Fix packages + Implement working tests
Signed-off-by: guillaume <guillaume.derouville@gmail.com>
This commit is contained in:
parent
701be92dad
commit
3fb03cd2d7
@ -8,17 +8,40 @@ sidebar_label: trivy
|
|||||||
import "alpha.dagger.io/trivy"
|
import "alpha.dagger.io/trivy"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## trivy.#CLI
|
||||||
|
|
||||||
|
Re-usable CLI component
|
||||||
|
|
||||||
|
### trivy.#CLI Inputs
|
||||||
|
|
||||||
|
_No input._
|
||||||
|
|
||||||
|
### trivy.#CLI Outputs
|
||||||
|
|
||||||
|
_No output._
|
||||||
|
|
||||||
## trivy.#Config
|
## trivy.#Config
|
||||||
|
|
||||||
Trivy configuration
|
Trivy Configuration
|
||||||
|
|
||||||
### trivy.#Config Inputs
|
### trivy.#Config Inputs
|
||||||
|
|
||||||
| Name | Type | Description |
|
_No input._
|
||||||
| ------------- |:-------------: |:-------------: |
|
|
||||||
|*username* | `dagger.#Secret` |- |
|
|
||||||
|*password* | `dagger.#Secret` |- |
|
|
||||||
|
|
||||||
### trivy.#Config Outputs
|
### trivy.#Config Outputs
|
||||||
|
|
||||||
_No output._
|
_No output._
|
||||||
|
|
||||||
|
## trivy.#Image
|
||||||
|
|
||||||
|
Scan an Image
|
||||||
|
|
||||||
|
### trivy.#Image Inputs
|
||||||
|
|
||||||
|
_No input._
|
||||||
|
|
||||||
|
### trivy.#Image Outputs
|
||||||
|
|
||||||
|
| Name | Type | Description |
|
||||||
|
| ------------- |:-------------: |:-------------: |
|
||||||
|
|*ref* | `string` |Reference analyzed |
|
||||||
|
9
stdlib/.dagger/env/http/state/computed.json
vendored
9
stdlib/.dagger/env/http/state/computed.json
vendored
@ -1,9 +0,0 @@
|
|||||||
{
|
|
||||||
"TestRequest": {
|
|
||||||
"req": {
|
|
||||||
"response": {
|
|
||||||
"body": "{\n \"current_user_url\": \"https://api.github.com/user\",\n \"current_user_authorizations_html_url\": \"https://github.com/settings/connections/applications{/client_id}\",\n \"authorizations_url\": \"https://api.github.com/authorizations\",\n \"code_search_url\": \"https://api.github.com/search/code?q={query}{\u0026page,per_page,sort,order}\",\n \"commit_search_url\": \"https://api.github.com/search/commits?q={query}{\u0026page,per_page,sort,order}\",\n \"emails_url\": \"https://api.github.com/user/emails\",\n \"emojis_url\": \"https://api.github.com/emojis\",\n \"events_url\": \"https://api.github.com/events\",\n \"feeds_url\": \"https://api.github.com/feeds\",\n \"followers_url\": \"https://api.github.com/user/followers\",\n \"following_url\": \"https://api.github.com/user/following{/target}\",\n \"gists_url\": \"https://api.github.com/gists{/gist_id}\",\n \"hub_url\": \"https://api.github.com/hub\",\n \"issue_search_url\": \"https://api.github.com/search/issues?q={query}{\u0026page,per_page,sort,order}\",\n \"issues_url\": \"https://api.github.com/issues\",\n \"keys_url\": \"https://api.github.com/user/keys\",\n \"label_search_url\": \"https://api.github.com/search/labels?q={query}\u0026repository_id={repository_id}{\u0026page,per_page}\",\n \"notifications_url\": \"https://api.github.com/notifications\",\n \"organization_url\": \"https://api.github.com/orgs/{org}\",\n \"organization_repositories_url\": \"https://api.github.com/orgs/{org}/repos{?type,page,per_page,sort}\",\n \"organization_teams_url\": \"https://api.github.com/orgs/{org}/teams\",\n \"public_gists_url\": \"https://api.github.com/gists/public\",\n \"rate_limit_url\": \"https://api.github.com/rate_limit\",\n \"repository_url\": \"https://api.github.com/repos/{owner}/{repo}\",\n \"repository_search_url\": \"https://api.github.com/search/repositories?q={query}{\u0026page,per_page,sort,order}\",\n \"current_user_repositories_url\": \"https://api.github.com/user/repos{?type,page,per_page,sort}\",\n \"starred_url\": \"https://api.github.com/user/starred{/owner}{/repo}\",\n \"starred_gists_url\": \"https://api.github.com/gists/starred\",\n \"topic_search_url\": \"https://api.github.com/search/topics?q={query}{\u0026page,per_page}\",\n \"user_url\": \"https://api.github.com/users/{user}\",\n \"user_organizations_url\": \"https://api.github.com/user/orgs\",\n \"user_repositories_url\": \"https://api.github.com/users/{user}/repos{?type,page,per_page,sort}\",\n \"user_search_url\": \"https://api.github.com/search/users?q={query}{\u0026page,per_page,sort,order}\"\n}\n"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
13
stdlib/.dagger/env/trivy/values.yaml
vendored
13
stdlib/.dagger/env/trivy/values.yaml
vendored
@ -1,6 +1,15 @@
|
|||||||
plan:
|
plan:
|
||||||
package: ./trivy/tests
|
package: ./trivy/tests
|
||||||
name: trivy
|
name: trivy
|
||||||
|
inputs:
|
||||||
|
TestConfig.awsConfig.accessKey:
|
||||||
|
secret: ENC[AES256_GCM,data:49pmU12lmfa9Lxuw4SE/9+kBJOA=,iv:LHzgaSmsNrPQ2jrrSPfVwV+gUbaGAFg/ARifdGnMZwQ=,tag:gb6FLzaQAvUT0EGKMXBJ9A==,type:str]
|
||||||
|
TestConfig.awsConfig.secretKey:
|
||||||
|
secret: ENC[AES256_GCM,data:OMpMHVZMwM2a6YhecV0FwvBBxgUsZqu1Y1QXrCisQD3X0ab8vC5Kpw==,iv:HtyLQttG1M4NOC/jA/jvpNMG8N5is3LA2c0fGecrN5o=,tag:0ajZGtMwRXOCFOQRiqxm8A==,type:str]
|
||||||
|
TestConfig.gcpConfig.serviceKey:
|
||||||
|
secret: ENC[AES256_GCM,data:lwZNdc+jszBc1D7L8Hh7/iTecCayUg2bLhRIlK/0TU7weGigSUFmmCoRUGKRjaF2xwWSA9q/Racq3ko8OqjCEzeN6/Z5wYgANtAfZi6Wm3zALL3FMNH5aeLy6uOemfXaeaRFfajMkbSy2Iq2SyBGDcU6zmE8Sb3T+O1ty8HoF6ggJi7cuwIo/V6u38PxTgDrISfQ3+RB1DArhn0KvIakmY2oPx1EmugWAWWz9wUDFxGr4WghV0leai80c63S6JPc1AY7HFR5uJ3UwA6lpWuFxmD/ACXV4+JK5REkYsdASI541TlvUDQTAxKsCePKapqrrBbugzDtlYxoltAHKIXf4/FXxh+KrEpThCqVHBStQeZEeh17A/PgX0eX7zeSY3Y1rsYlZRKzdLAdsQUMko+Tfb7NHhVW/Lq9OaLL/ASAk19qIBCdkvefTqkCTMdA0EGvRpl0mMhxzsHN7C/CJ+Xunr5mB8vZOFKH8yxHgT7ha+Rz1K6brywBbrylwMdKQ19UDBPwmMxEXVp24k+PgwBwOkVEw+Zj+gvl77J4ac7bPJTT6lQs3j8WMz+fONS9okg6j+2iCeRg/omrSg4wCIWwIZLMYlnJKzURNPYIJt7dMTM6HCr6UHTUsfGvxZZeQPXigff1USWv69j42sD4IzN7VLLiidLnflSt2NJXRioYeHzX76I6m3FPN5xm6NiWfna3SzcmqmflymdLYJ5yAvzk6Mrpt/dQbSuNSJhSB60ffBTquAOZJFdhynFBprtEyu/V0l5oQndfjrwCp/dNE47EfhX6vgEAcF7Q5ZqCDg3xACUSjQw5dlJqt7TL8fwowsE1Z6aDM1mN///S4sGf3fiW24SuoaMti6DJ36tDUZkGiboDL5UfW4oCbX6Fg4RJSmgQX0j8I4qNrhSmgtrC/i1kvye/Yei7jqu1MmWGFqbG4QgpGK6mCn86g54gqoz3RnibIEHOSUt97q9kze4lUzsvPcLFo5fyU/3aC3RMX+iY7hQ+aZQE2vIdnYTY/a4IUN8r/k9ygr2l3bGsz9pCbuNpiTX8SlEdTxyhdq6HUnfGXBC8+7mS+woLasawjaakGR48ZOSOB5ZN3fAVfNZ6mQNcvTMlS2ntcut7AYhTrc/XqeYhwnrOkhDjBro55mD1G7I+GdSK5zUilXpKgrtLXb2yuY0mEd8qlrnyqzvY/uBFfgvHSSONIMbelUEmY+EoW0qCn8l5dkA+ze3xoYocEa4kvilN39Ag33uJI3MGpYJWIpZSlxttuJepKMVB4ypJdPujw6m2ry2dXwNszTMxg5kH6M7GhnfZxgxIZo6xsDM9XF3LMLPd6GT+nOaPPwDDoIIHuWIUGQlBFkaChQxJY5ZpgYWzkIZYSgxf+I8v/mvdUZgfQ2ymBtwBFoVppXkDVvsq9HxKd4NJMyWGCC4HjaqDo+N7L7ktlnTSxfNWfd1MKgVcDdCer/54qP3J8clKAtq+bWQY3VYNA9iM3EbQeWrLatXt0mpJ6sc30APPM4fUHfzkum2KTX4IRHJ/KYcnU0GMpql812ShfGsheh4JA6LPoNFPH5PEZRXvSLdOnmN6w7y09YeX+sHUYJ1EwOz9I6VGQmd3P+A9yBEIMFX6y1cCwthCo++wXfrPMSDAYvI0Sytmy1IaRdPvonuvmyw85NC3gLmP701/KJ65tUw1NkUrEPwTDnONjc27caAT3hHlTa+rzuQpovo526tSmfYnj7cU39r29IvEagwqRMOA+088FOqRzutsW737tVE4TVAV2g/pTgk/LRSDbG30pajoJi4oMfHfKDTtZZQ4QrpFVFK8jAzaiyOVd/faE+iuwtJoRy8yEI/1Hd3AEgmF375POWijh7U3JdaY57jUzpQiY3uMogCEdk6ZaU8zelq+j1g8R1JdeoCA+VmkwcceGrR0D9TQKHdUT2zuoR6y7A6hLJX6ifS3v/ZBj4sJaD3qlmUN0oELf1sgPQ7CuR2wKz1rfby7HdDFgFQ3F1EwGctS/1vxeubigCTItB43MJpHo1Ladx8PsRkgNcrFVq4WOP+kyFKu/gpfueaNCH+RY3j9EXhTKsi1HYIfJyUV47TMbqitjE5nWseaigEr9X9WXdxAccsRCjloWJ6QstcrEWBlVCqE6qiMTq6UMMgAwsggRbBBjYcG8BcI9aLULHpLPrTQ9jGEVpM6hHmeL2ggJblsXaTxai0Q6LOOcwKpOkt/ODSI1/3j3HyVN/s94a2tDy0fOB1sMHqrIB2gsW3K+PuYsPIqDcwz879MBkWErTeb9++RIP+bmBoGR8DM0o/4Ituopg+qfZIKSMtvQ2V7ueW8vWd/nefzi1RBNI8qNwMOZOfKJJD/HwjOqUu19RCHwq5z2oEab6QOxfXGZxWICESNO14PVGpwY0oR/USG3Xqfd5Q8Hr4pCn2L9Ca1aW52ubp+dtjvgsFBKcan/08zz7XVB7vk30xIhtNLCWCHzxCmpeuhSEwjDflh7l039FgKcK/8avk1oGLhuVmoOqLhLRN349rF62DkaFtRMiUIINu90I9zkU6E1Q4st3kkHYZ6+KSixstEI0LAntEwA71F7Lm/nmQ7eDBPaN/4xqH+WXIEbrTK1UKBlKjTBR/OV4oPv7ls2w/npqwGGPwPQvpOV/u4KwyZX99vxbSErgxzSNVxk+jf3rKLWW8+O9X+4uovX2hy6WSxcAXq+W1u/i6wlDG/dOhSeaU5nV3lLB95dzz9q6dioaVs2296sRhhzOzAutvrdvxYnpFftBOfdsMc5lwhogI2KiXPUtOjENdlEAAu+QNPcGfUfeNE7pY0SZv1qw4ErkI4loS4PGT5gHMqcms9RQozsnQ7Foq60HPBrUqiNpP0wqEZcVQdVlU8bZhNn6Qk/qfepOQWzTbl8MG+Q793cP1hIa8nv3CIEV9AQbM1BgjZ53Z03wSa+n/TaJhsGp/yn3X4GlCRk29Kt3emJwVA9gtncydpxY9DDN1kcWESJHP1mmX0Gyhzv4holAhYGhdCvH3YzW+JbEL7GBgOg/B/Wmavu2iZMaK7TTxIWRouY5tIZYtTJazQOSHBImHVfFM5AZYN,iv:1emUpXQvyJFMMb195ZRcHS/jzR1bC31t+j1nWhjNNzQ=,tag:PfgiV2TAgLOxj1qqz1yzgA==,type:str]
|
||||||
|
TestConfig.trivyBasicAuth.basicAuth.password:
