Skip to content

Commit cb1ca95

Browse files
ivanstanevivanstanev
committed
chore: run snyk test in CI pipeline
1 parent 46d7555 commit cb1ca95

File tree

3 files changed

+43
-9
lines changed

3 files changed

+43
-9
lines changed

.circleci/config.yml

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -106,12 +106,24 @@ jobs:
106106
- install_python_requests
107107
- run:
108108
command: |
109-
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
110-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
111-
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
112-
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} &&
113-
docker push ${IMAGE_NAME_CANDIDATE}
109+
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
110+
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
111+
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
112+
name: Export environment variables
113+
- run:
114+
command: |
115+
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
116+
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
114117
name: Build image
118+
- snyk/scan:
119+
docker-image-name: ${IMAGE_NAME_CANDIDATE}
120+
monitor-on-build: false
121+
severity-threshold: high
122+
target-file: Dockerfile
123+
- run:
124+
command: |
125+
docker push ${IMAGE_NAME_CANDIDATE}
126+
name: Push image
115127
- run:
116128
command: |
117129
./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
@@ -903,6 +915,9 @@ jobs:
903915
- checkout
904916
- setup_node16
905917
- install_python_requests
918+
- snyk/scan:
919+
monitor-on-build: false
920+
severity-threshold: high
906921
- run:
907922
command: |
908923
npm run build &&
@@ -929,6 +944,7 @@ orbs:
929944
aws-cli: circleci/[email protected]
930945
azure-cli: circleci/[email protected]
931946
redhat-openshift: circleci/[email protected]
947+
snyk: snyk/[email protected]
932948
staging_branch_only_filter:
933949
filters:
934950
branches:

.circleci/config/@config.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
version: 2.1
22

3+
orbs:
4+
snyk: snyk/[email protected]
5+
36
staging_branch_only_filter: &staging_branch_only_filter
47
filters:
58
branches:

.circleci/config/jobs/@jobs.yml

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,25 @@ build_image:
55
steps:
66
- checkout
77
- install_python_requests
8+
- run:
9+
name: Export environment variables
10+
command: |
11+
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
12+
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
13+
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
814
- run:
915
name: Build image
1016
command: |
11-
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
12-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
13-
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
14-
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} &&
17+
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
18+
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
19+
- snyk/scan:
20+
docker-image-name: ${IMAGE_NAME_CANDIDATE}
21+
severity-threshold: high
22+
target-file: Dockerfile
23+
monitor-on-build: false
24+
- run:
25+
name: Push image
26+
command: |
1527
docker push ${IMAGE_NAME_CANDIDATE}
1628
- run:
1729
name: Notify Slack on failure
@@ -108,6 +120,9 @@ unit_tests:
108120
- checkout
109121
- setup_node16
110122
- install_python_requests
123+
- snyk/scan:
124+
severity-threshold: high
125+
monitor-on-build: false
111126
- run:
112127
name: Unit tests
113128
command: |

0 commit comments

Comments
 (0)