package com.sysdig.jenkins.plugins.sysdig;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.SysdigBuilder;
import com.sysdig.jenkins.plugins.sysdig.Util;
import com.sysdig.jenkins.plugins.sysdig.client.ImageScanningSubmission;
import com.sysdig.jenkins.plugins.sysdig.log.ConsoleLog;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Run;
import hudson.model.TaskListener;
import java.util.ArrayList;
import java.util.Collections;
import java.util.logging.Logger;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/SysdigBuilderExecutor.class */
public class SysdigBuilderExecutor {
    private static final Logger LOG = Logger.getLogger(SysdigBuilderExecutor.class.getName());

    public SysdigBuilderExecutor(SysdigBuilder sysdigBuilder, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, AbortException {
        LOG.warning(String.format("Starting Sysdig Secure Container Image Scanner step, project: %s, job: %d", run.getParent().getDisplayName(), Integer.valueOf(run.getNumber())));
        BuildConfig buildConfig = null;
        BuildWorker buildWorker = null;
        SysdigBuilder.DescriptorImpl m2getDescriptor = sysdigBuilder.m2getDescriptor();
        ConsoleLog consoleLog = new ConsoleLog("SysdigSecurePlugin", taskListener.getLogger(), m2getDescriptor.getDebug());
        try {
            try {
                if (Strings.isNullOrEmpty(sysdigBuilder.getEngineCredentialsId()) && Strings.isNullOrEmpty(m2getDescriptor.getEngineCredentialsId())) {
                    throw new AbortException(String.format("Cannot find Jenkins credentials by ID: '%s'. Ensure credentials are defined in Jenkins before using them", sysdigBuilder.getEngineCredentialsId()));
                }
                String sysdigTokenFromCredentials = getSysdigTokenFromCredentials(sysdigBuilder, m2getDescriptor, run, consoleLog);
                String engineurl = getEngineurl(sysdigBuilder, m2getDescriptor, consoleLog);
                boolean z = sysdigBuilder.isInlineScanning() || m2getDescriptor.getInlineScanning();
                BuildConfig buildConfig2 = new BuildConfig(sysdigBuilder.getName(), sysdigBuilder.getEngineRetries(), sysdigBuilder.getBailOnFail(), sysdigBuilder.getBailOnPluginFail(), m2getDescriptor.getDebug(), z, engineurl, sysdigTokenFromCredentials, sysdigBuilder.getEngineverify());
                BuildWorker buildWorkerInline = z ? new BuildWorkerInline(run, filePath, launcher, taskListener, buildConfig2) : new BuildWorkerBackend(run, filePath, launcher, taskListener, buildConfig2);
                ArrayList<ImageScanningSubmission> scanImages = buildWorkerInline.scanImages(buildWorkerInline.readImagesAndDockerfilesFromPath(filePath, buildConfig2.getName()));
                Util.GATE_ACTION retrievePolicyEvaluation = buildWorkerInline.retrievePolicyEvaluation(scanImages);
                try {
                    buildWorkerInline.retrieveVulnerabilityEvaluation(scanImages);
                } catch (AbortException e) {
                    consoleLog.logWarn("Recording failure to execute Sysdig Secure queries and moving on with plugin operation", e);
                }
                buildWorkerInline.setupBuildReports(retrievePolicyEvaluation);
                if (null == retrievePolicyEvaluation) {
                    consoleLog.logInfo("Marking Sysdig Secure Container Image Scanner step as successful, no final result");
                } else {
                    if (buildConfig2.getBailOnFail() && (Util.GATE_ACTION.STOP.equals(retrievePolicyEvaluation) || Util.GATE_ACTION.FAIL.equals(retrievePolicyEvaluation))) {
                        consoleLog.logWarn("Failing Sysdig Secure Container Image Scanner Plugin step due to final result " + retrievePolicyEvaluation);
                        throw new AbortException("Failing Sysdig Secure Container Image Scanner Plugin step due to final result " + retrievePolicyEvaluation);
                    }
                    consoleLog.logInfo("Marking Sysdig Secure Container Image Scanner step as successful, final result " + retrievePolicyEvaluation);
                }
                if (null != buildWorkerInline) {
                    try {
                        buildWorkerInline.cleanup();
                    } catch (Exception e2) {
                        consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e2);
                    }
                }
                consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
                LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
            } catch (AbortException e3) {
                if (0 != 0) {
                    throw e3;
                }
                if ((0 != 0 && buildConfig.getBailOnPluginFail()) || sysdigBuilder.getBailOnPluginFail()) {
                    consoleLog.logError("Failing Sysdig Secure Container Image Scanner Plugin step due to errors in plugin execution", e3);
                    throw e3;
                }
                consoleLog.logWarn("Marking Sysdig Secure Container Image Scanner step as successful despite errors in plugin execution");
                if (0 != 0) {
                    try {
                        buildWorker.cleanup();
                    } catch (Exception e4) {
                        consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e4);
                    }
                }
                consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
                LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    buildWorker.cleanup();
                } catch (Exception e5) {
                    consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e5);
                }
            }
            consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
            LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
            throw th;
        }
    }

    private String getEngineurl(SysdigBuilder sysdigBuilder, SysdigBuilder.DescriptorImpl descriptorImpl, ConsoleLog consoleLog) {
        String engineurl = descriptorImpl.getEngineurl();
        if (!Strings.isNullOrEmpty(sysdigBuilder.getEngineurl())) {
            consoleLog.logInfo("Build override set for Sysdig Secure Engine URL");
            engineurl = sysdigBuilder.getEngineurl();
        }
        return engineurl;
    }

    private String getSysdigTokenFromCredentials(SysdigBuilder sysdigBuilder, SysdigBuilder.DescriptorImpl descriptorImpl, Run<?, ?> run, ConsoleLog consoleLog) throws AbortException {
        String engineCredentialsId = !Strings.isNullOrEmpty(sysdigBuilder.getEngineCredentialsId()) ? sysdigBuilder.getEngineCredentialsId() : descriptorImpl.getEngineCredentialsId();
        consoleLog.logDebug("Processing Jenkins credential ID " + engineCredentialsId);
        try {
            StandardUsernamePasswordCredentials findCredentialById = CredentialsProvider.findCredentialById(engineCredentialsId, StandardUsernamePasswordCredentials.class, run, Collections.emptyList());
            if (null != findCredentialById) {
                return findCredentialById.getPassword().getPlainText();
            }
            throw new AbortException(String.format("Cannot find Jenkins credentials by ID: '%s'. Ensure credentials are defined in Jenkins before using them", engineCredentialsId));
        } catch (AbortException e) {
            throw e;
        } catch (Exception e2) {
            consoleLog.logError(String.format("Error looking up Jenkins credentials by ID: '%s'", engineCredentialsId), e2);
            throw new AbortException(String.format("Error looking up Jenkins credentials by ID: '%s", engineCredentialsId));
        }
    }
}
