diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fd2611da83..3dc8ff7224 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -384,6 +384,111 @@ jobs: working-directory: ./scanners/${{ matrix.unit }}/ run: make integration-tests + # ---- Makefiles Hooks ---- + + makefile-hooks: + name: "Make Hooks" + needs: + - sdk + - operator + runs-on: ubuntu-latest + strategy: + matrix: + unit: ["finding-post-processing"] + steps: + - name: Checkout + uses: actions/checkout@v2 + + - uses: actions/setup-node@v2 + name: Setup Node + with: + node-version: ${{ env. NODE_VERSION }} + + - name: Update NPM + run: | + npm i -g npm@${{ env.NPM_VERSION }} + npm i -g jest + + - name: Install Dependencies + working-directory: ./hooks/${{ matrix.unit }}/ + run: make install-deps + + - name: Unit Tests + working-directory: ./hooks/${{ matrix.unit }}/ + run: make unit-tests + + - name: Set baseImageTag To commit Hash + run: | + echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Docker Meta + id: docker_meta + uses: crazy-max/ghaction-docker-meta@v1 + with: + images: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.unit }} + tag-sha: true + tag-semver: | + {{ version }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + + - name: Build + uses: docker/build-push-action@v2 + with: + context: ./hooks/${{ matrix.unit }}/hook/ + file: ./hooks/${{ matrix.unit }}/hook/Dockerfile + load: true + build-args: | + namespace=${{ env.DOCKER_NAMESPACE }} + baseImageTag=${{ env.baseImageTag }} + platforms: linux/amd64 + push: ${{ github.event_name == 'release' }} + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + + - name: Export Docker Images + working-directory: ./hooks/${{ matrix.unit }}/ + run: make docker-export + + - name: "Start kind cluster" + run: | + kind version + kind create cluster --image kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 --wait 3m + + - name: "Inspect kind cluster" + run: | + kubectl config current-context + kubectl get node + + - name: Kind Import Images + working-directory: ./hooks/${{ matrix.unit }}/ + run: make kind-import + + - name: Install Operator + working-directory: ./operator + run: | + make helm-deploy + + - name: Deploy ${{ matrix.unit }} + working-directory: ./hooks/${{ matrix.unit }}/ + run: make deploy + + - name: Deploy Test Dependencies + working-directory: ./hooks/${{ matrix.unit }}/ + run: make deploy-test-deps + + - name: Start Integration Tests + working-directory: ./hooks/${{ matrix.unit }}/ + run: make integration-tests + + # ---- Build Stage | Matrix Hooks ---- hooks: @@ -394,7 +499,6 @@ jobs: matrix: hook: - cascading-scans - - finding-post-processing - generic-webhook - notification - persistence-elastic diff --git a/hooks/finding-post-processing/.helmignore b/hooks/finding-post-processing/.helmignore index de5512a97d..054f099509 100644 --- a/hooks/finding-post-processing/.helmignore +++ b/hooks/finding-post-processing/.helmignore @@ -33,4 +33,5 @@ config/* Dockerfile .dockerignore docs/ - +*.tar +hook/* diff --git a/hooks/finding-post-processing/Makefile b/hooks/finding-post-processing/Makefile new file mode 100644 index 0000000000..77aa5cd930 --- /dev/null +++ b/hooks/finding-post-processing/Makefile @@ -0,0 +1,112 @@ +#!/usr/bin/make -f +# +# SPDX-FileCopyrightText: 2021 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# This Makefile is intended to be used for developement and testing only. +# For using this hook/hook in production please use the helm chart. +# See: +# +# This Makefile expects some additional software to be installed: +# - git +# - node + npm +# - docker +# - kind +# - kubectl +# - helm + +# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile +EXECUTABLES = make docker kind git node npm npx kubectl helm +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH"))) + + +# Variables you might want to override: +# +# IMG_NS: Defines the namespace under which the images are build. +# For `securecodebox/hook-nmap` `securecodebox` is the namespace +# Defaults to `securecodebox` +# +# BASE_IMG_TAG: Defines the tag of the base image used to build this hook/hook +# +# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortend commit hash +# prefixed with `sha-` e.g. `sha-ef8de4b7` +# +# JEST_VERSION Defines the jest version used for executing the tests. Defaults to latest +# +# Examples: +# make all IMG_TAG=main +# make deploy IMG_TAG=$(git rev-parse --short HEAD) +# make integration-tests +# + +SHELL = /bin/sh + +IMG_NS ?= securecodebox +GIT_TAG ?= $$(git rev-parse --short HEAD) +BASE_IMG_TAG ?= latest +IMG_TAG ?