feat: Update report sync using grpc

go.mod

@@ -3,8 +3,8 @@ module github.com/safedep/vet
 go 1.22.1
 
 require (
-	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240926081214-ab2d7dfd2ee4.1
-	buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240926081214-ab2d7dfd2ee4.2
+	buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1
+	buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/CycloneDX/cyclonedx-go v0.9.0
 	github.com/anchore/syft v1.11.1

go.sum

@@ -1,9 +1,9 @@
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2 h1:cFrEG/pJch6t62+jqndcPXeTNkYcztS4tBRgNkR+drw=
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240508200655-46a4cf4ba109.2/go.mod h1:ylS4c28ACSI59oJrOdW4pHS4n0Hw4TgSPHn8rpHl4Yw=
-buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240926081214-ab2d7dfd2ee4.1 h1:3EzCYr2p0LEZZypVNa9858aMzDb1IaaIx6Yc4aFy9Pc=
-buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240926081214-ab2d7dfd2ee4.1/go.mod h1:/a/eMLFwkuQ6l6FgqutzzADjVmzqOd+tB4e96/I8lWg=
-buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240926081214-ab2d7dfd2ee4.2 h1:yxZyCiOpBy5QWnoEiqcMBL/uSrTk8bfm52wpORxReeU=
-buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240926081214-ab2d7dfd2ee4.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1 h1:2ELSEnzC34KBVKPsmdzbFSUdZoCa56K/xb6bQ/QKfd4=
+buf.build/gen/go/safedep/api/grpc/go v1.5.1-20240927074119-125b1e169aaf.1/go.mod h1:N2s2AvQRTd39jzo6zQL1b7aohwR6HF8J6pyXbBzbkak=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2 h1:UZdrFL+T3SUjJy8rX8N3HD4gb18Wp1gcPmIHKbEG3cA=
+buf.build/gen/go/safedep/api/protocolbuffers/go v1.34.2-20240927074119-125b1e169aaf.2/go.mod h1:s12A8dY1Tq74LKOkUHLOOLXPJOaAhdVDAakFTSlB/cM=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -779,8 +779,6 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/safedep/dry v0.0.0-20240927022242-9d60282446c5 h1:QBaQizpZq2laao6/xO6vians/3TEfrxY6DcRJswlvm0=
-github.com/safedep/dry v0.0.0-20240927022242-9d60282446c5/go.mod h1:OHfFlBHlJsIJyK3vsc40yaInGUxrzPhwYu8hM1h+kxs=
 github.com/safedep/dry v0.0.0-20240927023913-bb455ab56626 h1:0WadRINp2CAx5AvZkix9uFsibU9PXTtmoass7H+Z+9w=
 github.com/safedep/dry v0.0.0-20240927023913-bb455ab56626/go.mod h1:OHfFlBHlJsIJyK3vsc40yaInGUxrzPhwYu8hM1h+kxs=
 github.com/sagikazarmark/crypt v0.3.0/go.mod h1:uD/D+6UF4SrIR1uGEv7bBNkNqLGqUr43MRiaGWX1Nig=

pkg/models/models.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 	"sync"
 
+	packagev1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/package/v1"
 	"github.com/google/osv-scanner/pkg/lockfile"
 	"github.com/safedep/vet/gen/insightapi"
 
@@ -111,6 +112,21 @@ func (pm *PackageManifest) GetPackagesCount() int {
 	return len(pm.GetPackages())
 }
 
+func (pm *PackageManifest) GetControlTowerSpecEcosystem() packagev1.Ecosystem {
+	switch pm.Ecosystem {
+	case EcosystemCargo:
+		return packagev1.Ecosystem_ECOSYSTEM_CARGO
+	case EcosystemGo:
+		return packagev1.Ecosystem_ECOSYSTEM_GO
+	case EcosystemMaven:
+		return packagev1.Ecosystem_ECOSYSTEM_MAVEN
+	case EcosystemNpm:
+		return packagev1.Ecosystem_ECOSYSTEM_NPM
+	default:
+		return packagev1.Ecosystem_ECOSYSTEM_UNSPECIFIED
+	}
+}
+
 func (pm *PackageManifest) GetSpecEcosystem() modelspec.Ecosystem {
 	switch pm.Ecosystem {
 	case EcosystemCargo:

pkg/reporter/sync.go

@@ -2,16 +2,16 @@ package reporter
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
+	"os"
 	"sync"
 
