Improve Environment Variable Naming and Error Handling in License-DB

Summary

Two improvements are needed in the license-db deployment and license-feeder:

1. Environment variable naming: The current GITLAB_TOKEN name is too generic and should be renamed to TRIVY_DB_GLAD_TOKEN for clarity
2. Error handling: When requesting image tags, HTTP error responses (such as 401 Unauthorized) are not properly surfaced, making authentication issues difficult to diagnose.

Issues

1. Generic Environment Variable Name

Current state: The deployment script uses GITLAB_TOKEN for the Trivy-DB GLAD feeder:

# In scripts/run_feeder.sh line 70
if [ -z "${GITLAB_TOKEN+x}" ]; then
    echo "GITLAB_TOKEN is not set."
    exit 1
fi
args+=(\"--gitlab-token=${GITLAB_TOKEN}\")

Problem: GITLAB_TOKEN is too generic and could conflict with other GitLab tokens defined at a higher level in the system.

Proposed solution: Rename to TRIVY_DB_GLAD_TOKEN to be more specific about its purpose.

2. Poor Error Handling for HTTP Responses

Current state: The GitLab registry client doesn't check HTTP status codes in the GetImagesTags request:

// In gitlab/registry/registry.go GetImagesTags method
resp, err := http.DefaultClient.Do(req)
if err != nil {
    return nil, fmt.Errorf("gitlab registry API failed: %w", err)
}
defer resp.Body.Close()

// Immediately tries to decode JSON without checking status code
dec := json.NewDecoder(resp.Body)
var jsonResp GitlabRegistryImages
if err = dec.Decode(&jsonResp); err != nil {
    return nil, fmt.Errorf("gitlab registry API failed: %w", err)
}

Problem: When authentication fails (401 Unauthorized), the error message is generic and doesn't indicate the actual HTTP status code, making it difficult to diagnose token-related issues.

For example, an authentication failure may incorrectly return:

gitlab registry API failed: no tags were found for trivy-db-glad

Expected behavior: The error should clearly indicate the HTTP status code and, when relevant, include the response body (e.g., for 401 Unauthorized, 403 Forbidden, 404 Not Found, or other 4xx/5xx errors).

Acceptance Criteria

Environment Variable Rename [license-db/deployment]

• Update scripts/run_feeder.sh to use TRIVY_DB_GLAD_TOKEN instead of GITLAB_TOKEN
• Update any documentation referencing the old variable name
• Update CI/CD pipeline variables accordingly

Enhanced Error Handling [license-db/license-feeder]

• Check HTTP response status code before attempting to decode JSON
• Return errors that include the HTTP status code and a portion of the response body
• Ensure that 401, 403, 404, and other 4xx/5xx errors are clearly surfaced

Implementation Notes

The changes should be made in:

1. scripts/run_feeder.sh - environment variable name
2. gitlab/registry/registry.go - HTTP error handling in GetImagesTags method

References

• Deployment script: https://gitlab.com/gitlab-org/security-products/license-db/deployment/-/blob/main/scripts/run_feeder.sh#L70
• Registry client: https://gitlab.com/gitlab-org/security-products/license-db/license-feeder/-/blob/main/gitlab/registry/registry.go#L27