|
||||||
|
secret: ENC[AES256_GCM,data:RiQ1Jc0tYbwydpMp,iv:c9YF6O4YEljEEspgSp9l/RCGrL6mX4mKRq0VS+G1wpY=,tag:K0JOxed4yh/Ypn8wZVr40w==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -16,8 +25,8 @@ sops:
|
|||||||
bHZuNEZsYnNNaHdBOFBTYmJtNC9JRncKVcqn44INSaA5TGRl/566DMu7scX9UjtV
|
bHZuNEZsYnNNaHdBOFBTYmJtNC9JRncKVcqn44INSaA5TGRl/566DMu7scX9UjtV
|
||||||
3FhUcSfLFJXviw/ll3dUONXOQJTe3p9SgFCHir2qnMmJqErDDvqj/Q==
|
3FhUcSfLFJXviw/ll3dUONXOQJTe3p9SgFCHir2qnMmJqErDDvqj/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2021-10-21T14:00:04Z"
|
lastmodified: "2021-10-27T22:36:22Z"
|
||||||
mac: ENC[AES256_GCM,data:YTCRHj9jF0JBXEmC8ljCnEweQKCdMYry2GiPoveFBuwG3aSSTLhoPbrLNA+0FJ/AEaQNwNDv8KbZ6i9phcDCmTh6LVIVryxWy5Th8kFp9CSyYyyIBU64OO57hsXtIDvWW1IXtXqd8mngjv3v57/SIsRxo1amTOlSKbjAoY61Rw8=,iv:xcDXzNYOXbEfowEAzf+wVrb0vJFTr0aTCRS23Nj0OmE=,tag:qQjpB4xs014EaEswwrOWeQ==,type:str]
|
mac: ENC[AES256_GCM,data:DbTYfCl2OFTe0nqxd3b08ssF1hyKACzqGJOjNyKtCKOVXzlTh1QCynejLE+APehkHUkl/8GqEmjqlwYFNXfbUcWNcw4U0ZD9ZWzkFG/Nk8HuSQyAqhF2zF8DBPbhZhupjzXcRGmZcM8LJjJPJsAg3u018eGo6TWmjt6+1uettLw=,iv:vCAiBHHC017v7saIPpkJ+gL3ku4wHwFVszF4xmbwSRE=,tag:LdcZ1HpWx0Zfjfm1OQ+4Dw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
encrypted_suffix: secret
|
encrypted_suffix: secret
|
||||||
version: 3.7.1
|
version: 3.7.1
|
||||||
|
@ -16,13 +16,12 @@ import (
|
|||||||
|
|
||||||
// Trivy Image arguments
|
// Trivy Image arguments
|
||||||
args: [arg=string]: string
|
args: [arg=string]: string
|
||||||
|
|
||||||
// Enforce args best practices
|
// Enforce args best practices
|
||||||
args: {
|
args: {
|
||||||
"--exit-code": *"1" | string
|
|
||||||
"--severity": *"HIGH,CRITICAL" | string
|
"--severity": *"HIGH,CRITICAL" | string
|
||||||
|
"--exit-code": *"1" | string
|
||||||
|
"--ignore-unfixed": *"" | string
|
||||||
"--format": *"table" | string
|
"--format": *"table" | string
|
||||||
"--ignore-unfixed": *"true" | string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ctr: os.#Container & {
|
ctr: os.#Container & {
|
||||||
@ -33,6 +32,7 @@ import (
|
|||||||
path: "/bin/bash"
|
path: "/bin/bash"
|
||||||
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
|
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
|
||||||
}
|
}
|
||||||
|
always: true
|
||||||
command: #"""
|
command: #"""
|
||||||
trivyArgs="$(
|
trivyArgs="$(
|
||||||
echo "$ARGS" |
|
echo "$ARGS" |
|
||||||
@ -42,14 +42,18 @@ import (
|
|||||||
add
|
add
|
||||||
')"
|
')"
|
||||||
|
|
||||||
trivy image "$trivyArgs" "$SOURCE"
|
# Remove suffix and prefix quotes if present
|
||||||
echo "$SOURCE" > /ref
|
trivyArgs="${trivyArgs#\"}"
|
||||||
|
trivyArgs="${trivyArgs%\"}"
|
||||||
|
|
||||||
|
trivy image $trivyArgs "$SOURCE"
|
||||||
|
echo -n "$SOURCE" > /ref
