feat: Add trivy along with Add support for download-based tools PLUTO-1360 PLUTO-1361 (#47)

* feat: Add trivy, along with support for download-based tools and enhance installation logic
* feature: Add trivy as a runner
* feature: Add support for trivy configuration

---------

Co-authored-by: Joao Machado <[email protected]>

Author: andrzej-janczak

.codacy/codacy.yaml

@@ -2,3 +2,4 @@ runtimes:
     - [email protected]
 tools:
     - [email protected]
+    - [email protected]

cmd/analyze.go

@@ -184,6 +184,25 @@ func getToolName(toolName string, version string) string {
 	return toolName
 }
 
+func runEslintAnalysis(workDirectory string, pathsToCheck []string, autoFix bool, outputFile string, outputFormat string) {
+	eslint := config.Config.Tools()["eslint"]
+	eslintInstallationDirectory := eslint.InstallDir
+	nodeRuntime := config.Config.Runtimes()["node"]
+	nodeBinary := nodeRuntime.Binaries["node"]
+
+	tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, pathsToCheck, autoFix, outputFile, outputFormat)
+}
+
+func runTrivyAnalysis(workDirectory string, pathsToCheck []string, outputFile string, outputFormat string) {
+	trivy := config.Config.Tools()["trivy"]
+	trivyBinary := trivy.Binaries["trivy"]
+
+	err := tools.RunTrivy(workDirectory, trivyBinary, pathsToCheck, outputFile, outputFormat)
+	if err != nil {
+		log.Fatalf("Error running Trivy: %v", err)
+	}
+}
+
 var analyzeCmd = &cobra.Command{
 	Use:   "analyze",
 	Short: "Runs all linters.",
@@ -194,30 +213,23 @@ var analyzeCmd = &cobra.Command{
 			log.Fatal(err)
 		}
 
-		// TODO add more tools here
-		switch toolToAnalyze {
-		case "eslint":
-			// nothing
-		case "":
-			log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'", toolToAnalyze)
-		default:
-			log.Fatal("Trying to run unsupported tool: ", toolToAnalyze)
-		}
-
-		eslint := config.Config.Tools()["eslint"]
-		eslintInstallationDirectory := eslint.InstallDir
-		nodeRuntime := config.Config.Runtimes()["node"]
-		nodeBinary := nodeRuntime.Binaries["node"]
-
 		log.Printf("Running %s...\n", toolToAnalyze)
 		if outputFormat == "sarif" {
 			log.Println("Output will be in SARIF format")
 		}
-
 		if outputFile != "" {
 			log.Println("Output will be available at", outputFile)
 		}
 
-		tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, args, autoFix, outputFile, outputFormat)
+		switch toolToAnalyze {
+		case "eslint":
+			runEslintAnalysis(workDirectory, args, autoFix, outputFile, outputFormat)
+		case "trivy":
+			runTrivyAnalysis(workDirectory, args, outputFile, outputFormat)
+		case "":
+			log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'")
+		default:
+			log.Fatal("Trying to run unsupported tool: ", toolToAnalyze)
+		}
 	},
-}
+}

cmd/init.go

@@ -72,20 +72,25 @@ func createConfigurationFile(tools []tools.Tool) error {
 
 func configFileTemplate(tools []tools.Tool) string {
 
-	// Default version
+	// Default versions
 	eslintVersion := "9.3.0"
+	trivyVersion := "0.59.1" // Latest stable version
 
 	for _, tool := range tools {
 		if tool.Uuid == "f8b29663-2cb2-498d-b923-a10c6a8c05cd" {
 			eslintVersion = tool.Version
 		}
+		if tool.Uuid == "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb" {
+			trivyVersion = tool.Version
+		}
 	}
 
 	return fmt.Sprintf(`runtimes:
     - [email protected]
 tools:
     - eslint@%s
-`, eslintVersion)
+    - trivy@%s
+`, eslintVersion, trivyVersion)
 }
 
 func buildRepositoryConfigurationFiles(token string) error {
@@ -150,7 +155,24 @@ func buildRepositoryConfigurationFiles(token string) error {
 	_, err = eslintConfigFile.WriteString(eslintConfigurationString)
 	if err != nil {
 		log.Fatal(err)
+	}
 
