package com.atlassian.bamboo.configuration.external.rss;

import com.atlassian.bamboo.build.pipeline.concurrent.SystemAuthorityThreadFactory;
import com.atlassian.bamboo.commit.CommitContext;
import com.atlassian.bamboo.configuration.AdministrationConfigurationAccessor;
import com.atlassian.bamboo.configuration.RssSecurityConfiguration;
import com.atlassian.bamboo.configuration.external.MavenSanitizer;
import com.atlassian.bamboo.configuration.external.PomProcessingException;
import com.atlassian.bamboo.configuration.external.RssExecutionOutputHandler;
import com.atlassian.bamboo.configuration.external.RssPermissions;
import com.atlassian.bamboo.configuration.external.SpecsConsumer;
import com.atlassian.bamboo.configuration.external.SpecsNotFoundException;
import com.atlassian.bamboo.configuration.external.util.RssExecutionLogUtils;
import com.atlassian.bamboo.plan.VcsBambooSpecsSource;
import com.atlassian.bamboo.plan.branch.VcsBranch;
import com.atlassian.bamboo.process.ExternalProcessViaBatchBuilder;
import com.atlassian.bamboo.repository.CachedRepositoryDefinitionManager;
import com.atlassian.bamboo.repository.RepositoryException;
import com.atlassian.bamboo.specs.util.BambooSpecVersion;
import com.atlassian.bamboo.util.BuildUtils;
import com.atlassian.bamboo.utils.BambooPathUtils;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.bamboo.vcs.configuration.VcsRepositoryData;
import com.atlassian.utils.process.ExternalProcess;
import com.atlassian.utils.process.ProcessException;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Stopwatch;
import com.google.common.base.Throwables;
import com.spotify.docker.client.DefaultDockerClient;
import com.spotify.docker.client.DockerClient;
import com.spotify.docker.client.LogStream;
import com.spotify.docker.client.exceptions.DockerCertificateException;
import com.spotify.docker.client.exceptions.DockerException;
import com.spotify.docker.client.exceptions.DockerRequestException;
import com.spotify.docker.client.messages.ContainerConfig;
import com.spotify.docker.client.messages.ExecCreation;
import com.spotify.docker.client.messages.ExecState;
import com.spotify.docker.client.messages.HostConfig;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.servlet.ServletContext;
import org.apache.commons.compress.archivers.ArchiveEntry;
import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.ReaderInputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.SystemUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/configuration/external/rss/RepositoryStoredSpecsExecutionServiceImpl.class */
public class RepositoryStoredSpecsExecutionServiceImpl implements RepositoryStoredSpecsExecutionService {
    private static final String MAVEN_OPTS_ENV = "MAVEN_OPTS";
    private static final String MAVEN_OPTS_EXTENSION_JDK17 = " --add-opens java.base/java.security=ALL-UNNAMED";

    @VisibleForTesting
    static final String ORIGINAL_POM = "pom.xml";
    private final ExecutorService executor = Executors.newFixedThreadPool((int) SystemProperty.REPOSITORY_STORED_SPECS_THREADS.getTypedValue(), new SystemAuthorityThreadFactory("repository-stored-specs"));

    @Inject
    private AdministrationConfigurationAccessor administrationConfigurationAccessor;

    @Inject
    private MavenSanitizer mavenSanitizer;

    @Inject
    private ServletContext servletContext;

    @Inject
    private CachedRepositoryDefinitionManager repositoryDefinitionManager;
    private static final Logger log = Logger.getLogger(RepositoryStoredSpecsExecutionServiceImpl.class);
    private static final Path SPECS_DIR_IN_DOCKER = Paths.get("/mnt/input", new String[0]);
    private static final Path YAML_OUTPUT_DIR_IN_DOCKER = Paths.get("/mnt/output", new String[0]);
    private static final Duration RSS_TIMEOUT = Duration.ofSeconds(SystemProperty.REPOSITORY_STORED_SPECS_TIMEOUT_SECONDS.getTypedValue());

