Merge pull request 'Update dependency undici to v8' (#4) from renovate/undici-8.x into main

Reviewed-on: #4

docker-scout/action.yml

@@ -29,5 +29,5 @@ outputs:
     value: ${{ steps.run.outputs.result-file }}
 
 runs:
-  using: node24
+  using: node20
   main: dist/index.js

docker-scout/package-lock.json

@@ -1,74 +0,0 @@
-{
-  "name": "docker-scout-action",
-  "version": "1.0.0",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "name": "docker-scout-action",
-      "version": "1.0.0",
-      "dependencies": {
-        "@actions/core": "1.11.1",
-        "@actions/exec": "1.1.1"
-      }
-    },
-    "node_modules/@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "dependencies": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
-      }
-    },
-    "node_modules/@actions/exec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
-      "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "dependencies": {
-        "@actions/io": "^1.0.1"
-      }
-    },
-    "node_modules/@actions/http-client": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
-      "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
-      "dependencies": {
-        "tunnel": "^0.0.6",
-        "undici": "^5.25.4"
-      }
-    },
-    "node_modules/@actions/io": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
-      "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
-    },
-    "node_modules/@fastify/busboy": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
-      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
-      "engines": {
-        "node": ">=14"
-      }
-    },
-    "node_modules/tunnel": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
-      "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
-      "engines": {
-        "node": ">=0.6.11 <=0.7.0 || >=0.7.3"
-      }
-    },
-    "node_modules/undici": {
-      "version": "5.29.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
-      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
-      "dependencies": {
-        "@fastify/busboy": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=14.0"
-      }
-    }
-  }
-}

docker-scout/package.json

@@ -1,13 +1,17 @@
 {
-  "name": "docker-scout-action",
+  "name": "docker-scout",
   "version": "1.0.0",
-  "description": "GitHub Action to check Docker vulnerabilities",
+  "description": "",
   "main": "index.js",
-  "scripts": {
-    "start": "node index.js"
-  },
   "dependencies": {
-    "@actions/core": "1.11.1",
+    "tunnel": "^0.0.6",
-    "@actions/exec": "1.1.1"
+    "undici": "^8.0.0"
-  }
+  },
-}
+  "devDependencies": {},
+  "scripts": {
+    "test": "node dist/index.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC"
+}

docker-scout/src/index.js

@@ -0,0 +1,102 @@
+const fs = require('fs');
+const os = require('os');
+const core = require('@actions/core');
+const exec = require('@actions/exec');
+const path = require('path');
+
+async function pullDockerImage(version) {
+    await core.group(`Pull docker/scout-cli image`, async () => {
+        await exec.exec(`docker pull docker.io/docker/scout-cli:${version}`);
+    });
+}
+
+async function copyBinary(version) {
+    await core.group(`Copy binary`, async () => {
+        const res = await exec.getExecOutput('docker', ['create', `docker.io/docker/scout-cli:${version}`], {
+        ignoreReturnCode: true
+        });
+        if (res.stderr.length > 0 && res.exitCode != 0) {
+        throw new Error(res.stderr);
+        }
+        const ctnid = res.stdout.trim();
+        const dockerCfgPath = process.env.DOCKER_CONFIG || path.join(os.homedir(), '.docker');
+        const pluginsPath = path.join(dockerCfgPath, 'cli-plugins');
+        fs.mkdirSync(pluginsPath, { recursive: true });
+        await exec.exec(`docker cp ${ctnid}:/docker-scout ${pluginsPath}`);
+        await exec.exec(`docker rm -v ${ctnid}`);
+    });
+}
+
+async function dockerInfo() {
+    await core.group(`Docker info`, async () => {
+        await exec.exec(`docker info`);
+    });
+}
+
+/*
+async function getScoutVersion() {
+    let version;
+    await core.group(`Docker scout version`, async () => {
+        const res = await exec.getExecOutput('docker', ['scout', 'version'], {
+        ignoreReturnCode: true,
+        silent: true
+        });
+        if (res.stderr.length > 0 && res.exitCode != 0) {
+        throw new Error(res.stderr);
+        }
+        const matchVersion = res.stdout.trim().match(/version:\s(.*?)\s/);
+        version = matchVersion ? matchVersion[1] : null;
+        if (!version) {
+        throw new Error('Failed to get Docker scout version');
+        }
+        core.info(version);
+    });
+    return version;
+}
+*/
+
+async function runScoutCommand(commands, image, format, outputFile) {
+    const resultPath = path.join(fs.mkdtempSync(path.join(os.tmpdir(), 'docker-scout-action-')), 'result.txt');
+    core.setOutput('result-file', resultPath);
+
+    for (const cmd of commands) {
+        const args = ['scout', cmd, image];
+        if (cmd == 'cves') {
+            args.push('--format', format);
+        }
+
+        if (outputFile) {
+            const res = await exec.getExecOutput('docker', args, { silent: true });
+            if (res.stderr && res.stderr.length > 0) {
+                throw new Error(res.stderr);
+            }
+            fs.appendFile(resultPath, res.stdout);
+        } else {
+            await exec.exec('docker', args);
+        }
+    }
+    return resultPath;
+}
+
+async function main(inputs) {
+    try {
+        const commandInput = core.getInput('command');
+        const commands = commandInput.split(',').map(cmd => cmd.trim()).filter(cmd => cmd.length > 0);
+        const scoutVersion = core.getInput('version');
+        const outputFormat = core.getInput('format');
+        const imageName = core.getInput('image');
+        const outputFile = core.getInput('output-file') === 'true';
+
+        await pullDockerImage(scoutVersion);
+        await copyBinary(scoutVersion);
+        await dockerInfo();
+        //const version = await getScoutVersion();
+        // TODO: cache binary (no changes per your request)
+        await runScoutCommand(commands, imageName, outputFormat, outputFile);
+    }
+    catch (error) {
+        core.setFailed(error.message);
+        console.error(error);
+    }
+}
+main()

renovate.json

@@ -0,0 +1,3 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+}