
diff --git a/deployment/clouddeploy/gke-workers/environments/oss-vdb/kustomization.yaml b/deployment/clouddeploy/gke-workers/environments/oss-vdb/kustomization.yaml
index c8c4e07ef07..2cbfa32fa1c 100644
--- a/deployment/clouddeploy/gke-workers/environments/oss-vdb/kustomization.yaml
+++ b/deployment/clouddeploy/gke-workers/environments/oss-vdb/kustomization.yaml
@@ -8,6 +8,7 @@ patches:
 - path: importer-deleter.yaml
 - path: exporter.yaml
 - path: alpine-cve-convert.yaml
+- path: debian-cve-convert.yaml
 - path: combine-to-osv.yaml
 - path: debian-convert.yaml
 - path: debian-first-version.yaml