    @Override // com.atlassian.bamboo.configuration.external.rss.RepositoryStoredSpecsExecutionService
    public void generateBambooYamlsFromSpecs(@NotNull SpecsConsumer specsConsumer, @NotNull VcsRepositoryData vcsRepositoryData, @NotNull VcsBambooSpecsSource vcsBambooSpecsSource, @NotNull Path path, @NotNull Path path2, @NotNull RssSecurityConfiguration rssSecurityConfiguration, @NotNull RssPermissions rssPermissions, @NotNull List<CommitContext> list, @NotNull RssExecutionOutputHandler rssExecutionOutputHandler, @NotNull String str) throws SpecsNotFoundException {
        try {
            Path resolveSpecsPom = resolveSpecsPom(path, rssExecutionOutputHandler);
            try {
                Optional optional = (Optional) this.executor.submit(rssSecurityConfiguration.isExecuteSpecsInDocker() ? runSpecsWithDocker(vcsRepositoryData, vcsBambooSpecsSource, rssSecurityConfiguration, path, resolveSpecsPom, path2, rssExecutionOutputHandler) : runSpecsWithMaven(vcsRepositoryData, vcsBambooSpecsSource, path, resolveSpecsPom, path2, rssExecutionOutputHandler)).get();
                if (optional.isPresent()) {
                    Exception exc = (Exception) optional.get();
                    specsConsumer.onError(vcsRepositoryData, list, vcsBambooSpecsSource, rssPermissions, rssExecutionOutputHandler, exc, str);
                    Throwables.throwIfUnchecked(exc);
                    throw new RuntimeException(exc);
                }
            } catch (InterruptedException | ExecutionException e) {
                specsConsumer.onError(vcsRepositoryData, list, vcsBambooSpecsSource, rssPermissions, rssExecutionOutputHandler, e, str);
                throw new RuntimeException(e);
            }
        } catch (PomProcessingException e2) {
            specsConsumer.onError(vcsRepositoryData, list, vcsBambooSpecsSource, rssPermissions, rssExecutionOutputHandler, e2, str);
            throw new RuntimeException(e2);
        }
    }

    private Path resolveSpecsPom(@NotNull Path path, @NotNull RssExecutionOutputHandler rssExecutionOutputHandler) throws PomProcessingException, SpecsNotFoundException {
        Path resolve = path.resolve(ORIGINAL_POM);
        if (Files.exists(resolve, new LinkOption[0])) {
            return SystemProperty.REPOSITORY_STORED_SPECS_POM_SANITIZATION_ENABLED.getTypedValue() ? this.mavenSanitizer.sanitize(resolve.toFile(), rssExecutionOutputHandler).toPath() : resolve;
        }
        throw new SpecsNotFoundException(String.format("Unable to locate %s file in %s", ORIGINAL_POM, path));
    }

    private Callable<Optional<Exception>> runSpecsWithMaven(VcsRepositoryData vcsRepositoryData, VcsBambooSpecsSource vcsBambooSpecsSource, Path path, Path path2, Path path3, RssExecutionOutputHandler rssExecutionOutputHandler) {
        List<String> buildMavenCommand = buildMavenCommand(vcsRepositoryData, vcsBambooSpecsSource, getMvnPath(), path2, path3);
        log.debug("Running command " + String.join(" ", buildMavenCommand));
        ExternalProcess build = new ExternalProcessViaBatchBuilder().wrapCommandInQuotesOnWindows().command(buildMavenCommand, path.toFile()).idleTimeout(RSS_TIMEOUT.toMillis()).handlers(rssExecutionOutputHandler, rssExecutionOutputHandler).env(MAVEN_OPTS_ENV, StringUtils.defaultString(System.getenv(MAVEN_OPTS_ENV)) + " --add-opens java.base/java.security=ALL-UNNAMED").build();
        return () -> {
            Stopwatch createStarted = Stopwatch.createStarted();
            build.execute();
            log.info("Bamboo Specs execution took " + createStarted);
            if (build.getHandler().getExitCode() == 0) {
                return Optional.empty();
            }
            logIfNotEmpty(Level.WARN, rssExecutionOutputHandler);
            log.info("exit code: " + build.getHandler().getExitCode());
            log.info("process exception:", build.getHandler().getException());
            return Optional.of(new RepositoryException("Unable to scan repository " + vcsRepositoryData.getName() + " (" + vcsRepositoryData.getRootVcsRepositoryId() + ") for Bamboo Specs", build.getHandler().getException(), (String) null, (String) null, vcsRepositoryData.getRootVcsRepositoryId()));
        };
    }