 	"buf.build/gen/go/safedep/api/grpc/go/safedep/services/controltower/v1/controltowerv1grpc"
+	packagev1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/messages/package/v1"
 	controltowerv1 "buf.build/gen/go/safedep/api/protocolbuffers/go/safedep/services/controltower/v1"
 	drygrpc "github.com/safedep/dry/adapters/grpc"
-	"github.com/safedep/dry/utils"
 	"github.com/safedep/vet/pkg/analyzer"
 	"github.com/safedep/vet/pkg/common/logger"
 	"github.com/safedep/vet/pkg/models"
@@ -73,9 +73,12 @@ func NewSyncReporter(config SyncReporterConfig) (Reporter, error) {
 
 	logger.Debugf("ControlTower host: %s, port: %s", host, port)
 
+	vetTenantId := os.Getenv("VET_CONTROL_TOWER_TENANT_ID")
+	vetTenantMockUser := os.Getenv("VET_CONTROL_TOWER_MOCK_USER") // Used in dev
+
 	headers := http.Header{}
-	headers.Set("x-tenant-id", "default-team.safedep-io.safedep.io")
-	headers.Set("x-mock-user", "abhisek@safedep.io")
+	headers.Set("x-tenant-id", vetTenantId)
+	headers.Set("x-mock-user", vetTenantMockUser)
 
 	client, err := drygrpc.GrpcClient("vet-sync", host, port,
 		config.ControlTowerToken, headers, []grpc.DialOption{})
@@ -142,7 +145,18 @@ func (s *syncReporter) Finish() error {
 	s.wg.Wait()
 	close(s.done)
 
-	return nil
+	logger.Debugf("Report Sync: Completing tool session: %s", s.sessionId)
+
+	_, err := s.toolServiceClient.CompleteToolSession(context.Background(),
+		&controltowerv1.CompleteToolSessionRequest{
+			ToolSession: &controltowerv1.ToolSession{
+				ToolSessionId: s.sessionId,
+			},
+
+			Status: controltowerv1.CompleteToolSessionRequest_STATUS_SUCCESS,
+		})
+
+	return err
 }
 
 func (s *syncReporter) queuePackage(pkg *models.Package) {
@@ -177,20 +191,67 @@ func (s *syncReporter) syncReportWorker() {
 
 func (s *syncReporter) syncPackage(pkg *models.Package) error {
 	defer s.wg.Done()
-	return nil
-}
 
-func validateSyncReporterConfig(config *SyncReporterConfig) error {
-	if utils.IsEmptyString(config.ProjectName) {
-		return errors.New("project name not in config")
+	req := controltowerv1.PublishPackageInsightRequest{
+		ToolSession: &controltowerv1.ToolSession{
+			ToolSessionId: s.sessionId,
+		},
+
+		Manifest: &packagev1.PackageManifest{
+			Ecosystem: pkg.Manifest.GetControlTowerSpecEcosystem(),
+			Name:      pkg.Manifest.GetDisplayPath(),
+		},
+
+		PackageVersion: &packagev1.PackageVersion{
+			Package: &packagev1.Package{
+				Ecosystem: pkg.Manifest.GetControlTowerSpecEcosystem(),
+				Name:      pkg.Name,
+			},
+
+			Version: pkg.Version,
+		},
+
+		PackageVersionInsight: &packagev1.PackageVersionInsight{
+			Dependencies: []*packagev1.PackageVersion{},
+		},
 	}
 
-	if utils.IsEmptyString(config.ProjectVersion) {
-		return errors.New("stream name not in config")
+	// We should move this to models
+	graph := pkg.GetDependencyGraph()
+	if graph != nil {
+		nodes := graph.GetNodes()
+		for _, node := range nodes {
+			if node.Root {
+				continue
+			}
+
+			thisPkg := node.Data
+			if thisPkg == nil {
+				continue
+			}
+
+			if thisPkg.GetName() != pkg.GetName() &&
+				thisPkg.GetVersion() != pkg.GetVersion() &&
+				thisPkg.GetSpecEcosystem() != pkg.GetSpecEcosystem() {
+				continue
+			}
+
+			for _, child := range node.Children {
+				req.PackageVersionInsight.Dependencies = append(req.PackageVersionInsight.Dependencies, &packagev1.PackageVersion{
+					Package: &packagev1.Package{
+						Ecosystem: child.Manifest.GetControlTowerSpecEcosystem(),
+						Name:      child.GetName(),
+					},
+
+					Version: child.GetVersion(),
+				})
+			}
+		}
 	}
 
-	if utils.IsEmptyString(config.TriggerEvent) {
-		return errors.New("trigger event not in config")
+	_, err := s.toolServiceClient.PublishPackageInsight(context.Background(), &req)
+	if err != nil {
+		return fmt.Errorf("failed to publish package insight: %w", err)
 	}
 
 	return nil