[acrcssc] Fix continuous patching tasks to handle registries with DNL enabled

src/acrcssc/HISTORY.rst

@@ -3,6 +3,10 @@
 Release History
 ===============
 
+1.0.0b6
+++++++++
+* Fix issue with DNL registry names when scheduling tasks
+
 1.0.0b5
 ++++++++
 * Update minCliCoreVersion

src/acrcssc/azext_acrcssc/templates/task/cssc_patch_image.yaml

@@ -2,7 +2,7 @@ version: v1.1.0
 alias:
   values:
     ScanReport : os-vulnerability-report_trivy_{{ regexReplaceAll "[^a-zA-Z0-9]" .Values.SOURCE_REPOSITORY "-" }}_{{.Values.SOURCE_IMAGE_TAG}}_$(date "+%Y-%m-%d").json
-    cssc : mcr.microsoft.com/acr/cssc:cbcf692
+    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
 steps:
   - id: print-inputs
     cmd: |

src/acrcssc/azext_acrcssc/templates/task/cssc_scan_image.yaml

@@ -3,7 +3,7 @@ alias:
   values:
     patchimagetask: cssc-patch-image
     DATE: $(date "+%Y-%m-%d")
-    cssc : mcr.microsoft.com/acr/cssc:cbcf692
+    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
 steps:
   - id: print-inputs
     cmd: |
@@ -45,10 +45,15 @@ steps:
       if [ "$eoslValue" = "true" ]; then \
         echo "PATCHING will be skipped as EOSL is $eoslValue for image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}"; \
       elif [ $vulCount -gt 0 ]; then \
+          RegistryBaseName={{.Run.Registry}}
+          if [[ $RegistryBaseName == *-* ]]; then
+            RegistryBaseName="${RegistryBaseName%%-*}"
+            echo "DNL registry name detected, readjusting RegistryBaseName to $RegistryBaseName for task scheduling"
+          fi
           az login --identity --allow-no-subscriptions; \
           echo "Total OS vulnerabilities found -> $vulCount"; \
-          echo "PATCHING task scheduled for image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}, new patch tag will be {{.Values.SOURCE_IMAGE_ORIGINAL_TAG}}-{{.Values.SOURCE_IMAGE_NEWPATCH_TAG}}"; \
-          az acr task run --name $patchimagetask --registry $RegistryName --set SOURCE_REPOSITORY={{.Values.SOURCE_REPOSITORY}} --set SOURCE_IMAGE_TAG={{.Values.SOURCE_IMAGE_ORIGINAL_TAG}} --set SOURCE_IMAGE_NEWPATCH_TAG={{.Values.SOURCE_IMAGE_NEWPATCH_TAG}} --no-wait; \
+          echo "PATCHING task scheduled for image ${RegistryBaseName}/{{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}, new patch tag will be {{.Values.SOURCE_IMAGE_ORIGINAL_TAG}}-{{.Values.SOURCE_IMAGE_NEWPATCH_TAG}}"; \
+          az acr task run --name $patchimagetask --registry $RegistryBaseName --set SOURCE_REPOSITORY={{.Values.SOURCE_REPOSITORY}} --set SOURCE_IMAGE_TAG={{.Values.SOURCE_IMAGE_ORIGINAL_TAG}} --set SOURCE_IMAGE_NEWPATCH_TAG={{.Values.SOURCE_IMAGE_NEWPATCH_TAG}} --no-wait; \
         else \
           echo "PATCHING will be skipped as no vulnerability found in the image {{.Values.SOURCE_REPOSITORY}}:{{.Values.SOURCE_IMAGE_TAG}}"; \
       fi'

src/acrcssc/azext_acrcssc/templates/task/cssc_trigger_workflow.yaml

@@ -2,7 +2,7 @@ version: v1.1.0
 alias:
   values:
     ScanImageAndSchedulePatchTask: cssc-scan-image
-    cssc : mcr.microsoft.com/acr/cssc:cbcf692
+    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
     maxLimit: 100
 steps:
   - cmd: bash -c 'echo "Inside cssc-trigger-workflow task, getting list of images to be patched based on --filter-policy for Registry {{.Run.Registry}}."'
@@ -28,10 +28,14 @@ steps:
     timeout: 1800
     cmd: |
         az -c '
-        counter=0; \
-        batchSize=10; \
-        sleepDuration=30; \
-        RegistryName={{.Run.Registry}}; \
+        counter=0
+        batchSize=10
+        sleepDuration=30
+        RegistryBaseName={{.Run.Registry}}
+        if [[ $RegistryBaseName == *-* ]]; then
+          RegistryBaseName="${RegistryBaseName%%-*}"
+          echo "DNL registry name detected, readjusting RegistryBaseName to $RegistryBaseName for task scheduling"
+        fi
         while read line;do \
         IFS=',' read -r -a array <<< "${line}"
         RepoName=${array[0]}
@@ -44,15 +48,14 @@ steps:
         else
           IncrementedTagNumber="1"
         fi
-
         if [ $TagName == "N/A" ]; then
           TagName=$OriginalTag
         elif [[ $TagName =~ -([0-9]{1,3})$ ]]; then
           TagNumber=${BASH_REMATCH[1]}
           IncrementedTagNumber=$((TagNumber+1))
         fi
-        echo "Scheduling $ScanImageAndSchedulePatchTask for $RegistryName/$RepoName, Tag:$TagName, OriginalTag:$OriginalTag, PatchTag:$OriginalTag-$IncrementedTagNumber"; \
-        az acr task run --name $ScanImageAndSchedulePatchTask --registry $RegistryName --set SOURCE_REPOSITORY=$RepoName --set SOURCE_IMAGE_TAG=$TagName --set SOURCE_IMAGE_ORIGINAL_TAG=$OriginalTag --set SOURCE_IMAGE_NEWPATCH_TAG=$IncrementedTagNumber --no-wait; \
+        echo "Scheduling $ScanImageAndSchedulePatchTask for ${RegistryBaseName}/$RepoName, Tag:$TagName, OriginalTag:$OriginalTag, PatchTag:$OriginalTag-$IncrementedTagNumber"; \
+        az acr task run --name $ScanImageAndSchedulePatchTask --registry $RegistryBaseName --set SOURCE_REPOSITORY=$RepoName --set SOURCE_IMAGE_TAG=$TagName --set SOURCE_IMAGE_ORIGINAL_TAG=$OriginalTag --set SOURCE_IMAGE_NEWPATCH_TAG=$IncrementedTagNumber --no-wait; \
         counter=$((counter+1)); \
         if [ $((counter%batchSize)) -eq 0 ]; then \
           echo "Waiting for $sleepDuration seconds before scheduling scans for next batch of images"; \

src/acrcssc/azext_acrcssc/templates/tmp_dry_run_template.yaml

@@ -1,7 +1,7 @@
 version: v1.1.0
 alias:
   values:
-    cssc : mcr.microsoft.com/acr/cssc:cbcf692
+    cssc : mcr.microsoft.com/acr/cssc:1fb6e2a
     maxLimit: 100
 steps:
   - id: acr-cli-filter

src/acrcssc/setup.py

@@ -13,7 +13,7 @@
     from distutils import log as logger
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
-VERSION = '1.0.0b5'
+VERSION = '1.0.0b6'
 
 # The full list of classifiers is available at
 # https://pypi.python.org/pypi?%3Aaction=list_classifiers