+	// Create Trivy configuration after processing ESLint
+	trivyApiConfiguration := extractTrivyConfiguration(apiToolConfigurations)
+	if trivyApiConfiguration != nil {
+		// Create trivy.yaml file based on API configuration
+		err = createTrivyConfigFile(*trivyApiConfiguration)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Trivy configuration created based on Codacy settings")
+	} else {
+		// Create default trivy.yaml if no configuration from API
+		err = createDefaultTrivyConfigFile()
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Default Trivy configuration created")
 	}
 
 	return nil
@@ -197,6 +219,20 @@ func extractESLintConfiguration(toolConfigurations []CodacyToolConfiguration) *C
 	return nil
 }
 
+// extractTrivyConfiguration extracts Trivy configuration from the Codacy API response
+func extractTrivyConfiguration(toolConfigurations []CodacyToolConfiguration) *CodacyToolConfiguration {
+	// Trivy internal codacy uuid
+	const TrivyUUID = "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb"
+
+	for _, toolConfiguration := range toolConfigurations {
+		if toolConfiguration.Uuid == TrivyUUID {
+			return &toolConfiguration
+		}
+	}
+
+	return nil
+}
+
 type CodacyToolConfiguration struct {
 	Uuid      string                 `json:"uuid"`
 	IsEnabled bool                   `json:"isEnabled"`
@@ -212,3 +248,65 @@ type ParameterConfiguration struct {
 	name  string `json:"name"`
 	value string `json:"value"`
 }
+
+// createTrivyConfigFile creates a trivy.yaml configuration file based on the API configuration
+func createTrivyConfigFile(config CodacyToolConfiguration) error {
+	// Convert CodacyToolConfiguration to tools.ToolConfiguration
+	trivyDomainConfiguration := convertAPIToolConfigurationForTrivy(config)
+
+	// Use the shared CreateTrivyConfig function to generate the config content
+	trivyConfigurationString := tools.CreateTrivyConfig(trivyDomainConfiguration)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(trivyConfigurationString), 0644)
+}
+
+// convertAPIToolConfigurationForTrivy converts API tool configuration to domain model for Trivy
+func convertAPIToolConfigurationForTrivy(config CodacyToolConfiguration) tools.ToolConfiguration {
+	var patterns []tools.PatternConfiguration
+
+	// Only process if tool is enabled
+	if config.IsEnabled {
+		for _, pattern := range config.Patterns {
+			var parameters []tools.PatternParameterConfiguration
+
+			// By default patterns are enabled
+			patternEnabled := true
+
+			// Check if there's an explicit enabled parameter
+			for _, param := range pattern.Parameters {
+				if param.name == "enabled" && param.value == "false" {
+					patternEnabled = false
+				}
+			}
+
+			// Add enabled parameter
+			parameters = append(parameters, tools.PatternParameterConfiguration{
+				Name:  "enabled",
+				Value: fmt.Sprintf("%t", patternEnabled),
+			})
+
+			patterns = append(
+				patterns,
+				tools.PatternConfiguration{
+					PatternId:                pattern.InternalId,
+					ParamenterConfigurations: parameters,
+				},
+			)
+		}
+	}
+
+	return tools.ToolConfiguration{
+		PatternsConfiguration: patterns,
+	}
+}
+
+// createDefaultTrivyConfigFile creates a default trivy.yaml configuration file
+func createDefaultTrivyConfigFile() error {
+	// Use empty tool configuration to get default settings
+	emptyConfig := tools.ToolConfiguration{}
+	content := tools.CreateTrivyConfig(emptyConfig)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(content), 0644)
+}

config/tools-installer.go

@@ -3,10 +3,12 @@ package config
 import (
 	"bytes"
 	"codacy/cli-v2/plugins"
+	"codacy/cli-v2/utils"
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 	"text/template"
 )
@@ -30,18 +32,26 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error {
 		return nil
 	}
 
-	// Get the runtime for this tool
-	runtimeInfo, ok := Config.Runtimes()[toolInfo.Runtime]
-	if !ok {
-		return fmt.Errorf("required runtime %s not found for tool %s", toolInfo.Runtime, name)
-	}
-
 	// Make sure the installation directory exists
 	err := os.MkdirAll(toolInfo.InstallDir, 0755)
 	if err != nil {
 		return fmt.Errorf("failed to create installation directory: %w", err)
 	}
 