|
||||||
"""#
|
"""#
|
||||||
env: ARGS: json.Marshal(args)
|
env: ARGS: json.Marshal(args)
|
||||||
env: SOURCE: source
|
env: SOURCE: source
|
||||||
}
|
}
|
||||||
|
|
||||||
// Export ref to create dependency (wait for the check to finish)
|
// Reference analyzed
|
||||||
ref: {
|
ref: {
|
||||||
os.#File & {
|
os.#File & {
|
||||||
from: ctr
|
from: ctr
|
||||||
|
@ -1,2 +1,127 @@
|
|||||||
package trivy
|
package trivy
|
||||||
|
|
||||||
|
import (
|
||||||
|
"alpha.dagger.io/aws"
|
||||||
|
"alpha.dagger.io/aws/ecr"
|
||||||
|
"alpha.dagger.io/dagger"
|
||||||
|
"alpha.dagger.io/dagger/op"
|
||||||
|
"alpha.dagger.io/gcp"
|
||||||
|
"alpha.dagger.io/gcp/gcr"
|
||||||
|
"alpha.dagger.io/random"
|
||||||
|
)
|
||||||
|
|
||||||
|
TestConfig: awsConfig: aws.#Config & {
|
||||||
|
region: "us-east-2"
|
||||||
|
}
|
||||||
|
|
||||||
|
TestConfig: gcpConfig: gcp.#Config & {
|
||||||
|
project: "dagger-ci"
|
||||||
|
region: "us-west2-a"
|
||||||
|
}
|
||||||
|
|
||||||
|
TestConfig: {
|
||||||
|
trivyNoAuth: #Config
|
||||||
|
|
||||||
|
trivyBasicAuth: #Config & {
|
||||||
|
basicAuth: {
|
||||||
|
username: "guilaume1234"
|
||||||
|
password: dagger.#Input & {dagger.#Secret}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
trivyAWSAuth: #Config & {
|
||||||
|
awsAuth: TestConfig.awsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
trivyGCPAuth: #Config & {
|
||||||
|
gcpAuth: TestConfig.gcpConfig
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
TestSuffix: random.#String & {
|
||||||
|
seed: ""
|
||||||
|
}
|
||||||
|
|
||||||
|
TestNoAuthClient: #Image & {
|
||||||
|
config: TestConfig.trivyNoAuth
|
||||||
|
source: "ubuntu:21.10"
|
||||||
|
}
|
||||||
|
|
||||||
|
TestBasicAuthClient: #Image & {
|
||||||
|
config: TestConfig.trivyBasicAuth
|
||||||
|
source: "docker.io/guilaume1234/guillaume:latest"
|
||||||
|
}
|
||||||
|
|
||||||
|
TestAWSClient: {
|
||||||
|
repository: "125635003186.dkr.ecr.\(TestConfig.awsConfig.region).amazonaws.com/dagger-ci"
|
||||||
|
tag: "test-ecr-\(TestSuffix.out)"
|
||||||
|
|
||||||
|
creds: ecr.#Credentials & {
|
||||||
|
config: TestConfig.awsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
push: {
|
||||||
|
ref: "\(repository):\(tag)"
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#DockerBuild & {
|
||||||
|
dockerfile: """
|
||||||
|
FROM alpine
|
||||||
|
RUN echo \(TestSuffix.out) > /test
|
||||||
|
"""
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#DockerLogin & {
|
||||||
|
target: repository
|
||||||
|
username: creds.username
|
||||||
|
secret: creds.secret
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#PushContainer & {
|
||||||
|
"ref": ref
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
verify: #Image & {
|
