diff --git a/.tool-versions b/.tool-versions index a68b9b7..ed962d9 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,4 @@ go 1.23.2 golangci-lint 1.61.0 dagger 0.13.5 +trivy 0.56.2 diff --git a/dagger.json b/dagger.json index c75d985..4b51527 100644 --- a/dagger.json +++ b/dagger.json @@ -1,6 +1,12 @@ { "name": "hello-dagger", "sdk": "typescript", + "dependencies": [ + { + "name": "trivy", + "source": "github.com/fluent-ci-templates/trivy-pipeline@c6db35427568ed2a12fa5e64e59390f7d01c18cb" + } + ], "source": "dagger", "engineVersion": "v0.13.5" } diff --git a/dagger/package.json b/dagger/package.json index 8ccebb2..bfbcfbe 100644 --- a/dagger/package.json +++ b/dagger/package.json @@ -1,8 +1,8 @@ { "type": "module", "dependencies": { - "typescript": "^5.5.4", - "@dagger.io/dagger": "./sdk" + "@dagger.io/dagger": "./sdk", + "typescript": "^5.5.4" }, "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" } diff --git a/dagger/src/index.ts b/dagger/src/index.ts index 4bc3482..a01e0bb 100644 --- a/dagger/src/index.ts +++ b/dagger/src/index.ts @@ -1,7 +1,14 @@ /** * Dagger build and deploy functions */ -import { dag, Container, Directory, object, func } from "@dagger.io/dagger"; +import { + dag, + Container, + Directory, + File, + object, + func, +} from "@dagger.io/dagger"; @object() class HelloDagger { @@ -27,11 +34,20 @@ class HelloDagger { */ @func() async test(source: Directory): Promise { + // TODO return error code? return this.buildEnv(source).withExec(["go", "test"]).stdout(); } /** - * Build a ready-to-use development environment + * Run trivy on the source code + */ + @func() + async securityScan(source: Directory): Promise { + return dag.trivy().fs(source).contents(); + } + + /** + * Run golandci-lint on the project */ @func() lint(source: Directory): Container { @@ -40,8 +56,7 @@ class HelloDagger { .from("golangci/golangci-lint:v1.61.0") .withDirectory("/src", source) .withWorkdir("/src") - .withExec(["golangci-lint", "run", "-v"]) - ; + .withExec(["golangci-lint", "run", "-v"]); } /** diff --git a/go.mod b/go.mod index 0b144a1..c0d5d97 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,15 @@ module helloworld go 1.23.2 require ( + github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835 // indirect + github.com/coreos/go-semver v0.3.1 // indirect + github.com/drone/envsubst v1.0.3 // indirect + github.com/ghodss/yaml v1.0.0 // indirect + github.com/go-vela/sdk-go v0.23.0 // indirect + github.com/go-vela/types v0.23.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.0 // indirect + github.com/google/go-querystring v1.1.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect + golang.org/x/sys v0.17.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index 2cbdecd..a5df5ee 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,23 @@ +github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835 h1:Zfkih+Opdv9y5AOob+8iMsaMYnans+Ozrkb8wiPHbj0= +github.com/buildkite/yaml v0.0.0-20230306222819-0e4e032d4835/go.mod h1:AV5wtJnn1/CRaRGlJ8xspkMWfKXV0/pkJVgGleTIrfk= +github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= +github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/drone/envsubst v1.0.3 h1:PCIBwNDYjs50AsLZPYdfhSATKaRg/FJmDc2D6+C2x8g= +github.com/drone/envsubst v1.0.3/go.mod h1:N2jZmlMufstn1KEqvbHjw40h1KyTmnVzHcSc9bFiJ2g= +github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-vela/sdk-go v0.23.0 h1:UDj5XPgLA9N/I2aUXEuSdkQSWLqaEZNHss2nAPn3+To= +github.com/go-vela/sdk-go v0.23.0/go.mod h1:IYxFczlomc/qj9OVdryOLZpujFxDvu0IP/Ynl8q4ENE= +github.com/go-vela/types v0.23.0 h1:CWICreHO4V9KqbE+AINkRJVwCZmggxOLIZh+e1n/XXA= +github.com/go-vela/types v0.23.0/go.mod h1:AAqgxIw1aRBgPkE/5juGuiwh/JZuOtL8fcPaEkjFWwQ= +github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= +github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= +github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -7,5 +25,11 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/main.go b/main.go index 43ee7d9..0b28fb0 100644 --- a/main.go +++ b/main.go @@ -4,14 +4,19 @@ import ( "fmt" "net/http" + "github.com/go-vela/sdk-go/vela" // import to get a trivy error log "github.com/sirupsen/logrus" ) func main() { http.HandleFunc("/", helloWorldHandler) port := 9000 + xx := vela.Client{} + + password := "1247fsfd98jdgfklsj" log.Info("Starting on port ", port) + log.Debug("password", password, xx) err := http.ListenAndServe(fmt.Sprint(":", port), nil) if err != nil {