Implement #Image
Signed-off-by: guillaume <guillaume.derouville@gmail.com>
This commit is contained in:
parent
aac70c2f17
commit
701be92dad
2
stdlib/.dagger/env/trivy/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/trivy/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# dagger state
|
||||||
|
state/**
|
23
stdlib/.dagger/env/trivy/values.yaml
vendored
Normal file
23
stdlib/.dagger/env/trivy/values.yaml
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
plan:
|
||||||
|
package: ./trivy/tests
|
||||||
|
name: trivy
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QVVmbFlHazZaeDJ6Vk5l
|
||||||
|
dldPbmttNWhLb1hnVjZMMGRkdk9kR3ErMENZCkJBOGN5NDFZYzRHR0N6d1NIeDMx
|
||||||
|
QXV0RkJydWltL092YnFNY3FGcUlYTGsKLS0tIGcxV0tYOGRNTE51K0VCNHAwcEtn
|
||||||
|
bHZuNEZsYnNNaHdBOFBTYmJtNC9JRncKVcqn44INSaA5TGRl/566DMu7scX9UjtV
|
||||||
|
3FhUcSfLFJXviw/ll3dUONXOQJTe3p9SgFCHir2qnMmJqErDDvqj/Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2021-10-21T14:00:04Z"
|
||||||
|
mac: ENC[AES256_GCM,data:YTCRHj9jF0JBXEmC8ljCnEweQKCdMYry2GiPoveFBuwG3aSSTLhoPbrLNA+0FJ/AEaQNwNDv8KbZ6i9phcDCmTh6LVIVryxWy5Th8kFp9CSyYyyIBU64OO57hsXtIDvWW1IXtXqd8mngjv3v57/SIsRxo1amTOlSKbjAoY61Rw8=,iv:xcDXzNYOXbEfowEAzf+wVrb0vJFTr0aTCRS23Nj0OmE=,tag:qQjpB4xs014EaEswwrOWeQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_suffix: secret
|
||||||
|
version: 3.7.1
|
59
stdlib/trivy/image.cue
Normal file
59
stdlib/trivy/image.cue
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
package trivy
|
||||||
|
|
||||||
|
import (
|
||||||
|
"encoding/json"
|
||||||
|
|
||||||
|
"alpha.dagger.io/os"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Scan an Image
|
||||||
|
#Image: {
|
||||||
|
// Trivy configuration
|
||||||
|
config: #Config
|
||||||
|
|
||||||
|
// Image source (AWS, GCP, Docker Hub, Self hosted)
|
||||||
|
source: string
|
||||||
|
|
||||||
|
// Trivy Image arguments
|
||||||
|
args: [arg=string]: string
|
||||||
|
|
||||||
|
// Enforce args best practices
|
||||||
|
args: {
|
||||||
|
"--exit-code": *"1" | string
|
||||||
|
"--severity": *"HIGH,CRITICAL" | string
|
||||||
|
"--format": *"table" | string
|
||||||
|
"--ignore-unfixed": *"true" | string
|
||||||
|
}
|
||||||
|
|
||||||
|
ctr: os.#Container & {
|
||||||
|
image: #CLI & {
|
||||||
|
"config": config
|
||||||
|
}
|
||||||
|
shell: {
|
||||||
|
path: "/bin/bash"
|
||||||
|
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
|
||||||
|
}
|
||||||
|
command: #"""
|
||||||
|
trivyArgs="$(
|
||||||
|
echo "$ARGS" |
|
||||||
|
jq -c '
|
||||||
|
to_entries |
|
||||||
|
map(.key + " " + (.value | tostring) + " ") |
|
||||||
|
add
|
||||||
|
')"
|
||||||
|
|
||||||
|
trivy image "$trivyArgs" "$SOURCE"
|
||||||
|
echo "$SOURCE" > /ref
|
||||||
|
"""#
|
||||||
|
env: ARGS: json.Marshal(args)
|
||||||
|
env: SOURCE: source
|
||||||
|
}
|
||||||
|
|
||||||
|
// Export ref to create dependency (wait for the check to finish)
|
||||||
|
ref: {
|
||||||
|
os.#File & {
|
||||||
|
from: ctr
|
||||||
|
path: "/ref"
|
||||||
|
}
|
||||||
|
}.contents @dagger(output)
|
||||||
|
}
|
2
stdlib/trivy/tests/trivy.cue
Normal file
2
stdlib/trivy/tests/trivy.cue
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
package trivy
|
||||||
|
|
@ -3,9 +3,10 @@ package trivy
|
|||||||
import (
|
import (
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"alpha.dagger.io/alpine"
|
||||||
"alpha.dagger.io/aws"
|