= "sha-$(GIT_TAG)" +JEST_VERSION ?= latest + +hook = finding-post-processing +hook-prefix = hook- + + +build: | install-deps docker-build + +test: | unit-tests docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests + +all: | clean install-deps unit-tests docker-build docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests + +.PHONY: unit-tests install-deps docker-build docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests all build test + +unit-tests: + @echo ".: 🧪 Starting unit-tests for hook '$(hook)' with 'jest@$(JEST_VERSION)'." + cd hook && npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage . + +install-deps: + @echo ".: ⚙️ Installing all hook specific dependencies." + cd hook && npm ci + +docker-build: + @echo ".: ⚙️ Build With BASE_IMG_TAG: '$(BASE_IMG_TAG)'." + docker build --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(hook-prefix)$(hook):$(IMG_TAG) -f ./hook/Dockerfile ./hook + +docker-export: + @echo ".: ⚙️ Saving new docker image archive to '$(hook-prefix)$(hook).tar'." + docker save $(IMG_NS)/$(hook-prefix)$(hook):$(IMG_TAG) -o $(hook-prefix)$(hook).tar + +kind-import: + @echo ".: 💾 Importing the image archive '$(hook-prefix)$(hook).tar' to local kind cluster." + kind load image-archive ./$(hook-prefix)$(hook).tar + +deploy: + @echo ".: 💾 Deploying '$(hook)' hook HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install $(hook) ./ --wait \ + --values ./integration-tests/__testFiles__/values.yaml \ + --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)$(hook)" \ + --set="hook.image.tag=$(IMG_TAG)" + +deploy-test-deps: + @echo ".: 💾 Deploying test dependency HelmChart with the docker tag '$(BASE_IMG_TAG)' into kind namespace 'integration-tests'." + helm -n integration-tests upgrade --install test-scan ../../scanners/test-scan/ --wait \ + --set="scanner.image.tag=$(BASE_IMG_TAG)" \ + --set="parser.image.tag=$(BASE_IMG_TAG)" + +install-integration-test-deps: + +integration-tests: + @echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'." + kubectl -n integration-tests delete scans --all + cd ../../tests/integration && npm ci + npx jest --ci --config=./integration-tests/jest.config.json --colors --coverage ./integration-tests + +clean: + @echo ".: 🧹 Cleaning up all generated files." + rm -f ./$(hook-prefix)$(hook).tar + rm -rf ./hook/node_modules + rm -rf ./hook/coverage + rm -rf ./integration-tests/node_modules + rm -rf ./integration-tests/coverage diff --git a/hooks/finding-post-processing/hook/jest.config.json b/hooks/finding-post-processing/hook/jest.config.json new file mode 100644 index 0000000000..0967ef424b --- /dev/null +++ b/hooks/finding-post-processing/hook/jest.config.json @@ -0,0 +1 @@ +{} diff --git a/hooks/finding-post-processing/integration-tests/__testFiles__/values.yaml b/hooks/finding-post-processing/integration-tests/__testFiles__/values.yaml new file mode 100644 index 0000000000..a5554c847e --- /dev/null +++ b/hooks/finding-post-processing/integration-tests/__testFiles__/values.yaml @@ -0,0 +1,23 @@ +# SPDX-FileCopyrightText: 2020 iteratec GmbH +# +# SPDX-License-Identifier: Apache-2.0 + +# Default values for dispatcher. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + # image.tag - defaults to the charts version + # image.repository -- Hook image repository + repository: docker.io/securecodebox/finding-post-processing + # parserImage.tag -- Parser image tag + # @default -- defaults to the charts version + tag: null + +rules: + - matches: + anyOf: + - category: "Open Port" + override: + severity: "high" + category: "SomeNewCategory" diff --git a/tests/integration/hooks/finding-post-processing.test.js b/hooks/finding-post-processing/integration-tests/finding-post-processing.test.js similarity index 85% rename from tests/integration/hooks/finding-post-processing.test.js rename to hooks/finding-post-processing/integration-tests/finding-post-processing.test.js index d12c7a292f..7b720c84d5 100644 --- a/tests/integration/hooks/finding-post-processing.test.js +++ b/hooks/finding-post-processing/integration-tests/finding-post-processing.test.js @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -const { scan } = require("../helpers"); +const { scan } = require("../../../tests/integration/helpers.js"); jest.retryTimes(3); diff --git a/hooks/finding-post-processing/integration-tests/jest.config.json b/hooks/finding-post-processing/integration-tests/jest.config.json new file mode 100644 index 0000000000..0967ef424b --- /dev/null +++ b/hooks/finding-post-processing/integration-tests/jest.config.json @@ -0,0 +1 @@ +{}