||||||
|
config: TestConfig.trivyAWSAuth
|
||||||
|
source: push.ref
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
TestGCPClient: {
|
||||||
|
repository: "gcr.io/dagger-ci/test"
|
||||||
|
tag: "test-gcr-\(TestSuffix.out)"
|
||||||
|
|
||||||
|
creds: gcr.#Credentials & {
|
||||||
|
config: TestConfig.gcpConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
push: {
|
||||||
|
ref: "\(repository):\(tag)"
|
||||||
|
|
||||||
|
#up: [
|
||||||
|
op.#DockerBuild & {
|
||||||
|
dockerfile: """
|
||||||
|
FROM alpine
|
||||||
|
RUN echo \(TestSuffix.out) > /test
|
||||||
|
"""
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#DockerLogin & {
|
||||||
|
target: repository
|
||||||
|
username: creds.username
|
||||||
|
secret: creds.secret
|
||||||
|
},
|
||||||
|
|
||||||
|
op.#PushContainer & {
|
||||||
|
"ref": ref
|
||||||
|
},
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
verify: #Image & {
|
||||||
|
config: TestConfig.trivyGCPAuth
|
||||||
|
source: push.ref
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -7,6 +7,7 @@ import (
|
|||||||
"alpha.dagger.io/aws"
|
"alpha.dagger.io/aws"
|
||||||
"alpha.dagger.io/dagger"
|
"alpha.dagger.io/dagger"
|
||||||
"alpha.dagger.io/dagger/op"
|
"alpha.dagger.io/dagger/op"
|
||||||
|
"alpha.dagger.io/gcp"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Set Trivy download source
|
// Set Trivy download source
|
||||||
@ -32,8 +33,8 @@ import (
|
|||||||
// AWS ECR auth
|
// AWS ECR auth
|
||||||
awsAuth: aws.#Config | *null
|
awsAuth: aws.#Config | *null
|
||||||
|
|
||||||
// GCR auth (credential.json as string)
|
// GCP auth
|
||||||
gcpAuth: dagger.#Input & {dagger.#Secret | *null}
|
gcpAuth: gcp.#Config | *null
|
||||||
}
|
}
|
||||||
|
|
||||||
// Re-usable CLI component
|
// Re-usable CLI component
|
||||||
@ -41,25 +42,33 @@ import (
|
|||||||
config: #Config
|
config: #Config
|
||||||
|
|
||||||
#up: [
|
#up: [
|
||||||
if config.awsAuth == null {
|
if config.awsAuth == null && config.gcpAuth == null {
|
||||||
op.#Load & {
|
op.#Load & {
|
||||||
from: alpine.#Image & {
|
from: alpine.#Image & {
|
||||||
package: bash: "=~5.1"
|
package: bash: "=~5.1"
|
||||||
package: curl: true
|
package: curl: true
|
||||||
|
package: jq: "=~1.6"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
if config.awsAuth != null {
|
if config.awsAuth != null && config.gcpAuth == null {
|
||||||
op.#Load & {
|
op.#Load & {
|
||||||
from: aws.#CLI & {
|
from: aws.#CLI & {
|
||||||
"config": config
|
"config": config.awsAuth
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
if config.awsAuth == null && config.gcpAuth != null {
|
||||||
|
op.#Load & {
|
||||||
|
from: gcp.#GCloud & {
|
||||||
|
"config": config.gcpAuth
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
