From 68ca4c9358b9ccae6abbd462a244cd058462cff1 Mon Sep 17 00:00:00 2001
From: Lorenzo Pagliai <lorenzo.pagliai@seco.com>
Date: Mon, 29 Apr 2024 17:19:58 +0200
Subject: [PATCH] [NOTIFY] Include SAS token in Teams notifications

* Since now the links available in the notification message displayed in
  Teams channel with the link, changelog and job results report were
broken for software artifacts in private container.
* Introducing the creation of read-only SAS token with 6-months
  expiration policy also for reports.
* Fix in deploy stage for software artifact URL generation in case of
  public containers.
---
 scripts/notify_message.sh | 48 +++++++++++++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/scripts/notify_message.sh b/scripts/notify_message.sh
index cb0c995..483c0fb 100644
--- a/scripts/notify_message.sh
+++ b/scripts/notify_message.sh
@@ -35,15 +35,55 @@ az storage blob upload --account-name $AZURE_STORAGE_ACCOUNT \
     --overwrite
 
 cp .gitlab-ci/notification.json .
-job_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt)"
+
+case "$AZURE_CONTAINER_NAME" in 
+    *"private"*)
+      # Get the current year and month
+      current_year=$(date -u '+%Y')
+      current_month=$(date -u '+%m')
+      
+      # Calculate the token expiration month and year
+      future_month=$(( (current_month + 6) % 12 ))
+      future_year=$(( current_year + (current_month + 6) / 12 ))
+      
+      # Adjust the year if the future month is 0
+      if [ $future_month -eq 0 ]; then
+          future_month=12
+          future_year=$(( future_year - 1 ))
+      fi
+          
+      # Format the expiration date
+      expire_date="${future_year}-${future_month}-01T00:00Z"
+
+      # Get read-only blob SAS tokens
+      sas_job_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --permissions r --expiry "$expire_date" --output tsv)
+      sas_link_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --permissions r --expiry "$expire_date" --output tsv)
+      sas_changelog_report=$(az storage blob generate-sas --account-key $AZURE_STORAGE_KEY --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --permissions r --expiry "$expire_date" --output tsv)
+
+      # Get URLs without SAS container token, which shall be replaced with the blob one
+      job_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      link_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      changelog_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --output tsv | sed -E 's/\?s.*//')
+
+      #Construct final URLs
+      job_report="$job_report?$sas_job_report"
+      link_report="$link_report?$sas_link_report"
+      changelog_report="$changelog_report?$sas_changelog_report"
+      ;;
+    *)
+      # Get URLs without SAS container token
+      job_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Job_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      link_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt --output tsv | sed -E 's/\?s.*//')
+      changelog_report=$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md --output tsv | sed -E 's/\?s.*//')
+      ;;
+esac
+
 job_report="$(echo $job_report | sed -E 's/\s.*$//')"
 jq --arg job_var $job_report '.potentialAction[0].targets[0].uri = $job_var' notification.json >notification_1.json
 
-link_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Link_report_edgehog_${TAG_NAME}.txt)"
 link_report="$(echo $link_report | sed -E 's/\s.*$//')"
 jq --arg link_var $link_report '.potentialAction[1].targets[0].uri = $link_var' notification_1.json >notification_2.json
 
-changelog_report="$(az storage blob url --container-name $AZURE_CONTAINER_NAME --name ${AZURE_PATH}/Changelog_edgehog_${TAG_NAME}.md)"
 changelog_report="$(echo $changelog_report | sed -E 's/\s.*$//')"
 jq --arg changelog_var $changelog_report '.potentialAction[2].targets[0].uri = $changelog_var' notification_2.json >notification_3.json
 sed -i -E 's/\\"//g' notification_3.json
@@ -56,4 +96,4 @@ curl -X POST -H "Content-Type: application/json" --data @notification_4.json $WE
 cp Link_report_edgehog_${TAG_NAME}.txt Link_report.txt
 sed -i 's/\"//g' Link_report.txt
 
-echo "${changelog_report#?}" | cut -f1 -d"?" >changelog_link.txt
+echo "$changelog_report" >changelog_link.txt
-- 
GitLab