Skip to content

Commit f3ae428

Browse files
ivanstanevivanstanev
authored
Merge pull request #965 from snyk/chore/snyk-test
chore: run snyk test in CI pipeline
2 parents 46d7555 + d053613 commit f3ae428

File tree

3 files changed

+79
-21
lines changed

3 files changed

+79
-21
lines changed

.circleci/config.yml

Lines changed: 39 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -106,12 +106,24 @@ jobs:
106106
- install_python_requests
107107
- run:
108108
command: |
109-
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
110-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
111-
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
112-
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} &&
113-
docker push ${IMAGE_NAME_CANDIDATE}
109+
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
110+
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
111+
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
112+
name: Export environment variables
113+
- run:
114+
command: |
115+
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
116+
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
114117
name: Build image
118+
- snyk/scan:
119+
docker-image-name: ${IMAGE_NAME_CANDIDATE}
120+
monitor-on-build: false
121+
severity-threshold: high
122+
target-file: Dockerfile
123+
- run:
124+
command: |
125+
docker push ${IMAGE_NAME_CANDIDATE}
126+
name: Push image
115127
- run:
116128
command: |
117129
./scripts/slack/notify_failure_on_branch.py "${CIRCLE_BRANCH}" "${CIRCLE_JOB}" "${CIRCLE_BUILD_URL}" "${CIRCLE_PULL_REQUEST}" "${SLACK_WEBHOOK}"
@@ -610,18 +622,30 @@ jobs:
610622
- install_helm
611623
- run:
612624
command: |
613-
LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
614-
LATEST_TAG=${LATEST_TAG_WITH_V:1} &&
615-
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved &&
616-
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG} &&
625+
LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
626+
LATEST_TAG=${LATEST_TAG_WITH_V:1}
627+
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved
628+
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG}
629+
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
630+
echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV
631+
echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV
632+
name: Export environment variables
633+
- snyk/scan:
634+
monitor-on-build: true
635+
severity-threshold: high
636+
- snyk/scan:
637+
docker-image-name: ${IMAGE_NAME_APPROVED}
638+
monitor-on-build: true
639+
severity-threshold: high
640+
target-file: Dockerfile
641+
- run:
642+
command: |
617643
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
618644
docker pull ${IMAGE_NAME_APPROVED} &&
619645
docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} &&
620646
docker push ${IMAGE_NAME_PUBLISHED} &&
621647
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED} &&
622648
./scripts/publish-gh-pages.sh ${LATEST_TAG}
623-
# Preserve the latest tag for the next steps of this job
624-
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
625649
name: Publish
626650
- run:
627651
command: |
@@ -903,6 +927,9 @@ jobs:
903927
- checkout
904928
- setup_node16
905929
- install_python_requests
930+
- snyk/scan:
931+
monitor-on-build: false
932+
severity-threshold: high
906933
- run:
907934
command: |
908935
npm run build &&
@@ -929,6 +956,7 @@ orbs:
929956
aws-cli: circleci/[email protected]
930957
azure-cli: circleci/[email protected]
931958
redhat-openshift: circleci/[email protected]
959+
snyk: snyk/[email protected]
932960
staging_branch_only_filter:
933961
filters:
934962
branches:

.circleci/config/@config.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,8 @@
11
version: 2.1
22

3+
orbs:
4+
snyk: snyk/[email protected]
5+
36
staging_branch_only_filter: &staging_branch_only_filter
47
filters:
58
branches:

.circleci/config/jobs/@jobs.yml

Lines changed: 37 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,25 @@ build_image:
55
steps:
66
- checkout
77
- install_python_requests
8+
- run:
9+
name: Export environment variables
10+
command: |
11+
IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable")
12+
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1}
13+
echo "export IMAGE_NAME_CANDIDATE=$IMAGE_NAME_CANDIDATE" >> $BASH_ENV
814
- run:
915
name: Build image
1016
command: |
11-
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
12-
export IMAGE_TAG=$([[ "$CIRCLE_BRANCH" == "staging" ]] && echo "staging-candidate" || echo "discardable") &&
13-
IMAGE_NAME_CANDIDATE=snyk/kubernetes-monitor:${IMAGE_TAG}-${CIRCLE_SHA1} &&
14-
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE} &&
17+
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD}
18+
./scripts/docker/build-image.sh ${IMAGE_NAME_CANDIDATE}
19+
- snyk/scan:
20+
docker-image-name: ${IMAGE_NAME_CANDIDATE}
21+
severity-threshold: high
22+
target-file: Dockerfile
23+
monitor-on-build: false
24+
- run:
25+
name: Push image
26+
command: |
1527
docker push ${IMAGE_NAME_CANDIDATE}
1628
- run:
1729
name: Notify Slack on failure
@@ -108,6 +120,9 @@ unit_tests:
108120
- checkout
109121
- setup_node16
110122
- install_python_requests
123+
- snyk/scan:
124+
severity-threshold: high
125+
monitor-on-build: false
111126
- run:
112127
name: Unit tests
113128
command: |
@@ -397,21 +412,33 @@ publish:
397412
- setup_remote_docker
398413
- install_python_requests
399414
- install_helm
415+
- run:
416+
name: Export environment variables
417+
command: |
418+
LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}`
419+
LATEST_TAG=${LATEST_TAG_WITH_V:1}
420+
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved
421+
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG}
422+
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
423+
echo "export IMAGE_NAME_APPROVED=${IMAGE_NAME_APPROVED}" >> $BASH_ENV
424+
echo "export IMAGE_NAME_PUBLISHED=${IMAGE_NAME_PUBLISHED}" >> $BASH_ENV
425+
- snyk/scan:
426+
severity-threshold: high
427+
monitor-on-build: true
428+
- snyk/scan:
429+
docker-image-name: ${IMAGE_NAME_APPROVED}
430+
severity-threshold: high
431+
target-file: Dockerfile
432+
monitor-on-build: true
400433
- run:
401434
name: Publish
402435
command: |
403-
LATEST_TAG_WITH_V=`git describe --abbrev=0 --tags ${CIRCLE_SHA1}` &&
404-
LATEST_TAG=${LATEST_TAG_WITH_V:1} &&
405-
IMAGE_NAME_APPROVED=snyk/kubernetes-monitor:${LATEST_TAG}-approved &&
406-
IMAGE_NAME_PUBLISHED=snyk/kubernetes-monitor:${LATEST_TAG} &&
407436
docker login --username ${DOCKERHUB_USER} --password ${DOCKERHUB_PASSWORD} &&
408437
docker pull ${IMAGE_NAME_APPROVED} &&
409438
docker tag ${IMAGE_NAME_APPROVED} ${IMAGE_NAME_PUBLISHED} &&
410439
docker push ${IMAGE_NAME_PUBLISHED} &&
411440
./scripts/slack/notify_push.py ${IMAGE_NAME_PUBLISHED} &&
412441
./scripts/publish-gh-pages.sh ${LATEST_TAG}
413-
# Preserve the latest tag for the next steps of this job
414-
echo "export LATEST_TAG=${LATEST_TAG}" >> $BASH_ENV
415442
- run:
416443
name: Download operator-sdk
417444
command: |

0 commit comments

Comments
 (0)