Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use latest nancy #9

Merged
merged 28 commits into from Feb 19, 2021
Merged

Use latest nancy #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
a11a2f7
add nancyVersion input and pass as env var to docker
bhamail Feb 17, 2021
70757a2
debug info
bhamail Feb 17, 2021
c395e69
input syntax
bhamail Feb 17, 2021
b09e439
input syntax with INPUT_ prefix
bhamail Feb 17, 2021
711ab1f
extract install stuff to script
bhamail Feb 17, 2021
19f1000
debug info
bhamail Feb 17, 2021
38c2483
try removing shebang from install script
bhamail Feb 17, 2021
d4b95c6
add alpine shebang for ash
bhamail Feb 17, 2021
d1fbb05
add alpine shebang for ash
bhamail Feb 17, 2021
8dcf85e
add full bash
bhamail Feb 17, 2021
ce1f48d
guard against missing desired version
bhamail Feb 17, 2021
005dee4
try passing desired version to script
bhamail Feb 17, 2021
bc6b753
move nancy install logic to entrypoint.sh
bhamail Feb 17, 2021
66d9163
debug info
bhamail Feb 17, 2021
3df7026
debug info
bhamail Feb 17, 2021
d1a5362
fix path to script
bhamail Feb 17, 2021
889730e
fun with version prefix
bhamail Feb 17, 2021
bc8c847
detect malformed version string
bhamail Feb 17, 2021
0a08113
remove bash update
bhamail Feb 17, 2021
7c465c6
use validation of version string that works under alpine
bhamail Feb 17, 2021
d30889e
cleanup
bhamail Feb 17, 2021
c932533
quieter install
bhamail Feb 18, 2021
72baabb
decrease apk output
bhamail Feb 18, 2021
e803b70
decrease apk add progress output
bhamail Feb 18, 2021
3c51a0e
newer alpine image
bhamail Feb 18, 2021
2c57b6e
try something
bhamail Feb 18, 2021
3d59cda
no change, revert
bhamail Feb 18, 2021
f6053c2
use amd64 binary (Pi should get there soon)
bhamail Feb 19, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
13 changes: 8 additions & 5 deletions Dockerfile
View file
Open in desktop
Expand Up @@ -12,15 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM alpine:3.12
FROM alpine:3.13

LABEL com.github.actions.name="Nancy for GitHub Actions" \
com.github.actions.description="Run Sonatype Nancy as part of your GitHub Actions workflow."

RUN apk add --no-cache curl && \
curl -L -o nancy.apk \
https://github.com/sonatype-nexus-community/nancy/releases/download/v1.0.0/nancy_1.0.0_linux_386.apk && \
apk add --no-cache --allow-untrusted nancy.apk
# required to fetch nancy.apk via curl
RUN apk add --no-cache curl

# required to get grep that supports -P option
RUN apk add --no-cache --upgrade grep
Comment on lines +21 to +24
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a major thing, but I think a good idea in general is to clean up after yourself, so maybe delete these packages unless they are needed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the upgraded grep must stick around because it is used later when running the docker image (to detect the "latest" version).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that makes sense. I'd ditch curl maybe unless you need it? It's not a huge deal but I personally love leaving the environment as pristine as possible.


COPY install-nancy.sh /install-nancy.sh

COPY entrypoint.sh /entrypoint.sh

Expand Down
11 changes: 9 additions & 2 deletions README.md
View file
Open in desktop
Expand Up @@ -31,7 +31,7 @@ For example: `sleuth --loud`

The example below only requires `go` be installed in order to generate the `go.list` file.
You could instead have some other part of the CI build generate that file for use by `nancy`.
```
```yaml
name: Go Nancy

on: [push]
Expand All @@ -54,6 +54,13 @@ jobs:
uses: sonatype-nexus-community/nancy-github-action@main
```

The snippet below shows how to use a specific version of Nancy (rather than the latest)
```yaml
- name: Scan with specific Nancy version
uses: sonatype-nexus-community/nancy-github-action@use_latest_nancy
with:
nancyVersion: "v1.0.6"
```
## Development

I found it useful to leverage the [act](https://github.com/nektos/act) project while developing
Expand All @@ -62,7 +69,7 @@ of that branch. For example, a [test project](https://github.com/bhamail/nancy-g
Notice the commit hash `950a8965cd37d8e14aaa6aebd6c0d71b4da71fa3` used below in the `Scan` step to run the
development branch.

```
```yaml
name: Go

on:
Expand Down
4 changes: 4 additions & 0 deletions action.yml
View file
Open in desktop
Expand Up @@ -2,6 +2,10 @@ name: 'Nancy for GitHub Actions'
author: 'Sonatype'
description: 'Run Sonatype Nancy as part of your GitHub Actions workflow.'
inputs:
nancyVersion:
description: 'The version of Nancy to run. Examples: "latest", "v1.0.15" See: https://github.com/sonatype-nexus-community/nancy/releases for available versions.'
required: true
default: 'latest'
goListFile:
description: 'The path to a file containing the output of a "go list ..." command.'
required: false
Expand Down
3 changes: 3 additions & 0 deletions entrypoint.sh
View file
Open in desktop
Expand Up @@ -14,4 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# INPUT_NANCYVERSION env var is set automagically to the value of inputs.nancyVersion
bhamail marked this conversation as resolved.
Show resolved Hide resolved
/install-nancy.sh $INPUT_NANCYVERSION

nancy $2 < $1
33 changes: 33 additions & 0 deletions install-nancy.sh
View file
Open in desktop
@@ -0,0 +1,33 @@
#!/bin/sh

# Copyright (c) 2019-present Sonatype, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

desiredVersion="$1"
echo "desired nancy version: ${desiredVersion}"
if [ -z "$desiredVersion" ]; then
>&2 echo "must specify a desiredVersion, like: latest or v1.0.15"
exit 1
elif [[ ${desiredVersion} == "latest" ]]; then
latest_version_is=$(curl --fail -s https://api.github.com/repos/sonatype-nexus-community/nancy/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
desiredVersion=${latest_version_is}
elif [[ ${desiredVersion:0:1} != "v" ]]; then
>&2 echo "specific nancy version (${desiredVersion}) must start with v, like: v1.0.15"
exit 1
fi
# installer filename excludes v from version
sourceUrl="https://github.com/sonatype-nexus-community/nancy/releases/download/${desiredVersion}/nancy_${desiredVersion:1}_linux_amd64.apk"
echo "installing nancy via ${sourceUrl}"
curl --fail -L -o nancy.apk ${sourceUrl}
apk add --no-progress --quiet --no-cache --allow-untrusted nancy.apk