    private Callable<Optional<Exception>> runSpecsWithDocker(VcsRepositoryData vcsRepositoryData, VcsBambooSpecsSource vcsBambooSpecsSource, RssSecurityConfiguration rssSecurityConfiguration, Path path, Path path2, Path path3, RssExecutionOutputHandler rssExecutionOutputHandler) {
        return () -> {
            RssExecutionLogUtils.appendMessageToLog(rssExecutionOutputHandler, "Processing Specs within Docker container");
            try {
                DefaultDockerClient build = DefaultDockerClient.fromEnv().build();
                try {
                    log.debug("Checking if Docker daemon is running");
                    try {
                        build.ping();
                        updateDockerImageCache(rssSecurityConfiguration.getDockerImage(), build);
                        ContainerConfig.Builder cmd = ContainerConfig.builder().image(rssSecurityConfiguration.getDockerImage()).workingDir(SPECS_DIR_IN_DOCKER.toString()).cmd(new String[]{"sh", "-c", "while :; do sleep 1; done"});
                        if (rssSecurityConfiguration.isMountLocalMavenDirectory()) {
                            cmd.hostConfig(HostConfig.builder().binds(new String[]{rssSecurityConfiguration.getLocalMavenDirectory() + ":/root/.m2"}).build());
                        }
                        ContainerConfig build2 = cmd.build();
                        String str = "bamboo-specs-" + UUID.randomUUID();
                        log.debug("Creating docker container");
                        String id = build.createContainer(build2, str).id();
                        try {
                            log.debug("Starting docker container " + id);
                            build.startContainer(id);
                            try {
                                log.debug(String.format("Copying Specs files from host [%s] to container [%s]", path.toString(), SPECS_DIR_IN_DOCKER));
                                build.copyToContainer(path, id, SPECS_DIR_IN_DOCKER.toString());
                                String[] strArr = (String[]) buildMavenCommand(vcsRepositoryData, vcsBambooSpecsSource, Paths.get("mvn", new String[0]), path.relativize(path2), YAML_OUTPUT_DIR_IN_DOCKER).toArray(new String[0]);
                                ExecCreation execCreate = build.execCreate(id, strArr, new DockerClient.ExecCreateParam[]{DockerClient.ExecCreateParam.attachStdin(), DockerClient.ExecCreateParam.attachStdout(), DockerClient.ExecCreateParam.attachStderr()});
                                log.info("Starting Specs processing in container: " + String.join(" ", strArr));
                                runSpecsProcessingInDocker(build, execCreate, rssExecutionOutputHandler);
                                ExecState execInspect = build.execInspect(execCreate.id());
                                if (!Objects.equals(execInspect.exitCode(), 0L)) {
                                    throw new RepositoryException("Error during Specs processing in Docker container, exit code " + execInspect.exitCode(), vcsRepositoryData.getRootVcsRepositoryId());
                                }
                                log.debug(String.format("Copying YAML output files from container [%s] to host [%s]", YAML_OUTPUT_DIR_IN_DOCKER, path3.toString()));
                                copyYamlFilesFromDockerContainer(build, id, path3);
                                log.debug("Killing docker container " + id);
                                build.killContainer(id);
                                log.debug("Removing docker container " + id);
                                build.removeContainer(id);
                                Optional empty = Optional.empty();
                                if (build != null) {
                                    build.close();
                                }
                                return empty;
                            } catch (Throwable th) {
                                log.debug("Killing docker container " + id);
                                build.killContainer(id);
                                throw th;
                            }
                        } catch (Throwable th2) {
                            log.debug("Removing docker container " + id);
                            build.removeContainer(id);
                            throw th2;
                        }
                    } catch (DockerException e) {
                        log.error("Bamboo is configured to process Bamboo Specs in Docker, but it failed to connect to the Docker daemon. Make sure that Docker is running or disable processing Bamboo Specs in Docker in Bamboo Security Settings.", e);
                        Optional of = Optional.of(new Exception("Bamboo is configured to process Bamboo Specs in Docker, but it failed to connect to the Docker daemon. Make sure that Docker is running or disable processing Bamboo Specs in Docker in Bamboo Security Settings."));
                        if (build != null) {
                            build.close();
                        }
                        return of;
                    }
                } finally {
                }
            } catch (DockerCertificateException | DockerException | IOException | InterruptedException | RepositoryException e2) {
                return Optional.of(new RepositoryException("Unable to scan repository " + vcsRepositoryData.getName() + " (" + vcsRepositoryData.getRootVcsRepositoryId() + ") for Bamboo Specs", e2, (String) null, (String) null, vcsRepositoryData.getRootVcsRepositoryId()));
            }
        };
    }