"alpha.dagger.io/aws"
|
||||||
"alpha.dagger.io/dagger"
|
"alpha.dagger.io/dagger"
|
||||||
"alpha.dagger.io/os"
|
"alpha.dagger.io/dagger/op"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Set Trivy download source
|
// Set Trivy download source
|
||||||
@ -19,20 +20,20 @@ import (
|
|||||||
// Docker Hub / Self hosted registry auth
|
// Docker Hub / Self hosted registry auth
|
||||||
basicAuth: {
|
basicAuth: {
|
||||||
// Username
|
// Username
|
||||||
username: dagger.#Input & {string} | *""
|
username: dagger.#Input & {string}
|
||||||
|
|
||||||
// Password
|
// Password
|
||||||
password: dagger.#Input & {dagger.#Secret} | *""
|
password: dagger.#Input & {dagger.#Secret}
|
||||||
|
|
||||||
// No SSL connection
|
// No SSL connection
|
||||||
noSSL: *false | bool
|
noSSL: *false | bool
|
||||||
} | *null
|
} | *null
|
||||||
|
|
||||||
// AWS ECR auth
|
// AWS ECR auth
|
||||||
awsAuth: aws.#Config | *null
|
awsAuth: aws.#Config | *null
|
||||||
|
|
||||||
// GCR auth (credential.json as string)
|
// GCR auth (credential.json as string)
|
||||||
gcpAuth: dagger.#Input & {string} | *null
|
gcpAuth: dagger.#Input & {dagger.#Secret | *null}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Re-usable CLI component
|
// Re-usable CLI component
|
||||||
@ -46,15 +47,15 @@ import (
|
|||||||
package: bash: "=~5.1"
|
package: bash: "=~5.1"
|
||||||
package: curl: true
|
package: curl: true
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
}
|
},
|
||||||
if config.awsAuth != null {
|
if config.awsAuth != null {
|
||||||
op.#Load & {
|
op.#Load & {
|
||||||
from: aws.#CLI & {
|
from: aws.#CLI & {
|
||||||
"config": config
|
"config": config
|
||||||
}
|
}
|
||||||
},
|
}
|
||||||
}
|
},
|
||||||
op.#Exec & {
|
op.#Exec & {
|
||||||
args: ["sh", "-c",
|
args: ["sh", "-c",
|
||||||
#"""
|
#"""
|
||||||
@ -90,16 +91,16 @@ import (
|
|||||||
"""#,
|
"""#,
|
||||||
]
|
]
|
||||||
env: TRIVY_USERNAME: config.basicAuth.username
|
env: TRIVY_USERNAME: config.basicAuth.username
|
||||||
env: TRIVY_NON_SSL: strconv.FormatBool(config.basicAuth.noSSL)
|
env: TRIVY_NON_SSL: strconv.FormatBool(config.basicAuth.noSSL)
|
||||||
mount: "/password": secret: config.basicAuth.password
|
mount: "/password": secret: config.basicAuth.password
|
||||||
},
|
}
|
||||||
}
|
},
|
||||||
// config.gcpAuth case
|
// config.gcpAuth case
|
||||||
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
|
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
|
||||||
op.#WriteFile & {
|
op.#WriteFile & {
|
||||||
dest: "/credentials.json"
|
dest: "/credentials.json"
|
||||||
content: gcpAuth
|
content: config.gcpAuth
|
||||||
},
|
}
|
||||||
op.#Exec & {
|
op.#Exec & {
|
||||||
args: ["/bin/bash", "-c",
|
args: ["/bin/bash", "-c",
|
||||||
#"""
|
#"""
|
||||||
@ -116,22 +117,7 @@ import (
|
|||||||
chmod +x /usr/local/bin/trivy
|
chmod +x /usr/local/bin/trivy
|
||||||
"""#,
|
"""#,
|
||||||
]
|
]
|
||||||
},
|
}
|
||||||
}
|
},
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// #Image
|
|
||||||
// {
|
|
||||||
// // Image source (AWS, GCP, Docker Hub, Self hosted)
|
|
||||||
// source: string
|
|
||||||
|
|
||||||
// // Trivy Image arguments
|
|
||||||
// args: [arg=string]: string
|
|
||||||
|
|
||||||
// ctr: os.#Container & {
|
|
||||||
// command: #"""
|
|
||||||
// """#
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
Reference in New Issue
Block a user