From f2715073c223d43f6361db0847d9ede3267b9415 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Mon, 9 Sep 2024 10:42:41 -0400
Subject: [PATCH] deploy: fix credentials error

Fix error in which CVE_API_USER was mistakenly used
in place of CVE_API_KEY.

Also add a command (cve quota) that requires
credentials to ensure the deploy command will fail
if the CVE credentials are invalid. (This error was
not caught earlier because credentials are not
required to read CVE records.)

Additionally, bump Go version for build steps.

Fixes golang/go#69323

Change-Id: I1bb88a902e627662d8e96b81dd523495f77c3ddf
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/612041
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
---
 deploy/build.yaml | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/deploy/build.yaml b/deploy/build.yaml
index 2d2ab094..5e986afc 100644
--- a/deploy/build.yaml
+++ b/deploy/build.yaml
@@ -1,6 +1,6 @@
 steps:
   - id: Lock
-    name: golang:1.21.5
+    name: golang:1.23.0
     entrypoint: bash
     args:
       - -ec
@@ -23,7 +23,7 @@ steps:
         fi
 
   - id: Test
-    name: golang:1.21.5
+    name: golang:1.23.0
     entrypoint: bash
     args:
       - -ec
@@ -37,12 +37,12 @@ steps:
       - gsutil -q -m cp -r gs://go-vulndb /workspace
 
   - id: Generate
-    name: golang:1.21.5
+    name: golang:1.23.0
     entrypoint: bash
     args: ["-ec", "go run ./cmd/gendb -out /workspace/db -zip /workspace/db/vulndb.zip"]
 
   - id: PreValidate
-    name: golang:1.21.5
+    name: golang:1.23.0
     entrypoint: bash
     args:
       - -ec
@@ -61,7 +61,7 @@ steps:
       - mkdir /workspace/deployed && gsutil -q -m cp -r gs://go-vulndb /workspace/deployed
 
   - id: PostValidate
-    name: golang:1.20.12
+    name: golang:1.23.0
     entrypoint: bash
     args: ["-ec", "go run ./cmd/checkdb /workspace/deployed/go-vulndb"]
     env:
@@ -70,7 +70,13 @@ steps:
   - id: PublishCVEs
     name: golang:1.23.0
     entrypoint: bash
-    args: ["-ec", "go run ./cmd/cve -key $$CVE_API_USER -user $$CVE_API_USER publish-all"]
+    args:
+     - -ec
+     - |
+       # Ensure we have valid credentials before attempting publish.
+       go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER quota
+       # Publish or update any CVE records that have changed.
+       go run ./cmd/cve -key $$CVE_API_KEY -user $$CVE_API_USER publish-all
     secretEnv: ['CVE_API_USER', 'CVE_API_KEY']
 
 availableSecrets:
@@ -79,3 +85,6 @@ availableSecrets:
     env: 'CVE_API_KEY'
   - versionName: ${_CVE_API_USER}
     env: 'CVE_API_USER'
+
+options:
+  logging: CLOUD_LOGGING_ONLY