Implement #Image
Signed-off-by: guillaume <guillaume.derouville@gmail.com>
This commit is contained in:
parent
aac70c2f17
commit
701be92dad
2
stdlib/.dagger/env/trivy/.gitignore
vendored
Normal file
2
stdlib/.dagger/env/trivy/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# dagger state
|
||||
state/**
|
23
stdlib/.dagger/env/trivy/values.yaml
vendored
Normal file
23
stdlib/.dagger/env/trivy/values.yaml
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
plan:
|
||||
package: ./trivy/tests
|
||||
name: trivy
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1gxwmtwahzwdmrskhf90ppwlnze30lgpm056kuesrxzeuyclrwvpsupwtpk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QVVmbFlHazZaeDJ6Vk5l
|
||||
dldPbmttNWhLb1hnVjZMMGRkdk9kR3ErMENZCkJBOGN5NDFZYzRHR0N6d1NIeDMx
|
||||
QXV0RkJydWltL092YnFNY3FGcUlYTGsKLS0tIGcxV0tYOGRNTE51K0VCNHAwcEtn
|
||||
bHZuNEZsYnNNaHdBOFBTYmJtNC9JRncKVcqn44INSaA5TGRl/566DMu7scX9UjtV
|
||||
3FhUcSfLFJXviw/ll3dUONXOQJTe3p9SgFCHir2qnMmJqErDDvqj/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2021-10-21T14:00:04Z"
|
||||
mac: ENC[AES256_GCM,data:YTCRHj9jF0JBXEmC8ljCnEweQKCdMYry2GiPoveFBuwG3aSSTLhoPbrLNA+0FJ/AEaQNwNDv8KbZ6i9phcDCmTh6LVIVryxWy5Th8kFp9CSyYyyIBU64OO57hsXtIDvWW1IXtXqd8mngjv3v57/SIsRxo1amTOlSKbjAoY61Rw8=,iv:xcDXzNYOXbEfowEAzf+wVrb0vJFTr0aTCRS23Nj0OmE=,tag:qQjpB4xs014EaEswwrOWeQ==,type:str]
|
||||
pgp: []
|
||||
encrypted_suffix: secret
|
||||
version: 3.7.1
|
59
stdlib/trivy/image.cue
Normal file
59
stdlib/trivy/image.cue
Normal file
@ -0,0 +1,59 @@
|
||||
package trivy
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"alpha.dagger.io/os"
|
||||
)
|
||||
|
||||
// Scan an Image
|
||||
#Image: {
|
||||
// Trivy configuration
|
||||
config: #Config
|
||||
|
||||
// Image source (AWS, GCP, Docker Hub, Self hosted)
|
||||
source: string
|
||||
|
||||
// Trivy Image arguments
|
||||
args: [arg=string]: string
|
||||
|
||||
// Enforce args best practices
|
||||
args: {
|
||||
"--exit-code": *"1" | string
|
||||
"--severity": *"HIGH,CRITICAL" | string
|
||||
"--format": *"table" | string
|
||||
"--ignore-unfixed": *"true" | string
|
||||
}
|
||||
|
||||
ctr: os.#Container & {
|
||||
image: #CLI & {
|
||||
"config": config
|
||||
}
|
||||
shell: {
|
||||
path: "/bin/bash"
|
||||
args: ["--noprofile", "--norc", "-eo", "pipefail", "-c"]
|
||||
}
|
||||
command: #"""
|
||||
trivyArgs="$(
|
||||
echo "$ARGS" |
|
||||
jq -c '
|
||||
to_entries |
|
||||
map(.key + " " + (.value | tostring) + " ") |
|
||||
add
|
||||
')"
|
||||
|
||||
trivy image "$trivyArgs" "$SOURCE"
|
||||
echo "$SOURCE" > /ref
|
||||
"""#
|
||||
env: ARGS: json.Marshal(args)
|
||||
env: SOURCE: source
|
||||
}
|
||||
|
||||
// Export ref to create dependency (wait for the check to finish)
|
||||
ref: {
|
||||
os.#File & {
|
||||
from: ctr
|
||||
path: "/ref"
|
||||
}
|
||||
}.contents @dagger(output)
|
||||
}
|
2
stdlib/trivy/tests/trivy.cue
Normal file
2
stdlib/trivy/tests/trivy.cue
Normal file
@ -0,0 +1,2 @@
|
||||
package trivy
|
||||
|
@ -3,9 +3,10 @@ package trivy
|
||||
import (
|
||||
"strconv"
|
||||
|
||||
"alpha.dagger.io/alpine"
|
||||
"alpha.dagger.io/aws"
|
||||
"alpha.dagger.io/dagger"
|
||||
"alpha.dagger.io/os"
|
||||
"alpha.dagger.io/dagger/op"
|
||||
)
|
||||
|
||||
// Set Trivy download source
|
||||
@ -19,10 +20,10 @@ import (
|
||||
// Docker Hub / Self hosted registry auth
|
||||
basicAuth: {
|
||||
// Username
|
||||
username: dagger.#Input & {string} | *""
|
||||
username: dagger.#Input & {string}
|
||||
|
||||
// Password
|
||||
password: dagger.#Input & {dagger.#Secret} | *""
|
||||
password: dagger.#Input & {dagger.#Secret}
|
||||
|
||||
// No SSL connection
|
||||
noSSL: *false | bool
|
||||
@ -32,7 +33,7 @@ import (
|
||||
awsAuth: aws.#Config | *null
|
||||
|
||||
// GCR auth (credential.json as string)
|
||||
gcpAuth: dagger.#Input & {string} | *null
|
||||
gcpAuth: dagger.#Input & {dagger.#Secret | *null}
|
||||
}
|
||||
|
||||
// Re-usable CLI component
|
||||
@ -46,15 +47,15 @@ import (
|
||||
package: bash: "=~5.1"
|
||||
package: curl: true
|
||||
}
|
||||
},
|
||||
}
|
||||
},
|
||||
if config.awsAuth != null {
|
||||
op.#Load & {
|
||||
from: aws.#CLI & {
|
||||
"config": config
|
||||
}
|
||||
},
|
||||
}
|
||||
},
|
||||
op.#Exec & {
|
||||
args: ["sh", "-c",
|
||||
#"""
|
||||
@ -92,14 +93,14 @@ import (
|
||||
env: TRIVY_USERNAME: config.basicAuth.username
|
||||
env: TRIVY_NON_SSL: strconv.FormatBool(config.basicAuth.noSSL)
|
||||
mount: "/password": secret: config.basicAuth.password
|
||||
},
|
||||
}
|
||||
},
|
||||
// config.gcpAuth case
|
||||
if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
|
||||
op.#WriteFile & {
|
||||
dest: "/credentials.json"
|
||||
content: gcpAuth
|
||||
},
|
||||
content: config.gcpAuth
|
||||
}
|
||||
op.#Exec & {
|
||||
args: ["/bin/bash", "-c",
|
||||
#"""
|
||||
@ -116,22 +117,7 @@ import (
|
||||
chmod +x /usr/local/bin/trivy
|
||||
"""#,
|
||||
]
|
||||
},
|
||||
}
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
// #Image
|
||||
// {
|
||||
// // Image source (AWS, GCP, Docker Hub, Self hosted)
|
||||
// source: string
|
||||
|
||||
// // Trivy Image arguments
|
||||
// args: [arg=string]: string
|
||||
|
||||
// ctr: os.#Container & {
|
||||
// command: #"""
|
||||
// """#
|
||||
// }
|
||||
// }
|
||||
|
Reference in New Issue
Block a user