diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5c41051388..94e05f1097 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -30,7 +30,7 @@ env: # renovate: datasource=github-releases depName=helm-unittest/helm-unittest HELM_PLUGIN_UNITTEST_VERSION: "1.0.3" # renovate: datasource=github-releases depName=go-task/task - TASK_VERSION: "v3.48.0" + TASK_VERSION: "3.48.0" jobs: test-nodejs-scanner-test-helpers: @@ -50,7 +50,7 @@ jobs: working-directory: tests/integration run: bun test helpers.test.js k8s-setup: - name: "Setup Kind & Kubectl & Helm & Task" + name: "Setup Kind & Kubectl & Helm" runs-on: ubuntu-24.04 steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -71,12 +71,6 @@ jobs: tar -xzf ./helm.tar.gz chmod +x ./linux-amd64/helm - - name: Install Task - run: | - curl -Lo ./task.tar.gz https://github.com/go-task/task/releases/download/${{ env.TASK_VERSION }}/task_linux_amd64.tar.gz - tar -xzf ./task.tar.gz - chmod +x ./task - - name: Archive Kind uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: @@ -95,12 +89,6 @@ jobs: name: helm path: ./linux-amd64/helm - - name: Archive Task - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 - with: - name: task - path: ./task - # ---- Unit-Test ---- # ---- Unit-Test | Java ---- @@ -112,6 +100,12 @@ jobs: - k8s-setup steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Download Helm uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: @@ -128,17 +122,7 @@ jobs: - name: Install Helm Unit Test Plugin run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }} --verify=false - - - name: Download Task - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 - with: - name: task - path: ./task - - - name: Make Task globally available - run: | - chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version ${{ env.HELM_PLUGIN_UNITTEST_VERSION }} --verify=false - name: Helm-Chart Unit Tests run: task test:helm:all @@ -193,6 +177,11 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Go Setup uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: @@ -206,15 +195,15 @@ jobs: - name: Test working-directory: ./operator - run: make test + run: task test - name: Build Container Image working-directory: ./operator - run: make docker-build + run: task docker-build - name: Export Container Image working-directory: ./operator - run: make docker-export-${{ matrix.component }} + run: task docker-export-${{ matrix.component }} - name: Upload Image As Artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 @@ -232,6 +221,11 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Go Setup uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: @@ -245,15 +239,15 @@ jobs: - name: Test working-directory: ./auto-discovery/kubernetes/ - run: make test + run: task test - name: Build Container Image working-directory: ./auto-discovery/kubernetes/ - run: make docker-build + run: task docker-build - name: Export Container Image working-directory: ./auto-discovery/kubernetes/ - run: make docker-export + run: task docker-export - name: Upload Image As Artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 @@ -283,15 +277,10 @@ jobs: go fmt ./... go vet ./... - - name: Download Task - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 with: - name: task - path: ./task - - - name: Make Task globally available - run: | - chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task + version: ${{ env.TASK_VERSION }} - name: Download Kind uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 @@ -365,6 +354,11 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Go Setup uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: @@ -378,15 +372,15 @@ jobs: - name: Test working-directory: ./auto-discovery/cloud-aws/ - run: make test + run: task test - name: Build Container Image working-directory: ./auto-discovery/cloud-aws/ - run: make docker-build + run: task docker-build - name: Export Container Image working-directory: ./auto-discovery/cloud-aws/ - run: make docker-export + run: task docker-export - name: Upload Image As Artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 @@ -409,13 +403,18 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Build Image working-directory: ./${{ matrix.sdk }}/nodejs - run: make docker-build-sdk + run: task docker-build - name: Export Image working-directory: ./${{ matrix.sdk }}/nodejs - run: make docker-export-sdk + run: task docker-export - name: Upload Artifact uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 @@ -462,15 +461,10 @@ jobs: - name: Install bun uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2 - - name: Download Task - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 with: - name: task - path: ./task - - - name: Make Task globally available - run: | - chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task + version: ${{ env.TASK_VERSION }} - name: Download Kind uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 @@ -621,15 +615,10 @@ jobs: - name: Install bun uses: oven-sh/setup-bun@3d267786b128fe76c2f16a390aa2448b815359f3 # v2.1.2 - - name: Download Task - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 with: - name: task - path: ./task - - - name: Make Task globally available - run: | - chmod +x ./task/task && sudo mv ./task/task /usr/local/bin/task + version: ${{ env.TASK_VERSION }} - name: Download Kind uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 diff --git a/.github/workflows/helm-docs.yaml b/.github/workflows/helm-docs.yaml index 760fe7f8cd..d78ddce7ac 100644 --- a/.github/workflows/helm-docs.yaml +++ b/.github/workflows/helm-docs.yaml @@ -14,6 +14,10 @@ on: permissions: contents: write +env: + # renovate: datasource=github-releases depName=go-task/task + TASK_VERSION: "v3.48.0" + jobs: helm-docs: runs-on: ubuntu-24.04 @@ -34,6 +38,11 @@ jobs: git_committer_name: secureCodeBoxBot git_committer_email: securecodebox@iteratec.com + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Download Helm Docs run: | mkdir helm-docs @@ -51,21 +60,21 @@ jobs: - name: Generate README run: | - make readme + task readme - name: Generate Demo Target Docs - run: make demo-target-docs + run: task demo-target-docs - name: Generate Hooks Docs - run: make hook-docs + run: task hook-docs - name: Generate Scanner Docs - run: make scanner-docs + run: task scanner-docs - name: Generate Operator Docs - run: make operator-docs + run: task operator-docs - name: Generate AutoDiscovery Docs - run: make auto-discovery-docs + run: task auto-discovery-docs - name: Remove Helm Docs Files run: | diff --git a/.github/workflows/scb-bot.yaml b/.github/workflows/scb-bot.yaml index b4550052a2..22d033cda2 100644 --- a/.github/workflows/scb-bot.yaml +++ b/.github/workflows/scb-bot.yaml @@ -23,6 +23,10 @@ permissions: contents: write pull-requests: write +env: + # renovate: datasource=github-releases depName=go-task/task + TASK_VERSION: "v3.48.0" + jobs: version-compare: runs-on: ubuntu-24.04 @@ -149,6 +153,11 @@ jobs: cmd: yq e --inplace '.appVersion = "${{env.release}}"' ./scanners/${{ matrix.scanner }}/Chart.yaml # Updating Helm Docs + - name: Install Task + uses: go-task/setup-task@83d4977c2df5fa410d8f7cff05d3e1d14d79ff41 # v1 + with: + version: ${{ env.TASK_VERSION }} + - name: Download Helm Docs run: | mkdir helm-docs @@ -165,22 +174,22 @@ jobs: sudo mv helm-docs /usr/local/bin/helm-docs - name: Generate README - run: make readme + run: task readme - name: Generate Demo Target Docs - run: make demo-target-docs + run: task demo-target-docs - name: Generate Hooks Docs - run: make hook-docs + run: task hook-docs - name: Generate Scanner Docs - run: make scanner-docs + run: task scanner-docs - name: Generate Operator Docs - run: make operator-docs + run: task operator-docs - name: Generate AutoDiscovery Docs - run: make auto-discovery-docs + run: task auto-discovery-docs - name: Remove Helm Docs Files run: | diff --git a/.templates/new-scanner/Taskfile.yaml b/.templates/new-scanner/Taskfile.yaml index 9944d77f99..f3504e3f65 100644 --- a/.templates/new-scanner/Taskfile.yaml +++ b/.templates/new-scanner/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/Makefile b/Makefile deleted file mode 100644 index a2341a4b90..0000000000 --- a/Makefile +++ /dev/null @@ -1,122 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -include ./prerequisites.mk -include ./env-paths.mk - -all: help - -.PHONY: npm-ci-all -npm-ci-all: ## Runs npm ci in all node module subfolders. - @echo "Installing all NPM dependencies" - @"$(BIN_DIR)/npm-ci-all.sh" - -.PHONY: npm-test-all -npm-test-all: ## Runs all Jest based test suites. - npm test -- --ci --colors --coverage --testPathIgnorePatterns /integration-tests/ - -.PHONY: test-all -test-all: install-operator install-sdks ## Runs all makefile based test suites (unit + integration Tests). - @echo "Running make test for all scanner and hook modules..." - @for dir in $(SCANNERS_TEST_LIST) $(HOOKS_TEST_LIST); do \ - echo "๐Ÿงช Test Suite for $${dir}" && cd $$(dirname $$dir) && $(MAKE) -s test || exit 1; \ - done - -.PHONY: install-operator -install-operator: ## Install the operator for makefile based testing. - @echo "Installing the operator for makefile based testing..." - cd "$(OPERATOR_DIR)" && $(MAKE) -s docker-build docker-export kind-import helm-deploy - -.PHONY: install-sdks -install-sdks: ## Install the SDKs for makefile based testing. - @echo "Installing the SDKs (parser, hooks) for makefile based testing..." - cd "$(PARSER_SDK_DIR)" && $(MAKE) -s docker-build - cd "$(HOOK_SDK_DIR)" && $(MAKE) -s docker-build - -.PHONY: readme -readme: ## Generate README.md based on Chart.yaml and template. - "$(BIN_DIR)/generate-helm-docs.sh" --readme $(PROJECT_DIR) $(HELM_DOCS_DIR) - -.PHONY: hook-docs -hook-docs: ## Generate documentation for hooks. - @for chart in $(HOOKS_CHART_LIST); do \ - "$(BIN_DIR)/generate-helm-docs.sh" --hook "$${chart}" "$(HELM_DOCS_DIR)"; \ - done - -.PHONY: scanner-docs -scanner-docs: ## Generate documentation for scanners. - @for chart in $(SCANNERS_CHART_LIST); do \ - "$(BIN_DIR)/generate-helm-docs.sh" --scanner "$${chart}" "$(HELM_DOCS_DIR)"; \ - done - -.PHONY: operator-docs -operator-docs: ## Generate documentation for the operator. - "$(BIN_DIR)/generate-helm-docs.sh" --operator "$(OPERATOR_DIR)/Chart.yaml" "$(HELM_DOCS_DIR)" - -.PHONY: auto-discovery-docs -auto-discovery-docs: ## Generate documentation for the auto-discovery. - "$(BIN_DIR)/generate-helm-docs.sh" --operator "$(AUTO_DISCOVERY_DIR)/cloud-aws/Chart.yaml" "$(HELM_DOCS_DIR)" - "$(BIN_DIR)/generate-helm-docs.sh" --operator "$(AUTO_DISCOVERY_DIR)/kubernetes/Chart.yaml" "$(HELM_DOCS_DIR)" - -.PHONY: demo-target-docs -demo-target-docs: ## Generate documentation for demo targets. - @for chart in $(DEMO_TARGETS_CHART_LIST); do \ - "$(BIN_DIR)/generate-helm-docs.sh" --demo-target "$${chart}" "$(HELM_DOCS_DIR)"; \ - done - -.PHONY: docs -docs: readme hook-docs scanner-docs operator-docs auto-discovery-docs demo-target-docs ## Generate all documentation. - -.PHONY: create-new-scanner -create-new-scanner: ## Creates templates for a new scanner, pass NAME=NEW-SCANNER to this target. -ifndef NAME - $(error Scanner name not defined, please provide via make create-new-scanner NAME=NEW-SCANNER) -endif - rm -rf "$(SCANNERS_DIR)/$(NAME)" - cp -r "$(TEMPLATES_DIR)/new-scanner/" "$(SCANNERS_DIR)/$(NAME)" - find "$(SCANNERS_DIR)/$(NAME)" -type f ! -name tmp \ - -exec sed -n "s/new-scanner/$(NAME)/g;w $(SCANNERS_DIR)/$(NAME)/tmp" {} \; \ - -exec mv "$(SCANNERS_DIR)/$(NAME)/tmp" {} \; - mv "$(SCANNERS_DIR)/$(NAME)/templates/new-scanner-parse-definition.yaml" \ - "$(SCANNERS_DIR)/$(NAME)/templates/$(NAME)-parse-definition.yaml" - mv "$(SCANNERS_DIR)/$(NAME)/templates/new-scanner-scan-type.yaml" \ - "$(SCANNERS_DIR)/$(NAME)/templates/$(NAME)-scan-type.yaml" - -.PHONY: test-scanner -test-scanner: ## Shorthand to test a scanner w/o changing in its subdirectory. -ifndef NAME - $(error Scanner name not defined, please provide via make test-scanner NAME=SCANNER_NAME) -endif - $(MAKE) test -C $(SCANNERS_DIR)/$(NAME) - -.PHONY: test-hook -test-hook: ## Shorthand to test a hook w/o changing in its subdirectory. -ifndef NAME - $(error Hook name not defined, please provide via make test-hook NAME=HOOK_NAME) -endif - $(MAKE) test -C $(HOOKS_DIR)/$(NAME) - -.PHONY: lint -lint: ## Lint only changed files with respect to main branch - npx mega-linter-runner - @printf "\033[36m\n\n\nThe generated reports can be found under ./report/linters_logs/ \n\n\033[0m" - -.PHONY: lintfix -lintfix: ## Lint only changed files with respect to main branch and apply automatic fixes if possible - npx mega-linter-runner --fix - @printf "\033[36m\n\n\nThe generated reports can be found under ./report/linters_logs/ \n\n\033[0m" - -.PHONY: lintall -lintall: ## Lint complete repo - npx mega-linter-runner --env VALIDATE_ALL_CODEBASE=true - @printf "\033[36m\n\n\nThe generated reports can be found under ./report/linters_logs/ \n\n\033[0m" - -.PHONY: help -help: ## Display this help screen. - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ - awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' - -.PHONY: scbctl -scbctl: ## Build scbctl cli tool - cd scbctl && go build -o scbctl main.go diff --git a/Taskfile.yaml b/Taskfile.yaml index fe4fc68f80..d4c7d1ba03 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -2,50 +2,68 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" env: IMG_NS: securecodebox IMG_TAG: sh: 'echo "sha-$(git rev-parse --short HEAD)"' +vars: + SCANNERS_DIR: '{{ .TASKFILE_DIR }}/scanners' + HOOKS_DIR: '{{ .TASKFILE_DIR }}/hooks' + DEMO_TARGETS_DIR: '{{ .TASKFILE_DIR }}/demo-targets' + OPERATOR_DIR: '{{ .TASKFILE_DIR }}/operator' + PARSER_SDK_DIR: '{{ .TASKFILE_DIR }}/parser-sdk/nodejs' + HOOK_SDK_DIR: '{{ .TASKFILE_DIR }}/hook-sdk/nodejs' + AUTO_DISCOVERY_DIR: '{{ .TASKFILE_DIR }}/auto-discovery' + HELM_DOCS_DIR: '{{ .TASKFILE_DIR }}/.helm-docs' + TEMPLATES_DIR: '{{ .TASKFILE_DIR }}/.templates' + BIN_DIR: '{{ .TASKFILE_DIR }}/bin' + tasks: create-kind-cluster: + run: once cmds: - 'echo "Starting kind cluster for testing environment"' - kind create cluster --name testing-env status: - - kind get clusters | grep testing-env || exit 1 + - kind get clusters | grep -q testing-env build-operator-image: + run: once cmds: - 'echo "Building operator image with tag ${IMG_TAG}"' - docker build -t ${IMG_NS}/operator:${IMG_TAG} {{ .TASKFILE_DIR }}/operator status: - - docker images | grep "${IMG_NS}/operator" | grep "${IMG_TAG}" + - docker images | grep -q "${IMG_NS}/operator:${IMG_TAG}" build-lurker-image: + run: once cmds: - 'echo "Building lurker image with tag ${IMG_TAG}"' - docker build -t ${IMG_NS}/lurker:${IMG_TAG} {{ .TASKFILE_DIR }}/lurker status: - - docker images | grep "${IMG_NS}/lurker" | grep "${IMG_TAG}" + - docker images | grep -q "${IMG_NS}/lurker:${IMG_TAG}" load-operator-image: + run: once deps: [build-operator-image] cmds: - kind load docker-image ${IMG_NS}/operator:${IMG_TAG} --name testing-env status: - - kind get images --name testing-env | grep "${IMG_NS}/operator:${IMG_TAG}" || exit 1 + - kind get images --name testing-env | grep -q "${IMG_NS}/operator:${IMG_TAG}" load-lurker-image: + run: once deps: [build-lurker-image] cmds: - kind load docker-image ${IMG_NS}/lurker:${IMG_TAG} --name testing-env status: - - kind get images --name testing-env | grep "${IMG_NS}/lurker:${IMG_TAG}" || exit 1 + - kind get images --name testing-env | grep -q "${IMG_NS}/lurker:${IMG_TAG}" deploy-operator: + run: once deps: [load-operator-image, load-lurker-image] cmds: - 'echo "Deploying secureCodeBox operator to the testing environment"' @@ -60,21 +78,23 @@ tasks: --set="lurker.image.tag=${IMG_TAG}" \ --set="lurker.image.pullPolicy=IfNotPresent" status: - - kubectl get deployment -n securecodebox-system securecodebox-controller-manager | grep "1/1" || false + - kubectl get deployment -n securecodebox-system securecodebox-controller-manager | grep -q "1/1" build-parser-sdk-image: + run: once cmds: - 'echo "Building parser-sdk images with tag ${IMG_TAG}"' - docker build -t securecodebox/parser-sdk-nodejs:${IMG_TAG} {{ .TASKFILE_DIR }}/parser-sdk/nodejs status: - - docker images | grep "securecodebox/parser-sdk-nodejs" | grep "${IMG_TAG}" + - docker images | grep -q "securecodebox/parser-sdk-nodejs:${IMG_TAG}" build-hook-sdk-image: + run: once cmds: - 'echo "Building hook-sdk images with tag ${IMG_TAG}"' - docker build -t securecodebox/hook-sdk-nodejs:${IMG_TAG} {{ .TASKFILE_DIR }}/hook-sdk/nodejs status: - - docker images | grep "securecodebox/hook-sdk-nodejs" | grep "${IMG_TAG}" + - docker images | grep -q "securecodebox/hook-sdk-nodejs:${IMG_TAG}" prepare-testing-env: desc: "Prepare the testing environment by running all required tasks" @@ -101,10 +121,115 @@ tasks: interactive: true test:helm:all: + desc: "Run helm unit tests for all charts in the project" + preconditions: + - msg: "Helm unittest plugin is not installed. Install it from https://github.com/helm-unittest/helm-unittest/" + sh: "helm plugin list | grep -q 'unittest' || false" + vars: + CHARTS: + sh: find {{ .TASKFILE_DIR }} -name "Chart.yaml" -exec dirname {} \; + cmds: + - for: { var: CHARTS } + cmd: helm unittest "{{ .ITEM }}" + + npm-ci-all: + desc: "Install all NPM dependencies across the project" + cmds: + - 'echo "Installing all NPM dependencies"' + - '{{ .BIN_DIR }}/npm-ci-all.sh' + + npm-test-all: + desc: "Run all Jest based test suites" + cmds: + - npm test -- --ci --colors --coverage --testPathIgnorePatterns /integration-tests/ + + readme: + desc: "Generate README.md based on Chart.yaml and template" + cmds: + - '{{ .BIN_DIR }}/generate-helm-docs.sh --readme {{ .TASKFILE_DIR }} {{ .HELM_DOCS_DIR }}' + + hook-docs: + desc: "Generate documentation for all hooks" + vars: + CHARTS: + sh: find {{ .HOOKS_DIR }} -maxdepth 2 -name "Chart.yaml" + cmds: + - for: { var: CHARTS } + cmd: '{{ .BIN_DIR }}/generate-helm-docs.sh --hook "{{ .ITEM }}" "{{ .HELM_DOCS_DIR }}"' + + scanner-docs: + desc: "Generate documentation for all scanners" + vars: + CHARTS: + sh: find {{ .SCANNERS_DIR }} -maxdepth 2 -name "Chart.yaml" + cmds: + - for: { var: CHARTS } + cmd: '{{ .BIN_DIR }}/generate-helm-docs.sh --scanner "{{ .ITEM }}" "{{ .HELM_DOCS_DIR }}"' + + operator-docs: + desc: "Generate documentation for the operator" + cmds: + - '{{ .BIN_DIR }}/generate-helm-docs.sh --operator "{{ .OPERATOR_DIR }}/Chart.yaml" "{{ .HELM_DOCS_DIR }}"' + + auto-discovery-docs: + desc: "Generate documentation for auto-discovery components" cmds: + - '{{ .BIN_DIR }}/generate-helm-docs.sh --operator "{{ .AUTO_DISCOVERY_DIR }}/cloud-aws/Chart.yaml" "{{ .HELM_DOCS_DIR }}"' + - '{{ .BIN_DIR }}/generate-helm-docs.sh --operator "{{ .AUTO_DISCOVERY_DIR }}/kubernetes/Chart.yaml" "{{ .HELM_DOCS_DIR }}"' + + demo-target-docs: + desc: "Generate documentation for demo targets" + vars: + CHARTS: + sh: find {{ .DEMO_TARGETS_DIR }} -maxdepth 2 -name "Chart.yaml" + cmds: + - for: { var: CHARTS } + cmd: '{{ .BIN_DIR }}/generate-helm-docs.sh --demo-target "{{ .ITEM }}" "{{ .HELM_DOCS_DIR }}"' + + docs: + desc: "Generate all