Merge branch 'main' into python_runtime

Author: zhamborova

.codacy/codacy.yaml

@@ -2,3 +2,4 @@ runtimes:
     - [email protected]
 tools:
     - [email protected]
+    - [email protected]

.github/workflows/go.yml

@@ -94,30 +94,31 @@ jobs:
       #     Write-Host "Attempting to run CLI..."
       #     .\cli-v2.exe install
 
-  release:
-    needs: [test, ittest]
-    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && github.event_name == 'push'
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@v4
-      - name: "Git Version"
-        id: generate-version
-        uses: codacy/[email protected]
-      - name: "Tag version"
-        run: |
-          git tag ${{ steps.generate-version.outputs.version }}
-          git push --tags "https://codacy:${{ secrets.GITHUB_TOKEN }}@github.com/codacy/codacy-cli-v2"
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5
-        with:
-          distribution: goreleaser
-          # 'latest', 'nightly', or a semver
-          version: "latest"
-          args: release --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+## For now we are not releasing the CLI, as we are making some quicker iterations
+  # release:
+  #   needs: [test, ittest]
+  #   if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && github.event_name == 'push'
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+  #       with:
+  #         fetch-depth: 0
+  #     - name: Set up Go
+  #       uses: actions/setup-go@v4
+  #     - name: "Git Version"
+  #       id: generate-version
+  #       uses: codacy/[email protected]
+  #     - name: "Tag version"
+  #       run: |
+  #         git tag ${{ steps.generate-version.outputs.version }}
+  #         git push --tags "https://codacy:${{ secrets.GITHUB_TOKEN }}@github.com/codacy/codacy-cli-v2"
+  #     - name: Run GoReleaser
+  #       uses: goreleaser/goreleaser-action@v5
+  #       with:
+  #         distribution: goreleaser
+  #         # 'latest', 'nightly', or a semver
+  #         version: "latest"
+  #         args: release --clean
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -22,5 +22,6 @@ go.work
 go.work.sum
 
 .idea/
+.vscode/
 
-cli-v2
+cli-v2

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Codacy
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

cmd/analyze.go

@@ -184,6 +184,25 @@ func getToolName(toolName string, version string) string {
 	return toolName
 }
 
+func runEslintAnalysis(workDirectory string, pathsToCheck []string, autoFix bool, outputFile string, outputFormat string) {
+	eslint := config.Config.Tools()["eslint"]
+	eslintInstallationDirectory := eslint.InstallDir
+	nodeRuntime := config.Config.Runtimes()["node"]
+	nodeBinary := nodeRuntime.Binaries["node"]
+
+	tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, pathsToCheck, autoFix, outputFile, outputFormat)
+}
+
+func runTrivyAnalysis(workDirectory string, pathsToCheck []string, outputFile string, outputFormat string) {
+	trivy := config.Config.Tools()["trivy"]
+	trivyBinary := trivy.Binaries["trivy"]
+
+	err := tools.RunTrivy(workDirectory, trivyBinary, pathsToCheck, outputFile, outputFormat)
+	if err != nil {
+		log.Fatalf("Error running Trivy: %v", err)
+	}
+}
+
 var analyzeCmd = &cobra.Command{
 	Use:   "analyze",
 	Short: "Runs all linters.",
@@ -194,30 +213,23 @@ var analyzeCmd = &cobra.Command{
 			log.Fatal(err)
 		}
 
-		// TODO add more tools here
-		switch toolToAnalyze {
-		case "eslint":
-			// nothing
-		case "":
-			log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'", toolToAnalyze)
-		default:
-			log.Fatal("Trying to run unsupported tool: ", toolToAnalyze)
-		}
-
-		eslint := config.Config.Tools()["eslint"]
-		eslintInstallationDirectory := eslint.Info()["installDir"]
-		nodeRuntime := config.Config.Runtimes()["node"]
-		nodeBinary := nodeRuntime.Binaries["node"]
-
 		log.Printf("Running %s...\n", toolToAnalyze)
 		if outputFormat == "sarif" {
 			log.Println("Output will be in SARIF format")
 		}
-
 		if outputFile != "" {
 			log.Println("Output will be available at", outputFile)
 		}
 
-		tools.RunEslint(workDirectory, eslintInstallationDirectory, nodeBinary, args, autoFix, outputFile, outputFormat)
+		switch toolToAnalyze {
+		case "eslint":
+			runEslintAnalysis(workDirectory, args, autoFix, outputFile, outputFormat)
+		case "trivy":
+			runTrivyAnalysis(workDirectory, args, outputFile, outputFormat)
+		case "":
+			log.Fatal("You need to specify a tool to run analysis with, e.g., '--tool eslint'")
+		default:
+			log.Fatal("Trying to run unsupported tool: ", toolToAnalyze)
+		}
 	},
 }

cmd/init.go

@@ -72,21 +72,26 @@ func createConfigurationFile(tools []tools.Tool) error {
 
 func configFileTemplate(tools []tools.Tool) string {
 
-	// Default version
+	// Default versions
 	eslintVersion := "9.3.0"
+	trivyVersion := "0.59.1" // Latest stable version
 
 	for _, tool := range tools {
 		if tool.Uuid == "f8b29663-2cb2-498d-b923-a10c6a8c05cd" {
 			eslintVersion = tool.Version
 		}
+		if tool.Uuid == "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb" {
+			trivyVersion = tool.Version
+		}
 	}
 
 	return fmt.Sprintf(`runtimes:
     - [email protected]
     - [email protected]
 tools:
     - eslint@%s
-`, eslintVersion)
+    - trivy@%s
+`, eslintVersion, trivyVersion)
 }
 
 func buildRepositoryConfigurationFiles(token string) error {
@@ -151,7 +156,24 @@ func buildRepositoryConfigurationFiles(token string) error {
 	_, err = eslintConfigFile.WriteString(eslintConfigurationString)
 	if err != nil {
 		log.Fatal(err)
+	}
 
