Fix packages + Implement working tests

Signed-off-by: guillaume <guillaume.derouville@gmail.com>
2021-10-28 01:37:52 +02:00
parent 701be92dad
commit 3fb03cd2d7
7 changed files with 201 additions and 40 deletions
--- a/stdlib/trivy/trivy.cue
+++ b/stdlib/trivy/trivy.cue
@@ -7,6 +7,7 @@ import (
 	"alpha.dagger.io/aws"
 	"alpha.dagger.io/dagger"
 	"alpha.dagger.io/dagger/op"
+	"alpha.dagger.io/gcp"
 )

 // Set Trivy download source
@@ -32,8 +33,8 @@ import (
 	// AWS ECR auth
 	awsAuth: aws.#Config | *null

-	// GCR auth (credential.json as string)
-	gcpAuth: dagger.#Input & {dagger.#Secret | *null}
+	// GCP auth 
+	gcpAuth: gcp.#Config | *null
 }

 // Re-usable CLI component
@@ -41,25 +42,33 @@ import (
 	config: #Config

 	#up: [
-		if config.awsAuth == null {
+		if config.awsAuth == null && config.gcpAuth == null {
 			op.#Load & {
 				from: alpine.#Image & {
 					package: bash: "=~5.1"
 					package: curl: true
+					package: jq:   "=~1.6"
 				}
 			}
 		},
-		if config.awsAuth != null {
+		if config.awsAuth != null && config.gcpAuth == null {
 			op.#Load & {
 				from: aws.#CLI & {
-					"config": config
+					"config": config.awsAuth
+				}
+			}
+		},
+		if config.awsAuth == null && config.gcpAuth != null {
+			op.#Load & {
+				from: gcp.#GCloud & {
+					"config": config.gcpAuth
 				}
 			}
 		},
 		op.#Exec & {
 			args: ["sh", "-c",
 				#"""
-					curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh &&
+					curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.18.3 &&
 					chmod +x /usr/local/bin/trivy
 					"""#,
 			]
@@ -77,11 +86,11 @@ import (

 						# Construct env string from env vars
 						envs=()
-						[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME={$TRIVY_USERNAME}")
+						[ -n "$TRIVY_USERNAME" ] && envs+=("TRIVY_USERNAME=$TRIVY_USERNAME")
 						[ -n "$TRIVY_NON_SSL" ] && envs+=("TRIVY_NON_SSL=$TRIVY_NON_SSL")

 						# Append secret to env string
-						[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD={$(cat /password)}")
+						[ -n "$(cat /password)" ] && envs+=("TRIVY_PASSWORD=$(cat /password)")

 						# Append full command
 						echo "${envs[@]}" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
@@ -97,10 +106,6 @@ import (
 		},
 		// config.gcpAuth case
 		if config.basicAuth == null && config.awsAuth == null && config.gcpAuth != null {
-			op.#WriteFile & {
-				dest:    "/credentials.json"
-				content: config.gcpAuth
-			}
 			op.#Exec & {
 				args: ["/bin/bash", "-c",
 					#"""
@@ -111,7 +116,7 @@ import (
 						echo '#!/bin/bash'$'\n' > /usr/local/bin/trivy

 						# Append full command
-						echo "TRIVY_USERNAME=" "GOOGLE_APPLICATION_CREDENTIALS=/credentials.json" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy
+						echo "TRIVY_USERNAME=''" "GOOGLE_APPLICATION_CREDENTIALS=/service_key" '/usr/local/bin/trivy-dagger "$@"' >> /usr/local/bin/trivy

 						# Make it executable
 						chmod +x /usr/local/bin/trivy