Setup and integrate ECLAIR SCA into infrastructure

[simhein]

A proof of concept was created to integrating the ECLAIR SCA into the zephyr CI. The proof of concept was done on the following fork/branch: https://github.com/simhein/zephyr/tree/eclair_ci_integration

The next step would be set up and integrate the ECLAIR SCA into the zephyr infrastructure itself.

Steps that need to be done:

• [ ] Setup the license server in a containerized environment
• [ ] Setup the SCA tool ECLAIR itself in a containerized environment

[stephanosio]

Setup the license server in a containerized environment

It is possible to deploy a containerised license server on a private network that is accessible from the CI runners (zephyr-runner v2).

For this, we will need a Docker image, preferably from the ECLAIR developers themselves), that includes the license server binaries and allows loading the license file from a specific location.

The Kubernetes deployment will include:

• a Pod that runs the above Docker image.
• a ConfigMap that contains the content of the license file (mounted by the above Pod).
• a Service that exports the license server ports (DNS-resolvable from the zephyr-runner v2 pods by Service name).

Setup the SCA tool ECLAIR itself in a containerized environment

We would want the ECLAIR SCA tool to be running inside a GitHub Actions workflow using a zephyr-runner v2 runner scale set.

Ideally, this would be done by including the ECLAIR SCA tool binaries into the main CI image; however, this would require the ECLAIR licence to allow publicly redistributing the ECLAIR binaries (unlikely?).

If ECLAIR licence does not allow public redistribution, we will need to create a dedicated private Docker image, based on the public main CI image, that includes the ECLAIR SCA tool binaries.