+	// Create Trivy configuration after processing ESLint
+	trivyApiConfiguration := extractTrivyConfiguration(apiToolConfigurations)
+	if trivyApiConfiguration != nil {
+		// Create trivy.yaml file based on API configuration
+		err = createTrivyConfigFile(*trivyApiConfiguration)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Trivy configuration created based on Codacy settings")
+	} else {
+		// Create default trivy.yaml if no configuration from API
+		err = createDefaultTrivyConfigFile()
+		if err != nil {
+			log.Fatal(err)
+		}
+		fmt.Println("Default Trivy configuration created")
 	}
 
 	return nil
@@ -198,6 +220,20 @@ func extractESLintConfiguration(toolConfigurations []CodacyToolConfiguration) *C
 	return nil
 }
 
+// extractTrivyConfiguration extracts Trivy configuration from the Codacy API response
+func extractTrivyConfiguration(toolConfigurations []CodacyToolConfiguration) *CodacyToolConfiguration {
+	// Trivy internal codacy uuid
+	const TrivyUUID = "2fd7fbe0-33f9-4ab3-ab73-e9b62404e2cb"
+
+	for _, toolConfiguration := range toolConfigurations {
+		if toolConfiguration.Uuid == TrivyUUID {
+			return &toolConfiguration
+		}
+	}
+
+	return nil
+}
+
 type CodacyToolConfiguration struct {
 	Uuid      string                 `json:"uuid"`
 	IsEnabled bool                   `json:"isEnabled"`
@@ -213,3 +249,65 @@ type ParameterConfiguration struct {
 	name  string `json:"name"`
 	value string `json:"value"`
 }
+
+// createTrivyConfigFile creates a trivy.yaml configuration file based on the API configuration
+func createTrivyConfigFile(config CodacyToolConfiguration) error {
+	// Convert CodacyToolConfiguration to tools.ToolConfiguration
+	trivyDomainConfiguration := convertAPIToolConfigurationForTrivy(config)
+
+	// Use the shared CreateTrivyConfig function to generate the config content
+	trivyConfigurationString := tools.CreateTrivyConfig(trivyDomainConfiguration)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(trivyConfigurationString), 0644)
+}
+
+// convertAPIToolConfigurationForTrivy converts API tool configuration to domain model for Trivy
+func convertAPIToolConfigurationForTrivy(config CodacyToolConfiguration) tools.ToolConfiguration {
+	var patterns []tools.PatternConfiguration
+
+	// Only process if tool is enabled
+	if config.IsEnabled {
+		for _, pattern := range config.Patterns {
+			var parameters []tools.PatternParameterConfiguration
+
+			// By default patterns are enabled
+			patternEnabled := true
+
+			// Check if there's an explicit enabled parameter
+			for _, param := range pattern.Parameters {
+				if param.name == "enabled" && param.value == "false" {
+					patternEnabled = false
+				}
+			}
+
+			// Add enabled parameter
+			parameters = append(parameters, tools.PatternParameterConfiguration{
+				Name:  "enabled",
+				Value: fmt.Sprintf("%t", patternEnabled),
+			})
+
+			patterns = append(
+				patterns,
+				tools.PatternConfiguration{
+					PatternId:                pattern.InternalId,
+					ParamenterConfigurations: parameters,
+				},
+			)
+		}
+	}
+
+	return tools.ToolConfiguration{
+		PatternsConfiguration: patterns,
+	}
+}
+
+// createDefaultTrivyConfigFile creates a default trivy.yaml configuration file
+func createDefaultTrivyConfigFile() error {
+	// Use empty tool configuration to get default settings
+	emptyConfig := tools.ToolConfiguration{}
+	content := tools.CreateTrivyConfig(emptyConfig)
+
+	// Write to file
+	return os.WriteFile("trivy.yaml", []byte(content), 0644)
+}

cmd/install.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	cfg "codacy/cli-v2/config"
-	"fmt"
 	"log"
 
 	"github.com/spf13/cobra"
@@ -33,18 +32,9 @@ func installRuntimes(config *cfg.ConfigType) {
 }
 
 func installTools(config *cfg.ConfigType) {
-	for _, tool := range config.Tools() {
-		switch tool.Name() {
-		case "eslint":
-			// eslint needs node runtime
-			nodeRuntime := config.Runtimes()["node"]
-			err := cfg.InstallEslint(nodeRuntime, tool, registry)
-			if err != nil {
-				fmt.Println(err.Error())
-				log.Fatal(err)
-			}
-		default:
-			log.Fatal("Unknown tool:", tool.Name())
-		}
+	// Use the new tools-installer instead of manual installation
+	err := cfg.InstallTools()
+	if err != nil {
+		log.Fatal(err)
 	}
-}
+}

config-file/configFile.go

@@ -36,12 +36,22 @@ func parseConfigFile(configContents []byte) error {
 		return err
 	}
 
+	// Convert the tool strings to ToolConfig objects
+	toolConfigs := make([]plugins.ToolConfig, 0, len(configFile.TOOLS))
 	for _, tl := range configFile.TOOLS {
 		ct, err := parseConfigTool(tl)
 		if err != nil {
 			return err
 		}
-		config.Config.AddTool(config.NewRuntime(ct.name, ct.version))
+		toolConfigs = append(toolConfigs, plugins.ToolConfig{
+			Name:    ct.name,
+			Version: ct.version,
+		})
+	}
+
+	// Add all tools at once
+	if err := config.Config.AddTools(toolConfigs); err != nil {
+		return err
 	}
 
 	return nil