From dd67e636c895e9ae8a6776fb874e02bf89904e77 Mon Sep 17 00:00:00 2001 From: grzesuav Date: Tue, 24 Mar 2020 21:36:47 +0100 Subject: [PATCH] test: Test snyk auth token from same repository --- build_all.sh | 2 ++ build_latest.sh | 33 ++++++++++++++++++++++++--------- snyk.sh | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 9 deletions(-) create mode 100644 snyk.sh diff --git a/build_all.sh b/build_all.sh index 6cfa9f12a..1c2aff01c 100755 --- a/build_all.sh +++ b/build_all.sh @@ -16,6 +16,8 @@ set -o pipefail # shellcheck source=common_functions.sh source ./common_functions.sh +# shellcheck source=snyk.sh +source ./snyk.sh for ver in ${supported_versions} do diff --git a/build_latest.sh b/build_latest.sh index 0c4e8ce9e..400918b7e 100755 --- a/build_latest.sh +++ b/build_latest.sh @@ -21,6 +21,9 @@ version="9" # shellcheck source=common_functions.sh source ./common_functions.sh +# shellcheck source=snyk.sh +source ./snyk.sh + # shellcheck source=dockerfile_functions.sh source ./dockerfile_functions.sh @@ -43,25 +46,37 @@ function build_image() { build=$1; shift; btype=$1; shift; - tags="" - for tag in "$@" - do - tags="${tags} -t ${repo}:${tag}" - echo "docker push ${repo}:${tag}" >> "${push_cmdfile}" - done + local tags=("${@[@]}") # copy arguments to local array + for i in "${tags[@]}" + do + echo "docker push ${repo}:${tags[$i]}" >> "${push_cmdfile}" + done + printf -v expanded_tags "-t ${repo}:%s " "${tags[@]}" # concatenate to single strin : -t repo:tag -t repo:tag2 + expanded_tags=${expanded_tags%?} # remove trailing space dockerfile="Dockerfile.${vm}.${build}.${btype}" echo "#####################################################" - echo "INFO: docker build --no-cache ${tags} -f ${dockerfile} ." + echo "INFO: docker build --no-cache ${expanded_tags} -f ${dockerfile} ." echo "#####################################################" # shellcheck disable=SC2086 # ignoring ${tags} due to whitespace problem - if ! docker build --pull --no-cache ${tags} -f "${dockerfile}" . ; then + if ! docker build --pull --no-cache ${expanded_tags} -f "${dockerfile}" . ; then echo "#############################################" echo - echo "ERROR: Docker build of image: ${tags} from ${dockerfile} failed." + echo "ERROR: Docker build of image: ${expanded_tags} from ${dockerfile} failed." echo echo "#############################################" + else + if ((SNYK_ENABLED)); then + echo "#####################################################" + echo " Scanning with snyk for vulnerabilities " + echo "#####################################################" + for i in "${tags[@]}" + do + printf "...scanning %s" "${tags[$i]}" + snyk test --docker "${tags[$i]}" --file=="${dockerfile}" + done + fi fi } diff --git a/snyk.sh b/snyk.sh new file mode 100644 index 000000000..3ab4d51f8 --- /dev/null +++ b/snyk.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +if [ -z "${SNYK_AUTH_TOKEN}" ];then + printf "Snyk authentication token not set, skipping snyk analysis" + return +fi +set -o pipefail +export SNYK_ENABLED=0 +if test -f "$HOME/.nvm/nvm.sh"; then + echo "nvm found" +else + echo "No nvm on machine, snyk check will be skipped" + exit 0 +fi + +# shellcheck disable=SC1090 +source "$HOME/.nvm/nvm.sh" + +echo "Installing node..." +nvm install node + +echo "Installing snyk.." +npm install -g snyk + +echo "Snyk version: $(snyk -v)" + +export SNYK_ENABLED=1 +printf "Snyk installed succesfully\n" +printf "Authenticating snyk\n" + +snyk auth "${SNYK_AUTH_TOKEN}" + +