update: add the ability to specify a http-timeout

Previously the timeout was set to 2 mins which is usually plenty for
most scenarios but some users want to be able to specify a custom
timeout for more latent environments. This adds a --http-timeout flag to
the `update` mode and sets it on the client used to request data from
security sources.

Signed-off-by: crozzy <joseph.crosland@gmail.com>

Author: crozzy

action.yaml

@@ -38,6 +38,10 @@ inputs:
     description: 'Vulnerability database file created for mode `update` or DB file used for `report` mode'
     required: false
     default: ''
+  updater-timeout:
+    description: 'The http timeout for the requests made by the database update process'
+    required: false
+    default: '120s'
 
 runs:
   using: "docker"
@@ -52,3 +56,4 @@ runs:
     - '-u ${{ inputs.docker-config-dir }}'
     - '-w ${{ inputs.mode }}'
     - '-b ${{ inputs.db-file }}'
+    - '-t ${{ inputs.updater-timeout }}'

cmd/clair-action/update.go

@@ -5,7 +5,10 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/quay/claircore"
 	"github.com/quay/claircore/libvuln"
+	"github.com/quay/claircore/libvuln/driver"
+	"github.com/quay/claircore/rhel/vex"
 	_ "github.com/quay/claircore/updater/defaults"
 	"github.com/urfave/cli/v2"
 
@@ -24,19 +27,32 @@ var updateCmd = &cli.Command{
 			Usage:   "where to look for the matcher DB",
 			EnvVars: []string{"DB_PATH"},
 		},
+		&cli.DurationFlag{
+			Name:    "http-timeout",
+			Value:   2 * time.Minute,
+			Usage:   "the timeout for HTTP requests",
+			EnvVars: []string{"HTTP_TIMEOUT"},
+		},
 	},
 }
 
 func update(c *cli.Context) error {
 	ctx := c.Context
 	dbPath := c.String("db-path")
+	httpTimeout := c.Duration("http-timeout")
 	matcherStore, err := datastore.NewSQLiteMatcherStore(dbPath, true)
 	if err != nil {
 		return fmt.Errorf("error creating sqlite backend: %v", err)
 	}
 
 	cl := &http.Client{
-		Timeout: 2 * time.Minute,
+		Timeout: httpTimeout,
+	}
+	factoryConfigs := make(map[string]driver.ConfigUnmarshaler)
+	factoryConfigs["rhel-vex"] = func(v interface{}) error {
+		cfg := v.(*vex.FactoryConfig)
+		cfg.CompressedFileTimeout = claircore.Duration(httpTimeout)
+		return nil
 	}
 
 	matcherOpts := &libvuln.Options{
@@ -45,6 +61,7 @@ func update(c *cli.Context) error {
 		Locker:                   NewLocalLockSource(),
 		DisableBackgroundUpdates: true,
 		UpdateWorkers:            1,
+		UpdaterConfigs:           factoryConfigs,
 	}
 
 	lv, err := libvuln.New(ctx, matcherOpts)

entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-while getopts "r:p:f:o:c:d:u:w:b:" o; do
+while getopts "r:p:f:o:c:d:u:w:b:t:" o; do
    case "${o}" in
        r)
          export imageRef="$(sed -e 's/^[ \t]*//'<<<"${OPTARG}")"
@@ -30,12 +30,15 @@ while getopts "r:p:f:o:c:d:u:w:b:" o; do
        b)
          export dbPath="$(sed -e 's/^[ \t]*//'<<<"${OPTARG}")"
        ;;
+       t)
+         export httpTimeout="$(sed -e 's/^[ \t]*//'<<<"${OPTARG}")"
+       ;;
   esac
 done
 
 if [[ ${mode} = "update" ]]
 then
-  clair-action update --db-path=${dbPath}
+  clair-action update --db-path=${dbPath} ${httpTimeout:+--http-timeout=${httpTimeout}}
 else
   clair-action report \
       --image-path=${GITHUB_WORKSPACE}/${imagePath} \