kjuulh/dagger
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

Fix packages + Implement working tests

Browse Source 
Signed-off-by: guillaume <guillaume.derouville@gmail.com>
This commit is contained in:
guillaume
2021-10-28 01:37:52 +02:00
parent 701be92dad
commit 3fb03cd2d7
7 changed files with 201 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
stdlib/trivy/image.cue
View File

@@ -16,13 +16,12 @@ import (
// Trivy Image arguments
args: [arg=string]: string
// Enforce args best practices
args: {
"--exit-code": *"1" | string
"--severity": *"HIGH,CRITICAL" | string
"--format": *"table" | string
"--ignore-unfixed": *"true" | string
"--severity": *"HIGH,CRITICAL" | string
"--exit-code": *"1" | string
"--ignore-unfixed": *"" | string
"--format": *"table" | string
}
ctr: os.#Container & {
@@ -33,6 +32,7 @@ import (
path: "/bin/bash"
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
}
always: true
command: #"""
trivyArgs="$(
echo "$ARGS" |
@@ -42,18 +42,22 @@ import (
add
')"
trivy image "$trivyArgs" "$SOURCE"
echo "$SOURCE" > /ref
# Remove suffix and prefix quotes if present
trivyArgs="${trivyArgs#\"}"
trivyArgs="${trivyArgs%\"}"
trivy image $trivyArgs "$SOURCE"
echo -n "$SOURCE" > /ref
"""#
env: ARGS: json.Marshal(args)
env: SOURCE: source
}
// Export ref to create dependency (wait for the check to finish)
// Reference analyzed
ref: {
os.#File & {
from: ctr
path: "/ref"
}
from: ctr
path: "/ref"
}
}.contents @dagger(output)
}

125
stdlib/trivy/tests/trivy.cue
View File

@@ -1,2 +1,127 @@
package trivy
import (
"alpha.dagger.io/aws"
"alpha.dagger.io/aws/ecr"
"alpha.dagger.io/dagger"
"alpha.dagger.io/dagger/op"
"alpha.dagger.io/gcp"
"alpha.dagger.io/gcp/gcr"
"alpha.dagger.io/random"
)
TestConfig: awsConfig: aws.#Config & {
region: "us-east-2"
}
TestConfig: gcpConfig: gcp.#Config & {
project: "dagger-ci"
region: "us-west2-a"
}
TestConfig: {
trivyNoAuth: #Config
trivyBasicAuth: #Config & {
basicAuth: {
username: "guilaume1234"
password: dagger.#Input & {dagger.#Secret}
}
}
trivyAWSAuth: #Config & {
awsAuth: TestConfig.awsConfig
}
trivyGCPAuth: #Config & {
gcpAuth: TestConfig.gcpConfig
}
}
TestSuffix: random.#String & {
seed: ""
}
TestNoAuthClient: #Image & {
config: TestConfig.trivyNoAuth
source: "ubuntu:21.10"
}
TestBasicAuthClient: #Image & {
config: TestConfig.trivyBasicAuth
source: "docker.io/guilaume1234/guillaume:latest"
}
TestAWSClient: {
repository: "125635003186.dkr.ecr.\(TestConfig.awsConfig.region).amazonaws.com/dagger-ci"
tag: "test-ecr-\(TestSuffix.out)"
creds: ecr.#Credentials & {
config: TestConfig.awsConfig
}
push: {
ref: "\(repository):\(tag)"
#up: [
op.#DockerBuild & {
dockerfile: """
FROM alpine
RUN echo \(TestSuffix.out) > /test
"""
},
op.#DockerLogin & {
target: repository
username: creds.username
secret: creds.secret
},
op.#PushContainer & {
"ref": ref
},
]
}
verify: #Image & {
config: TestConfig.trivyAWSAuth
source: push.ref
}
}
TestGCPClient: {
repository: "gcr.io/dagger-ci/test"
tag: "test-gcr-\(TestSuffix.out)"
creds: gcr.#Credentials & {
config: TestConfig.gcpConfig
}
push: {
ref: "\(repository):\(tag)"
#up: [
op.#DockerBuild & {
dockerfile: """
FROM alpine
RUN echo \(TestSuffix.out) > /test
"""
},
op.#DockerLogin & {
target: repository
username: creds.username
secret: creds.secret
},
op.#PushContainer & {
"ref": ref
},
]
}
verify: #Image & {
config: TestConfig.trivyGCPAuth
source: push.ref
}
}

31
stdlib/trivy/trivy.cue
View File

@@ -7,6 +7,7 @@ import (
"alpha.dagger.io/aws"
"alpha.dagger.io/dagger"
"alpha.dagger.io/dagger/op"
"alpha.dagger.io/gcp"
)
// Set Trivy download source
@@ -32,8 +33,8 @@ import (
// AWS ECR auth
awsAuth: aws.#Config | *null
// GCR auth (credential.json as string)
gcpAuth: dagger.#Input & {dagger.#Secret | *null}
// GCP auth
gcpAuth: gcp.#Config | *null
}
// Re-usable CLI component
@@ -41,25 +42,33 @@ import (
config: #Config
#up: [
if config.awsAuth == null {
if config.awsAuth == null && config.gcpAuth == null {
op.#Load & {
from: alpine.#Image & {
package: bash: "=~5.1"
package: curl: true
package: jq: "=~1.6"
}
}
},
if config.awsAuth != null {
if config.awsAuth != null && config.gcpAuth == null {
op.#Load & {
from: aws.#CLI & {
"config": config
"config": config.awsAuth
}
}
},
if config.awsAuth == null && config.gcpAuth != null {
op.#Load & {
from: gcp.#GCloud & {
"config": config.gcpAuth
}
}
},
op.#Exec & {
args: ["sh", "-c",
#"""
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh &&
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3 &&
chmod +x /usr/local/bin/trivy
"""#,
]
@@ -77,11 +86,11 @@ import (
# Construct env string from env vars
envs=()
[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME={$TRIVY_USERNAME}")
[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME=$TRIVY_USERNAME")
[ -n "$TRIVY_NON_SSL" ] && envs+=("TRIVY_NON_SSL=$TRIVY_NON_SSL")
# Append secret to env string
[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD={$(cat /password)}")
[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD=$(cat /password)")
# Append full command
echo "${envs[@]}" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
@@ -97,10 +106,6 @@ import (
},
// config.gcpAuth case
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
op.#WriteFile & {
dest: "/credentials.json"
content: config.gcpAuth
}
op.#Exec & {
args: ["/bin/bash", "-c",
#"""
@@ -111,7 +116,7 @@ import (
echo '#!/bin/bash'$'\n' > /usr/local/bin/trivy
# Append full command
echo "TRIVY_USERNAME=" "GOOGLE_APPLICATION_CREDENTIALS=/credentials.json" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
echo "TRIVY_USERNAME=''" "GOOGLE_APPLICATION_CREDENTIALS=/service_key" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
# Make it executable
chmod +x /usr/local/bin/trivy