    private void updateDockerImageCache(@NotNull String str, @NotNull DockerClient dockerClient) throws DockerException, InterruptedException {
        if (SystemProperty.FORCE_PULL_SPECS_RUNNER_IMAGE.getTypedValue() || str.endsWith(":latest") || !isDockerImageInCache(str, dockerClient)) {
            log.debug("Pulling docker image " + str);
            try {
                dockerClient.pull(str);
            } catch (DockerRequestException e) {
                if (!StringUtils.defaultString(e.getResponseBody()).contains("toomanyrequests")) {
                    throw e;
                }
                log.error("Continue Specs processing and ignore " + e.getMessage());
            }
        }
    }

    private boolean isDockerImageInCache(@NotNull String str, DockerClient dockerClient) throws DockerException, InterruptedException {
        return dockerClient.listImages(new DockerClient.ListImagesParam[0]).stream().map((v0) -> {
            return v0.repoTags();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).anyMatch(str2 -> {
            return str2.equals(str);
        });
    }

    @NotNull
    private List<String> buildMavenCommand(VcsRepositoryData vcsRepositoryData, VcsBambooSpecsSource vcsBambooSpecsSource, Path path, Path path2, Path path3) {
        ArrayList arrayList = new ArrayList(Arrays.asList(path.toString(), "--batch-mode", "--errors", "--file", path2.toString(), "-Ppublish-specs", "-Dspecs.yamlDir=" + path3.toString(), "-Dspecs.useRest=false", "-Dspecs.useSecurityManager=" + SystemProperty.REPOSITORY_STORED_SPECS_SECURITY_MANAGER_ENABLED.getTypedValue(), "-Dspecs.rs.specsSourceId=" + vcsBambooSpecsSource.getId(), "-Dspecs.bamboo.instanceName=" + encodeCommandLineArgument(this.administrationConfigurationAccessor.getAdministrationConfiguration().getInstanceName()), "-Dmaven.test.skip=true", "-Dmaven.compiler.fork=false", "-Dbamboo.specs.version=" + BambooSpecVersion.getModelVersion(), "-Dbamboo.specs.log.hideDate=true"));
        VcsBranch vcsBranch = vcsRepositoryData.getBranch() != null ? vcsRepositoryData.getBranch().getVcsBranch() : null;
        VcsBranch vcsBranch2 = (VcsBranch) Optional.ofNullable(this.repositoryDefinitionManager.getVcsRepositoryData(vcsRepositoryData.getRootVcsRepositoryId())).map((v0) -> {
            return v0.getBranch();
        }).map((v0) -> {
            return v0.getVcsBranch();
        }).orElse(null);
        if (vcsBranch2 != null) {
            boolean z = vcsBranch == null || vcsBranch2.equals(vcsBranch);
            String name = vcsBranch == null ? vcsBranch2.getName() : vcsBranch.getName();
            arrayList.add("-Drss.default.branch=" + z);
            arrayList.add("-Drss.current.branch=" + encodeCommandLineArgument(name));
        } else {
            arrayList.add("-Drss.default.branch=true");
        }
        return arrayList;
    }

    private String encodeCommandLineArgument(String str) {
        return Base64.getEncoder().encodeToString(str.getBytes(StandardCharsets.UTF_8));
    }

