From c8b9a7726d6b3967e68f7624586e4a8bd7308e09 Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Tue, 26 Nov 2024 09:58:50 +0100
Subject: [PATCH] fix(ci): deduplicate trivy login script

also login for license scanning
---
 .github/scripts/generate-sarif-reports.sh    | 10 +---------
 .github/scripts/scan-for-licenses.sh         | 10 +---------
 .github/scripts/trivy-login-to-registries.sh | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 18 deletions(-)
 create mode 100644 .github/scripts/trivy-login-to-registries.sh

diff --git a/.github/scripts/generate-sarif-reports.sh b/.github/scripts/generate-sarif-reports.sh
index 579a6e165..7d7b24e91 100755
--- a/.github/scripts/generate-sarif-reports.sh
+++ b/.github/scripts/generate-sarif-reports.sh
@@ -6,9 +6,7 @@
 set -eu
 set -o pipefail
 
-declare -A IMAGE_PULL_TOKENS=(
-  ["registry-gitlab.teuto.net"]="${TEUTO_PORTAL_WORKER_PULL_TOKEN}"
-)
+source "$(dirname "$0")/trivy-login-to-registries.sh"
 
 function createSarifReports() {
   local chart="${1?}"
@@ -47,12 +45,6 @@ function generateSarifReport() {
 }
 export -f generateSarifReport
 
-trivy image --download-db-only
-
-for registry in "${!IMAGE_PULL_TOKENS[@]}"; do
-  TRIVY_PASSWORD="${IMAGE_PULL_TOKENS["$registry"]}" trivy registry login --username github-cve-scanning "$registry"
-done
-
 if [[ "$#" == 1 && -d "$1" ]]; then
   createSarifReports "$1"
 else
diff --git a/.github/scripts/scan-for-licenses.sh b/.github/scripts/scan-for-licenses.sh
index 67e4b554b..487889db8 100755
--- a/.github/scripts/scan-for-licenses.sh
+++ b/.github/scripts/scan-for-licenses.sh
@@ -6,9 +6,7 @@
 set -eu
 set -o pipefail
 
-declare -A IMAGE_PULL_TOKENS=(
-  ["registry-gitlab.teuto.net"]="${TEUTO_PORTAL_WORKER_PULL_TOKEN}"
-)
+source "$(dirname "$0")/trivy-login-to-registries.sh"
 
 WHITELIST=(
   "AGPL-3.0" # We're not writing software 🤷
@@ -89,12 +87,6 @@ function scanLicenses() {
   fi
 }
 
-trivy image --download-db-only
-
-for registry in "${!IMAGE_PULL_TOKENS[@]}"; do
-  TRIVY_PASSWORD="${IMAGE_PULL_TOKENS["$registry"]}" trivy registry login --username github-cve-scanning "$registry"
-done
-
 if [[ "$#" == 1 && -d "$1" ]]; then
   scanLicenses "$1"
 else
diff --git a/.github/scripts/trivy-login-to-registries.sh b/.github/scripts/trivy-login-to-registries.sh
new file mode 100644
index 000000000..9dc166558
--- /dev/null
+++ b/.github/scripts/trivy-login-to-registries.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+if ! (return 0 2>/dev/null); then
+  echo This must be sourced, not executed. >&2
+  exit 1
+fi
+
+declare -A IMAGE_PULL_TOKENS=(
+  ["registry-gitlab.teuto.net"]="${TEUTO_PORTAL_WORKER_PULL_TOKEN?}"
+)
+
+trivy image --download-db-only
+
+for registry in "${!IMAGE_PULL_TOKENS[@]}"; do
+  TRIVY_PASSWORD="${IMAGE_PULL_TOKENS["$registry"]}" trivy registry login --username github-cve-scanning "$registry"
+done