op.#Exec & {
|
op.#Exec & {
|
||||||
args: ["sh", "-c",
|
args: ["sh", "-c",
|
||||||
#"""
|
#"""
|
||||||
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh &&
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3 &&
|
||||||
chmod +x /usr/local/bin/trivy
|
chmod +x /usr/local/bin/trivy
|
||||||
"""#,
|
"""#,
|
||||||
]
|
]
|
||||||
@ -77,11 +86,11 @@ import (
|
|||||||
|
|
||||||
# Construct env string from env vars
|
# Construct env string from env vars
|
||||||
envs=()
|
envs=()
|
||||||
[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME={$TRIVY_USERNAME}")
|
[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME=$TRIVY_USERNAME")
|
||||||
[ -n "$TRIVY_NON_SSL" ] && envs+=("TRIVY_NON_SSL=$TRIVY_NON_SSL")
|
[ -n "$TRIVY_NON_SSL" ] && envs+=("TRIVY_NON_SSL=$TRIVY_NON_SSL")
|
||||||
|
|
||||||
# Append secret to env string
|
# Append secret to env string
|
||||||
[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD={$(cat /password)}")
|
[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD=$(cat /password)")
|
||||||
|
|
||||||
# Append full command
|
# Append full command
|
||||||
echo "${envs[@]}" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
|
echo "${envs[@]}" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
|
||||||
@ -97,10 +106,6 @@ import (
|
|||||||
},
|
},
|
||||||
// config.gcpAuth case
|
// config.gcpAuth case
|
||||||
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
|
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
|
||||||
op.#WriteFile & {
|
|
||||||
dest: "/credentials.json"
|
|
||||||
content: config.gcpAuth
|
|
||||||
}
|
|
||||||
op.#Exec & {
|
op.#Exec & {
|
||||||
args: ["/bin/bash", "-c",
|
args: ["/bin/bash", "-c",
|
||||||
#"""
|
#"""
|
||||||
@ -111,7 +116,7 @@ import (
|
|||||||
echo '#!/bin/bash'$'\n' > /usr/local/bin/trivy
|
echo '#!/bin/bash'$'\n' > /usr/local/bin/trivy
|
||||||
|
|
||||||
# Append full command
|
# Append full command
|
||||||
echo "TRIVY_USERNAME=" "GOOGLE_APPLICATION_CREDENTIALS=/credentials.json" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
|
echo "TRIVY_USERNAME=''" "GOOGLE_APPLICATION_CREDENTIALS=/service_key" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
|
||||||
|
|
||||||
# Make it executable
|
# Make it executable
|
||||||
chmod +x /usr/local/bin/trivy
|
chmod +x /usr/local/bin/trivy
|
||||||
|
@ -273,3 +273,7 @@ setup() {
|
|||||||
skip "Azure CI infra not implemented yet - manually tested and working"
|
skip "Azure CI infra not implemented yet - manually tested and working"
|
||||||
#dagger -e azure-stapp up
|
#dagger -e azure-stapp up
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "trivy" {
|
||||||
|
dagger -e trivy up
|
||||||
|
}
|
Reference in New Issue
Block a user