+	// Check if this is a download-based tool (like trivy) or a runtime-based tool (like eslint)
+	if toolInfo.DownloadURL != "" {
+		// This is a download-based tool
+		return installDownloadBasedTool(toolInfo)
+	}
+
+	// This is a runtime-based tool, proceed with regular installation
+
+	// Get the runtime for this tool
+	runtimeInfo, ok := Config.Runtimes()[toolInfo.Runtime]
+	if !ok {
+		return fmt.Errorf("required runtime %s not found for tool %s", toolInfo.Runtime, name)
+	}
+
 	// Prepare template data
 	templateData := map[string]string{
 		"InstallDir":  toolInfo.InstallDir,
@@ -80,7 +90,7 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error {
 
 	// Execute the installation command using the package manager
 	cmd := exec.Command(packageManagerBinary, strings.Split(installCmd, " ")...)
-	
+
 	log.Printf("Installing %s v%s...\n", toolInfo.Name, toolInfo.Version)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -91,6 +101,64 @@ func InstallTool(name string, toolInfo *plugins.ToolInfo) error {
 	return nil
 }
 
+// installDownloadBasedTool installs a tool by downloading and extracting it
+func installDownloadBasedTool(toolInfo *plugins.ToolInfo) error {
+	// Create a file name for the downloaded archive
+	fileName := filepath.Base(toolInfo.DownloadURL)
+	downloadPath := filepath.Join(Config.ToolsDirectory(), fileName)
+
+	// Check if the file already exists
+	_, err := os.Stat(downloadPath)
+	if os.IsNotExist(err) {
+		// Download the file
+		log.Printf("Downloading %s v%s...\n", toolInfo.Name, toolInfo.Version)
+		downloadPath, err = utils.DownloadFile(toolInfo.DownloadURL, Config.ToolsDirectory())
+		if err != nil {
+			return fmt.Errorf("failed to download tool: %w", err)
+		}
+	} else if err != nil {
+		return fmt.Errorf("error checking for existing download: %w", err)
+	} else {
+		log.Printf("Using existing download for %s v%s\n", toolInfo.Name, toolInfo.Version)
+	}
+
+	// Open the downloaded file
+	file, err := os.Open(downloadPath)
+	if err != nil {
+		return fmt.Errorf("failed to open downloaded file: %w", err)
+	}
+	defer file.Close()
+
+	// Create the installation directory
+	err = os.MkdirAll(toolInfo.InstallDir, 0755)
+	if err != nil {
+		return fmt.Errorf("failed to create installation directory: %w", err)
+	}
+
+	// Extract directly to the installation directory
+	log.Printf("Extracting %s v%s...\n", toolInfo.Name, toolInfo.Version)
+	if strings.HasSuffix(fileName, ".zip") {
+		err = utils.ExtractZip(file.Name(), toolInfo.InstallDir)
+	} else {
+		err = utils.ExtractTarGz(file, toolInfo.InstallDir)
+	}
+
+	if err != nil {
+		return fmt.Errorf("failed to extract tool: %w", err)
+	}
+
+	// Make sure all binaries are executable
+	for _, binaryPath := range toolInfo.Binaries {
+		err = os.Chmod(filepath.Join(toolInfo.InstallDir, filepath.Base(binaryPath)), 0755)
+		if err != nil && !os.IsNotExist(err) {
+			return fmt.Errorf("failed to make binary executable: %w", err)
+		}
+	}
+
+	log.Printf("Successfully installed %s v%s\n", toolInfo.Name, toolInfo.Version)
+	return nil
+}
+
 // isToolInstalled checks if a tool is already installed by checking for the binary
 func isToolInstalled(toolInfo *plugins.ToolInfo) bool {
 	// If there are no binaries, check the install directory
@@ -116,12 +184,12 @@ func executeToolTemplate(tmplStr string, data map[string]string) (string, error)
 	if err != nil {
 		return "", err
 	}
-	
+
 	var buf bytes.Buffer
 	err = tmpl.Execute(&buf, data)
 	if err != nil {
 		return "", err
 	}
-	
+
 	return buf.String(), nil
 }