    @NotNull
    private Path getMvnPath() {
        Path path;
        String property = System.getProperty("M2_HOME", System.getenv("M2_HOME"));
        if (StringUtils.isNotBlank(property)) {
            path = Paths.get(property, new String[0]).resolve("bin").resolve(SystemUtils.IS_OS_WINDOWS ? "mvn.cmd" : "mvn");
        } else {
            path = Paths.get(SystemUtils.IS_OS_WINDOWS ? "mvn.cmd" : "mvn", new String[0]);
        }
        try {
            Stream<Path> list = Files.list(Paths.get(this.servletContext.getRealPath("/"), new String[0]).resolveSibling("tools"));
            try {
                Optional findAny = list.filter(path2 -> {
                    return path2.getFileName().toString().startsWith("apache-maven-");
                }).map(path3 -> {
                    return path3.resolve("bin").resolve(SystemUtils.IS_OS_WINDOWS ? "mvn.cmd" : "mvn");
                }).filter(path4 -> {
                    return Files.exists(path4, new LinkOption[0]);
                }).findAny();
                if (!findAny.isPresent() && !BuildUtils.isDevMode()) {
                    log.warn("Can't find Maven executable bundled with Bamboo. Use system 'mvn' executable");
                }
                Path path5 = (Path) findAny.orElse(path);
                if (list != null) {
                    list.close();
                }
                return path5;
            } finally {
            }
        } catch (IOException e) {
            return path;
        }
    }

    private void runSpecsProcessingInDocker(DockerClient dockerClient, ExecCreation execCreation, RssExecutionOutputHandler rssExecutionOutputHandler) throws DockerException, InterruptedException {
        LogStream execStart = dockerClient.execStart(execCreation.id(), new DockerClient.ExecStartParameter[0]);
        try {
            try {
                rssExecutionOutputHandler.process((InputStream) new ReaderInputStream(new StringReader(execStart.readFully()), Charset.defaultCharset()));
            } catch (ProcessException e) {
                log.info("Error while fetching logs from Docker container, ignoring", e);
            }
            if (execStart != null) {
                execStart.close();
            }
        } catch (Throwable th) {
            if (execStart != null) {
                try {
                    execStart.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void copyYamlFilesFromDockerContainer(DockerClient dockerClient, String str, Path path) throws IOException, DockerException, InterruptedException {
        Files.createDirectories(path, new FileAttribute[0]);
        storeDockerArchive(new TarArchiveInputStream(dockerClient.archiveContainer(str, YAML_OUTPUT_DIR_IN_DOCKER.toString())), path);
    }

    private void storeDockerArchive(ArchiveInputStream archiveInputStream, Path path) throws IOException {
        Path fileName = YAML_OUTPUT_DIR_IN_DOCKER.getFileName();
        while (true) {
            ArchiveEntry nextEntry = archiveInputStream.getNextEntry();
            if (nextEntry == null) {
                return;
            }
            Path resolve = path.resolve(fileName.relativize(Paths.get(nextEntry.getName(), new String[0])));
            if (nextEntry.isDirectory()) {
                Files.createDirectories(resolve, new FileAttribute[0]);
            } else {
                OutputStream openOutputStream = BambooPathUtils.openOutputStream(resolve);
                try {
                    IOUtils.copy(archiveInputStream, openOutputStream);
                    if (openOutputStream != null) {
                        openOutputStream.close();
                    }
                } catch (Throwable th) {
                    if (openOutputStream != null) {
                        try {
                            openOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        }
    }

    private static void logIfNotEmpty(Level level, RssExecutionOutputHandler rssExecutionOutputHandler) {
        String output = rssExecutionOutputHandler.getOutput();
        if (StringUtils.isNotBlank(output)) {
            log.log(level, output);
        }
    }
}
