Merge pull request #44 from roseteague/master

feat: Enable Snyk
ocadotechnology · Apr 15, 2019 · b6b4551 · b6b4551
2 parents a7a31a8 + 49ccff2
commit b6b4551
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,6 +10,7 @@ env:
   - VCS_SOURCE="https://github.com/${TRAVIS_REPO_SLUG}"
   - secure: "z0oUHGGWxqtNuOyGz5DGi83gmAUDcS9ksVJrYVBLGUvgxeUCoYtNyySlLE/81bbKyTdLdeqtv0kEKhCIP1G9a1P+f2D9UCuu/pTSgEgjUlbBJqA+3seckQWt/SnfWr3hU/ySqt0UtB47rRyttZBzQmYgf2ECmDhVASRi3B02ogNHW4wwFBUwwYllotKXijz6NyYO85tzE2SeNrO8G2z0UjpLZAQawL3Whx5ApQeMm6iotDkSoQdUY0BtVap3rjG6wiY5WCBraPMWjlEZKCrbs08T7qqSkiB/RklXAppSSwB5OaLsH68xVE1/ZaNvvKa1YutoubJytyKYHYtVLBOyDOyYYPVn/Kgch0jnLL5hLkoyz8PDrHw2Pop9j+yNUUbEEihQbVpsU518IGX0X/z/jiy/nIcFIBo7diXzg+3w425Nk8iRKdmfaOC/t9/+qhpo+ULVloZcVr2Wv6kM34RDoowjit4SVRCn7XFo5PibQO+5neV0jdS5F/NPCF1LdWBV5uxjlLxcMxwEVTi4uvufRBswpOI2P9B9HY2lF02eLtCC7w90A954uIX/Gjojqy0QMbzKfPCl3IV0Geq5lcYhu8Hz9GqOJC/b81KcnvWGNzKYJjUIAWIWxjremkTMS12dgE8DGTx8p7z7nepWRqV63zVIYcRMP22517wZkTNaxEE="
 script:
+- npm install -g snyk
 - python setup.py test
 - ./.travis/docker-build.sh
 after_script:

diff --git a/.travis/docker-build.sh b/.travis/docker-build.sh
@@ -1,5 +1,15 @@
 #!/usr/bin/env bash
 
+testSnykIfEnabled() {
+  if [ -n "${SNYK_ORG}" ] && [ -n "${SNYK_TOKEN}" ]; then
+      local errors_found=false
+      snyk test --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}" --policy-path=.snyk --file=Dockerfile || errors_found=true
+      if ${errors_found} && [ "${SNYK_MODE}" != "WARN" ] ; then
+          exit 1
+      fi
+  fi
+}
+
 VERSION="$TRAVIS_COMMIT"
 if [ -n "${TRAVIS_TAG}" ]; then
   VERSION="${TRAVIS_TAG}"
@@ -19,6 +29,7 @@ docker build --pull --cache-from "$TRAVIS_REPO_SLUG" --tag "$TRAVIS_REPO_SLUG" \
   --label="org.opencontainers.image.revision=${TRAVIS_COMMIT}" \
   --label="org.opencontainers.image.authors=$(git log --format='%aE' Dockerfile | sort -u | tr '\n' ' ')" .
 
+testSnykIfEnabled
 
 if [ "${TRAVIS_TAG}" ]; then
   docker tag "${TRAVIS_REPO_SLUG}" "${TRAVIS_REPO_SLUG}:${TRAVIS_TAG}"

diff --git a/.travis/docker-push.sh b/.travis/docker-push.sh
@@ -1,9 +1,20 @@
 #!/usr/bin/env bash
 
+performSnykAnalysisIfEnabled() {
+  if [ -n "${SNYK_ORG}" ] && [ -n "${SNYK_TOKEN}" ]; then
+      snyk monitor --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT}" --policy-path=.snyk
+      if [[ -n "$TRAVIS_TAG" ]]; then
+          snyk monitor --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}:${TRAVIS_TAG}"
+      fi
+  fi
+}
+
 docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
 
 if [ "${TRAVIS_TAG}" ]; then
   docker push "${TRAVIS_REPO_SLUG}:${TRAVIS_TAG}"
 fi
 docker push "${TRAVIS_REPO_SLUG}:latest" && \
 docker push "${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT}" 
+
+performSnykAnalysisIfEnabled