documentation" + cmds: + - task: readme + - task: hook-docs + - task: scanner-docs + - task: operator-docs + - task: auto-discovery-docs + - task: demo-target-docs + + create-new-scanner: + desc: "Create a new scanner from template (use -- NAME=scanner-name)" + preconditions: + - msg: "Scanner name not defined, please provide via: task create-new-scanner -- NAME=NEW-SCANNER" + sh: '[ -n "{{ .NAME }}" ]' + cmds: + - rm -rf "{{ .SCANNERS_DIR }}/{{ .NAME }}" + - cp -r "{{ .TEMPLATES_DIR }}/new-scanner/" "{{ .SCANNERS_DIR }}/{{ .NAME }}" - | - find . -name "Chart.yaml" | while read -r chart_file; do - chart_dir=$(dirname "$chart_file") - echo "Running tests for helm chart: $chart_dir" - helm unittest $chart_dir - done + find "{{ .SCANNERS_DIR }}/{{ .NAME }}" -type f ! -name tmp \ + -exec sed -n "s/new-scanner/{{ .NAME }}/g;w {{ .SCANNERS_DIR }}/{{ .NAME }}/tmp" {} \; \ + -exec mv "{{ .SCANNERS_DIR }}/{{ .NAME }}/tmp" {} \; + - mv "{{ .SCANNERS_DIR }}/{{ .NAME }}/templates/new-scanner-parse-definition.yaml" "{{ .SCANNERS_DIR }}/{{ .NAME }}/templates/{{ .NAME }}-parse-definition.yaml" + - mv "{{ .SCANNERS_DIR }}/{{ .NAME }}/templates/new-scanner-scan-type.yaml" "{{ .SCANNERS_DIR }}/{{ .NAME }}/templates/{{ .NAME }}-scan-type.yaml" + + lint: + desc: "Lint only changed files with respect to main branch" + cmds: + - npx mega-linter-runner + - 'echo "The generated reports can be found under ./report/linters_logs/"' + + lintfix: + desc: "Lint only changed files with respect to main branch and apply automatic fixes" + cmds: + - npx mega-linter-runner --fix + - 'echo "The generated reports can be found under ./report/linters_logs/"' + + lintall: + desc: "Lint complete repo" + cmds: + - npx mega-linter-runner --env VALIDATE_ALL_CODEBASE=true + - 'echo "The generated reports can be found under ./report/linters_logs/"' + + scbctl: + desc: "Build scbctl CLI tool" + cmds: + - cd scbctl && go build -o scbctl main.go diff --git a/auto-discovery/cloud-aws/Makefile b/auto-discovery/cloud-aws/Makefile deleted file mode 100644 index 53211f5265..0000000000 --- a/auto-discovery/cloud-aws/Makefile +++ /dev/null @@ -1,166 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -include ../../prerequisites.mk - -IMG_NS ?= securecodebox - -# Image URL to use all building/pushing image targets -IMG ?= auto-discovery-cloud-aws - -# Tag used for the image -IMG_TAG ?= sha-$$(git rev-parse --short HEAD) - -# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. -ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') - -# ENVTEST_VERSION refers to the version of setup-envtest binary. -# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. -ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -# Setting SHELL to bash allows bash commands to be executed by recipes. -# This is a requirement for 'setup-envtest.sh' in the test target. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - -.PHONY: all -all: build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Development - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - -.PHONY: test -test: fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out - -.PHONY: ginkgo -ginkgo: fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GOBIN)/ginkgo test ./... -coverprofile cover.out -v --progress - -## Helm unit tests -.PHONY: helm-unit-tests -helm-unit-tests: - echo "Running helm unit tests for the cloud-aws autodiscovery"; - helm unittest . - -##@ Build - -.PHONY: build -build: fmt vet ## Build service binary. - go build -o bin/service cmd/service/main.go - -.PHONY: run -run: fmt vet ## Run the service from your host. - go run ./cmd/service/main.go --config auto-discovery-cloud-aws-config.yaml - -.PHONY: docker-build -docker-build: test ## Build docker image with the service. - @echo ".: โš™๏ธ Build Container Images" - docker build -t ${IMG_NS}/${IMG}:${IMG_TAG} . - -.PHONY: docker-push -docker-push: ## Push docker image with the service. - docker push ${IMG_NS}/${IMG}:${IMG_TAG} - -.PHONY: docker-export -docker-export: - @echo ".: ๐Ÿ’พ Export Container Images" - docker save $(IMG_NS)/$(IMG):$(IMG_TAG) > $(IMG).tar - -##@ Deployment - -.PHONY: kind-import -kind-import: - @echo ".: ๐Ÿ’พ Importing the image archive to local kind cluster." - kind load image-archive ./$(IMG).tar - -.PHONY: helm-deploy -helm-deploy: - @echo ".: โš™๏ธ Deploying auto-discovery-cloud-aws with the Image tag '$(IMG_TAG)' into kind." - helm -n integration-tests upgrade --install auto-discovery-cloud-aws ./ --wait \ - --set="image.repository=docker.io/$(IMG_NS)/$(IMG)" \ - --set="image.tag=$(IMG_TAG)" \ - --set="image.pullPolicy=IfNotPresent" \ - --set="config.aws.queueUrl=$(SQS_QUEUE_URL)" \ - --set="config.aws.region=$(AWS_REGION)" - -##@ Build Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -ENVTEST ?