Skip to content

Latest commit

 

History

History
114 lines (96 loc) · 3.18 KB

README.md

File metadata and controls

114 lines (96 loc) · 3.18 KB

Deployment instructions

Quartermaster can be deployed both with GitHub Actions (see the workflows folder) and manually, with the following instructions:

  1. Launch the DGraph database:

    kubectl apply -k dgraph
  2. Specify the Maven repository to be cloned in qmstr/repo-url.env.

  3. Specify the desired QMSTR image tags to be deployed in the QMSTR kustomization.yaml file.
    The list of QMSTR Docker images can be found here.

  4. Launch Quartermaster:

    kubectl apply -k qmstr

Results

  1. Wait for the build and analysis phases to be over:

    kubectl logs --follow $(kubectl get pods --selector job-name=qmstr -o=name) qmstr-client
  2. Forward two local ports to the following two ports on the DGraph Pod:

    kubectl port-forward statefulset/dgraph 8000:8000
    kubectl port-forward statefulset/dgraph 8080:8080
  3. Open localhost:8000/?latest in your browser.

  4. Click on "Continue":

    DGraph login page

  5. Navigate to the "Console" page.

  6. You should now be able to query the database:

    {
        PackageNodes(func: has(packageNodeType)) @recurse(loop: true, depth: 3) {
            uid
            name
            version
            packageNodeType
            targets
            additionalInfo
            buildConfig
            diagnosticInfo
            timestamp
        }
    
        FileNodes(func: has(fileNodeType)) @recurse(loop: true, depth: 3) {
            uid
            fileNodeType
            path
            name
            fileData
            timestamp
            derivedFrom
            dependencies
        }
    
        FileDataNodes(func: has(fileDataNodeType)) @recurse(loop: true, depth: 3) {
            uid
            fileDataNodeType
            hash
            additionalInfo
            diagnosticInfo
        }
    
        InfoNodes(func: has(infoNodeType)) @recurse(loop: true, depth: 3) {
            uid
            infoNodeType
            type
            confidenceScore
            analyzer
            dataNodes
            timestamp
        }
    
        Analyzers(func: has(analyzerNodeType)) @recurse(loop: true, depth: 3) {
            uid
            name
            analyzerNodeType
            trustLevel
            pathSub
            old
            new
        }
    
        DataNodes(func: has(dataNodeType)) @recurse(loop: true, depth: 3) {
            uid
            dataNodeType
            type
            data
            timestamp
        }
    }
  7. The generated graph should look something like this:

    Generated Build Graph example

    The left part of the graph consists in the usual build graph, having in this case a single (Java) package node in green as the central node. License and compliance information is on the right, having the analyzer node in pink right in the middle.