From 49ccff2e3718c7a3e0d0dd864ba38aa825a8e5bf Mon Sep 17 00:00:00 2001 From: "rosemary.teague" Date: Fri, 12 Apr 2019 11:47:39 +0100 Subject: [PATCH] feat: Enable Snyk Part of https://gitlab.tech.lastmile.com/osp-cfc-platform/backlog/issues/895 --- .travis.yml | 1 + .travis/docker-build.sh | 11 +++++++++++ .travis/docker-push.sh | 11 +++++++++++ 3 files changed, 23 insertions(+) diff --git a/.travis.yml b/.travis.yml index 599c1d7..63b2e9a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ env: - VCS_SOURCE="https://github.com/${TRAVIS_REPO_SLUG}" - secure: "z0oUHGGWxqtNuOyGz5DGi83gmAUDcS9ksVJrYVBLGUvgxeUCoYtNyySlLE/81bbKyTdLdeqtv0kEKhCIP1G9a1P+f2D9UCuu/pTSgEgjUlbBJqA+3seckQWt/SnfWr3hU/ySqt0UtB47rRyttZBzQmYgf2ECmDhVASRi3B02ogNHW4wwFBUwwYllotKXijz6NyYO85tzE2SeNrO8G2z0UjpLZAQawL3Whx5ApQeMm6iotDkSoQdUY0BtVap3rjG6wiY5WCBraPMWjlEZKCrbs08T7qqSkiB/RklXAppSSwB5OaLsH68xVE1/ZaNvvKa1YutoubJytyKYHYtVLBOyDOyYYPVn/Kgch0jnLL5hLkoyz8PDrHw2Pop9j+yNUUbEEihQbVpsU518IGX0X/z/jiy/nIcFIBo7diXzg+3w425Nk8iRKdmfaOC/t9/+qhpo+ULVloZcVr2Wv6kM34RDoowjit4SVRCn7XFo5PibQO+5neV0jdS5F/NPCF1LdWBV5uxjlLxcMxwEVTi4uvufRBswpOI2P9B9HY2lF02eLtCC7w90A954uIX/Gjojqy0QMbzKfPCl3IV0Geq5lcYhu8Hz9GqOJC/b81KcnvWGNzKYJjUIAWIWxjremkTMS12dgE8DGTx8p7z7nepWRqV63zVIYcRMP22517wZkTNaxEE=" script: +- npm install -g snyk - python setup.py test - ./.travis/docker-build.sh after_script: diff --git a/.travis/docker-build.sh b/.travis/docker-build.sh index a886b03..49642fe 100755 --- a/.travis/docker-build.sh +++ b/.travis/docker-build.sh @@ -1,5 +1,15 @@ #!/usr/bin/env bash +testSnykIfEnabled() { + if [ -n "${SNYK_ORG}" ] && [ -n "${SNYK_TOKEN}" ]; then + local errors_found=false + snyk test --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}" --policy-path=.snyk --file=Dockerfile || errors_found=true + if ${errors_found} && [ "${SNYK_MODE}" != "WARN" ] ; then + exit 1 + fi + fi +} + VERSION="$TRAVIS_COMMIT" if [ -n "${TRAVIS_TAG}" ]; then VERSION="${TRAVIS_TAG}" @@ -19,6 +29,7 @@ docker build --pull --cache-from "$TRAVIS_REPO_SLUG" --tag "$TRAVIS_REPO_SLUG" \ --label="org.opencontainers.image.revision=${TRAVIS_COMMIT}" \ --label="org.opencontainers.image.authors=$(git log --format='%aE' Dockerfile | sort -u | tr '\n' ' ')" . +testSnykIfEnabled if [ "${TRAVIS_TAG}" ]; then docker tag "${TRAVIS_REPO_SLUG}" "${TRAVIS_REPO_SLUG}:${TRAVIS_TAG}" diff --git a/.travis/docker-push.sh b/.travis/docker-push.sh index 06d8475..424780d 100755 --- a/.travis/docker-push.sh +++ b/.travis/docker-push.sh @@ -1,5 +1,14 @@ #!/usr/bin/env bash +performSnykAnalysisIfEnabled() { + if [ -n "${SNYK_ORG}" ] && [ -n "${SNYK_TOKEN}" ]; then + snyk monitor --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT}" --policy-path=.snyk + if [[ -n "$TRAVIS_TAG" ]]; then + snyk monitor --org="${SNYK_ORG}" --docker "${TRAVIS_REPO_SLUG}:${TRAVIS_TAG}" + fi + fi +} + docker login -u "$REGISTRY_USER" -p "$REGISTRY_PASS" if [ "${TRAVIS_TAG}" ]; then @@ -7,3 +16,5 @@ if [ "${TRAVIS_TAG}" ]; then fi docker push "${TRAVIS_REPO_SLUG}:latest" && \ docker push "${TRAVIS_REPO_SLUG}:${TRAVIS_COMMIT}" + +performSnykAnalysisIfEnabled \ No newline at end of file