Compare commits
3 Commits
8bcfb9c6f9
...
d9c972fcaf
| Author | SHA1 | Date | |
|---|---|---|---|
|
d9c972fcaf | ||
|
|
b03f2090d6 | ||
|
|
02f8d16e0b |
@@ -29,5 +29,5 @@ outputs:
|
||||
value: ${{ steps.run.outputs.result-file }}
|
||||
|
||||
runs:
|
||||
using: node24
|
||||
using: node20
|
||||
main: dist/index.js
|
||||
27571
docker-scout/dist/index.js
vendored
27571
docker-scout/dist/index.js
vendored
File diff suppressed because one or more lines are too long
74
docker-scout/package-lock.json
generated
74
docker-scout/package-lock.json
generated
@@ -1,74 +0,0 @@
|
||||
{
|
||||
"name": "docker-scout-action",
|
||||
"version": "1.0.0",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "docker-scout-action",
|
||||
"version": "1.0.0",
|
||||
"dependencies": {
|
||||
"@actions/core": "1.11.1",
|
||||
"@actions/exec": "1.1.1"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/core": {
|
||||
"version": "1.11.1",
|
||||
"resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
|
||||
"integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
|
||||
"dependencies": {
|
||||
"@actions/exec": "^1.1.1",
|
||||
"@actions/http-client": "^2.0.1"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/exec": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
|
||||
"integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
|
||||
"dependencies": {
|
||||
"@actions/io": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/http-client": {
|
||||
"version": "2.2.3",
|
||||
"resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
|
||||
"integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
|
||||
"dependencies": {
|
||||
"tunnel": "^0.0.6",
|
||||
"undici": "^5.25.4"
|
||||
}
|
||||
},
|
||||
"node_modules/@actions/io": {
|
||||
"version": "1.1.3",
|
||||
"resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
|
||||
"integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="
|
||||
},
|
||||
"node_modules/@fastify/busboy": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
|
||||
"integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
|
||||
"engines": {
|
||||
"node": ">=14"
|
||||
}
|
||||
},
|
||||
"node_modules/tunnel": {
|
||||
"version": "0.0.6",
|
||||
"resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz",
|
||||
"integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==",
|
||||
"engines": {
|
||||
"node": ">=0.6.11 <=0.7.0 || >=0.7.3"
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "5.29.0",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
|
||||
"integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
|
||||
"dependencies": {
|
||||
"@fastify/busboy": "^2.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=14.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,13 +1,17 @@
|
||||
{
|
||||
"name": "docker-scout-action",
|
||||
"name": "docker-scout",
|
||||
"version": "1.0.0",
|
||||
"description": "GitHub Action to check Docker vulnerabilities",
|
||||
"description": "",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"start": "node index.js"
|
||||
},
|
||||
"dependencies": {
|
||||
"@actions/core": "1.11.1",
|
||||
"@actions/exec": "1.1.1"
|
||||
}
|
||||
}
|
||||
"tunnel": "^0.0.6",
|
||||
"undici": "^5.29.0"
|
||||
},
|
||||
"devDependencies": {},
|
||||
"scripts": {
|
||||
"test": "node dist/index.js"
|
||||
},
|
||||
"keywords": [],
|
||||
"author": "",
|
||||
"license": "ISC"
|
||||
}
|
||||
|
||||
98
docker-scout/src/index.js
Normal file
98
docker-scout/src/index.js
Normal file
@@ -0,0 +1,98 @@
|
||||
const fs = require('fs');
|
||||
const os = require('os');
|
||||
const core = require('@actions/core');
|
||||
const exec = require('@actions/exec');
|
||||
const path = require('path');
|
||||
|
||||
async function pullDockerImage(version) {
|
||||
await core.group(`Pull docker/scout-cli image`, async () => {
|
||||
await exec.exec(`docker pull docker.io/docker/scout-cli:${version}`);
|
||||
});
|
||||
}
|
||||
|
||||
async function copyBinary(version) {
|
||||
await core.group(`Copy binary`, async () => {
|
||||
const res = await exec.getExecOutput('docker', ['create', `docker.io/docker/scout-cli:${version}`], {
|
||||
ignoreReturnCode: true
|
||||
});
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
const ctnid = res.stdout.trim();
|
||||
const dockerCfgPath = process.env.DOCKER_CONFIG || path.join(os.homedir(), '.docker');
|
||||
const pluginsPath = path.join(dockerCfgPath, 'cli-plugins');
|
||||
fs.mkdirSync(pluginsPath, { recursive: true });
|
||||
await exec.exec(`docker cp ${ctnid}:/docker-scout ${pluginsPath}`);
|
||||
await exec.exec(`docker rm -v ${ctnid}`);
|
||||
});
|
||||
}
|
||||
|
||||
async function dockerInfo() {
|
||||
await core.group(`Docker info`, async () => {
|
||||
await exec.exec(`docker info`);
|
||||
});
|
||||
}
|
||||
|
||||
/*
|
||||
async function getScoutVersion() {
|
||||
let version;
|
||||
await core.group(`Docker scout version`, async () => {
|
||||
const res = await exec.getExecOutput('docker', ['scout', 'version'], {
|
||||
ignoreReturnCode: true,
|
||||
silent: true
|
||||
});
|
||||
if (res.stderr.length > 0 && res.exitCode != 0) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
const matchVersion = res.stdout.trim().match(/version:\s(.*?)\s/);
|
||||
version = matchVersion ? matchVersion[1] : null;
|
||||
if (!version) {
|
||||
throw new Error('Failed to get Docker scout version');
|
||||
}
|
||||
core.info(version);
|
||||
});
|
||||
return version;
|
||||
}
|
||||
*/
|
||||
|
||||
async function runScoutCommand(commands, image, format, outputFile) {
|
||||
const resultPath = path.join(fs.mkdtempSync(path.join(os.tmpdir(), 'docker-scout-action-')), 'result.txt');
|
||||
core.setOutput('result-file', resultPath);
|
||||
|
||||
for (const cmd of commands) {
|
||||
if (outputFile) {
|
||||
const res = await exec.getExecOutput('docker', ['scout', cmd, image, '--format', format], { silent: true });
|
||||
if (res.stderr && res.stderr.length > 0) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
|
||||
fs.appendFile(resultPath, res.stdout);
|
||||
} else {
|
||||
await exec.exec('docker', ['scout', cmd, image, '--format', format]);
|
||||
}
|
||||
}
|
||||
return resultPath;
|
||||
}
|
||||
|
||||
async function main(inputs) {
|
||||
try {
|
||||
const commandInput = core.getInput('command');
|
||||
const commands = commandInput.split(',').map(cmd => cmd.trim()).filter(cmd => cmd.length > 0);
|
||||
const scoutVersion = core.getInput('version');
|
||||
const outputFormat = core.getInput('format');
|
||||
const imageName = core.getInput('image');
|
||||
const outputFile = core.getInput('output-file') === 'true';
|
||||
|
||||
await pullDockerImage(scoutVersion);
|
||||
await copyBinary(scoutVersion);
|
||||
await dockerInfo();
|
||||
//const version = await getScoutVersion();
|
||||
// TODO: cache binary (no changes per your request)
|
||||
await runScoutCommand(commands, imageName, outputFormat, outputFile);
|
||||
}
|
||||
catch (error) {
|
||||
core.setFailed(error.message);
|
||||
console.error(error);
|
||||
}
|
||||
}
|
||||
main()
|
||||
Reference in New Issue
Block a user