= $(LOCALBIN)/setup-envtest - -.PHONY: envtest -envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. -$(ENVTEST): $(LOCALBIN) - $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) - -.PHONY: print-envtest-path -print-envtest-path: ## Print the path of the envtest binaries for use with other tools -# suppress output so that result can be stored as env var - @$(MAKE) -s envtest - @$(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path - -debug.env: ## Allow vscode profiles to access the envtest assets - printf '%s' 'KUBEBUILDER_ASSETS=' > debug.env - $(MAKE) print-envtest-path >> debug.env - -# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary -# $2 - package url which can be installed -# $3 - specific version of package -define go-install-tool -@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ -set -e; \ -package=$(2)@$(3) ;\ -echo "Downloading $${package}" ;\ -rm -f "$(1)" ;\ -GOBIN="$(LOCALBIN)" go install $${package} ;\ -mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ -} ;\ -ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" -endef -define gomodver -$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) -endef \ No newline at end of file diff --git a/auto-discovery/cloud-aws/Taskfile.yaml b/auto-discovery/cloud-aws/Taskfile.yaml new file mode 100644 index 0000000000..9ae0a263e6 --- /dev/null +++ b/auto-discovery/cloud-aws/Taskfile.yaml @@ -0,0 +1,138 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +env: + IMG_NS: securecodebox + IMG_TAG: + sh: 'echo "sha-$(git rev-parse --short HEAD)"' + +vars: + COMPONENT_NAME: cloud-aws + BINARY_NAME: service + BUILD_CMD: cmd/service/main.go + LOCALBIN: '{{ .TASKFILE_DIR }}/bin' + ENVTEST_K8S_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' k8s.io/api 2>/dev/null | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/' + ENVTEST_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' sigs.k8s.io/controller-runtime 2>/dev/null | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/' + +tasks: + fmt: + desc: "Run go fmt against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go fmt ./... + + vet: + desc: "Run go vet against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go vet ./... + + envtest: + desc: "Download setup-envtest locally if necessary" + run: once + dir: '{{ .TASKFILE_DIR }}' + generates: + - '{{ .LOCALBIN }}/setup-envtest' + - '{{ .LOCALBIN }}/.setup-envtest.version' + cmds: + - mkdir -p {{ .LOCALBIN }} + - rm -f {{ .LOCALBIN }}/setup-envtest + - GOBIN={{ .LOCALBIN }} go install sigs.k8s.io/controller-runtime/tools/setup-envtest@{{ .ENVTEST_VERSION }} + - echo "{{ .ENVTEST_VERSION }}" > {{ .LOCALBIN }}/.setup-envtest.version + status: + - test -f {{ .LOCALBIN }}/setup-envtest + - grep -qxF "{{ .ENVTEST_VERSION }}" {{ .LOCALBIN }}/.setup-envtest.version 2>/dev/null + + test: + desc: "Run Go tests" + deps: [fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} --bin-dir {{ .LOCALBIN }} -p path)" \ + go test ./... -coverprofile cover.out + + ginkgo: + desc: "Run Ginkgo tests with verbose output" + deps: [fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} --bin-dir {{ .LOCALBIN }} -p path)" \ + ginkgo test ./... -coverprofile cover.out -v --progress + + run: + desc: "Run the cloud-aws service from your host" + deps: [fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go run ./cmd/service/main.go --config auto-discovery-cloud-aws-config.yaml + + build: + desc: "Build the binary" + deps: [fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go build -o bin/{{ .BINARY_NAME }} {{ .BUILD_CMD }} + + helm-unit-tests: + desc: "Run helm unit tests" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Helm unittest plugin is not installed. Install it from https://github.com/helm-unittest/helm-unittest/" + sh: "helm plugin list | grep -q 'unittest' || false" + cmds: + - helm unittest . + + docker-build: + desc: "Build Docker image" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Docker is not running, please start Docker first" + sh: "docker info >/dev/null 2>&1 || false" + cmds: + - docker build -t ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} . + status: + - docker images | grep -q "${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG}" + + docker-push: + desc: "Push Docker image" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - docker push ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} + + docker-export: + desc: "Export Docker image to tar file" + deps: [docker-build] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - docker save ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} > auto-discovery-{{ .COMPONENT_NAME }}.tar + + kind-import: + desc: "Import Docker image into kind cluster" + deps: [docker-export] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kind load image-archive ./auto-discovery-{{ .COMPONENT_NAME }}.tar + + helm-deploy: + desc: "Deploy cloud-aws to kind cluster with SQS configuration" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "SQS_QUEUE_URL environment variable is required" + sh: '[ -n "$SQS_QUEUE_URL" ]' + - msg: "AWS_REGION environment variable is required" + sh: '[ -n "$AWS_REGION" ]' + cmds: + - | + helm -n integration-tests upgrade --install auto-discovery-{{ .COMPONENT_NAME }} ./ --wait \ + --set="image.repository=docker.io/${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}" \ + --set="image.tag=${IMG_TAG}" \ + --set="image.pullPolicy=IfNotPresent" \ + --set="config.aws.queueUrl=${SQS_QUEUE_URL}" \ + --set="config.aws.region=${AWS_REGION}" diff --git a/auto-discovery/kubernetes/Makefile b/auto-discovery/kubernetes/Makefile deleted file mode 100644 index 62911c16c7..0000000000 --- a/auto-discovery/kubernetes/Makefile +++ /dev/null @@ -1,181 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -include ../../prerequisites.mk - -IMG_NS ?= securecodebox - -# Image URL to use all building/pushing image targets -IMG ?= auto-discovery-kubernetes - -# Tag used for the image -IMG_TAG ?= sha-$$(git rev-parse --short HEAD) - -# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. -ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set). -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -# Setting SHELL to bash allows bash commands to be executed by recipes. -# This is a requirement for 'setup-envtest.sh' in the test target. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - -.PHONY: all -all: build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Development - -.PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=auto-discovery,headerFile="hack/boilerplate.yaml.txt" crd paths="./..." output:crd:artifacts:config=crds output:rbac:artifacts:config=templates/rbac - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - -ENVTEST_ASSETS_DIR=$(shell pwd)/testbin - -.PHONY: test -test: manifests fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out - -.PHONY: ginko -ginkgo: manifests fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" ginko test ./... -coverprofile cover.out -v --progress - -## Helm unit tests -.PHONY: helm-unit-tests -helm-unit-tests: - echo "Running helm unit tests for operator"; \ - helm unittest . \ - -##@ Build - -.PHONY: build -build: fmt vet ## Build manager binary. - go build -o bin/manager main.go - -.PHONY: run -run: manifests fmt vet ## Run a controller from your host. - go run ./main.go --config ./auto-discovery-config.yaml - -.PHONY: docker-build -docker-build: ## Build docker image with the manager. - @echo ".: โš™๏ธ Build Container Images" - docker build -t ${IMG_NS}/${IMG}:${IMG_TAG} . - -.PHONY: docker-push -docker-push: ## Push docker image with the manager. - docker push ${IMG_NS}/${IMG}:${IMG_TAG} - -.PHONY: docker-export -docker-export: - @echo ".: ๐Ÿ’พ Export Container Images" - docker save $(IMG_NS)/$(IMG):$(IMG_TAG) > $(IMG).tar - -##@ Deployment - -.PHONY: kind-import -kind-import: - @echo ".: ๐Ÿ’พ Importing the image archive to local kind cluster." - kind load image-archive ./$(IMG).tar - -.PHONY: helm-deploy -helm-deploy: - @echo ".: โš™๏ธ Deploying auto-discovery with the Image tag '$(IMG_TAG)' into kind." - helm upgrade --install auto-discovery ./ --wait \ - --set="image.repository=docker.io/$(IMG_NS)/$(IMG)" \ - --set="image.tag=$(IMG_TAG)" \ - --set="image.pullPolicy=IfNotPresent" \ - -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifndef ignore-not-found -ignore-not-found = false -endif - -.PHONY: install -install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config. - -.PHONY: uninstall -uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - -##@ Build Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen -ENVTEST ?= $(LOCALBIN)/setup-envtest - -## Tool Versions -# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools -CONTROLLER_TOOLS_VERSION ?= v0.18.0 -# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. -ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') - -.PHONY: controller-gen -controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. -$(CONTROLLER_GEN): $(LOCALBIN) - $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) - -.PHONY: envtest -envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. -$(ENVTEST): $(LOCALBIN) - $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) - -# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary -# $2 - package url which can be installed -# $3 - specific version of package -define go-install-tool -@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ -set -e; \ -package=$(2)@$(3) ;\ -echo "Downloading $${package}" ;\ -rm -f "$(1)" ;\ -GOBIN="$(LOCALBIN)" go install $${package} ;\ -mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ -} ;\ -ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" -endef -define gomodver -$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) -endef \ No newline at end of file diff --git a/auto-discovery/kubernetes/Taskfile.yaml b/auto-discovery/kubernetes/Taskfile.yaml new file mode 100644 index 0000000000..451f66ef3c --- /dev/null +++ b/auto-discovery/kubernetes/Taskfile.yaml @@ -0,0 +1,163 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +env: + IMG_NS: securecodebox + IMG_TAG: + sh: 'echo "sha-$(git rev-parse --short HEAD)"' + +vars: + COMPONENT_NAME: kubernetes + BINARY_NAME: manager + BUILD_CMD: main.go + CONTROLLER_TOOLS_VERSION: v0.18.0 + LOCALBIN: '{{ .TASKFILE_DIR }}/bin' + ENVTEST_K8S_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' k8s.io/api 2>/dev/null | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/' + ENVTEST_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' sigs.k8s.io/controller-runtime 2>/dev/null | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/' + +tasks: + fmt: + desc: "Run go fmt against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go fmt ./... + + vet: + desc: "Run go vet against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go vet ./... + + envtest: + desc: "Download setup-envtest locally if necessary" + run: once + dir: '{{ .TASKFILE_DIR }}' + generates: + - '{{ .LOCALBIN }}/setup-envtest' + - '{{ .LOCALBIN }}/.setup-envtest.version' + cmds: + - mkdir -p {{ .LOCALBIN }} + - rm -f {{ .LOCALBIN }}/setup-envtest + - GOBIN={{ .LOCALBIN }} go install sigs.k8s.io/controller-runtime/tools/setup-envtest@{{ .ENVTEST_VERSION }} + - echo "{{ .ENVTEST_VERSION }}" > {{ .LOCALBIN }}/.setup-envtest.version + status: + - test -f {{ .LOCALBIN }}/setup-envtest + - grep -qxF "{{ .ENVTEST_VERSION }}" {{ .LOCALBIN }}/.setup-envtest.version 2>/dev/null + + controller-gen: + desc: "Download controller-gen locally if necessary" + run: once + dir: '{{ .TASKFILE_DIR }}' + generates: + - '{{ .LOCALBIN }}/controller-gen' + - '{{ .LOCALBIN }}/.controller-gen.version' + cmds: + - mkdir -p {{ .LOCALBIN }} + - rm -f {{ .LOCALBIN }}/controller-gen + - GOBIN={{ .LOCALBIN }} go install sigs.k8s.io/controller-tools/cmd/controller-gen@{{ .CONTROLLER_TOOLS_VERSION }} + - echo "{{ .CONTROLLER_TOOLS_VERSION }}" > {{ .LOCALBIN }}/.controller-gen.version + status: + - test -f {{ .LOCALBIN }}/controller-gen + - grep -qxF "{{ .CONTROLLER_TOOLS_VERSION }}" {{ .LOCALBIN }}/.controller-gen.version 2>/dev/null + + manifests: + desc: "Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects" + deps: [controller-gen] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + {{ .LOCALBIN }}/controller-gen rbac:roleName=auto-discovery,headerFile="hack/boilerplate.yaml.txt" \ + crd paths="./..." \ + output:crd:artifacts:config=crds \ + output:rbac:artifacts:config=templates/rbac + + test: + desc: "Run Go tests with manifests generation" + deps: [manifests, fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} --bin-dir {{ .LOCALBIN }} -p path)" \ + go test ./... -coverprofile cover.out + + ginkgo: + desc: "Run Ginkgo tests with verbose output and manifests generation" + deps: [manifests, fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} --bin-dir {{ .LOCALBIN }} -p path)" \ + ginkgo test ./... -coverprofile cover.out -v --progress + + run: + desc: "Run the kubernetes auto-discovery controller from your host" + deps: [manifests, fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go run ./main.go --config ./auto-discovery-config.yaml + + build: + desc: "Build the binary" + deps: [fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go build -o bin/{{ .BINARY_NAME }} {{ .BUILD_CMD }} + + helm-unit-tests: + desc: "Run helm unit tests" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Helm unittest plugin is not installed. Install it from https://github.com/helm-unittest/helm-unittest/" + sh: "helm plugin list | grep -q 'unittest' || false" + cmds: + - helm unittest . + + docker-build: + desc: "Build Docker image" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Docker is not running, please start Docker first" + sh: "docker info >/dev/null 2>&1 || false" + cmds: + - docker build -t ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} . + status: + - docker images | grep -q "${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG}" + + docker-push: + desc: "Push Docker image" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - docker push ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} + + docker-export: + desc: "Export Docker image to tar file" + deps: [docker-build] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - docker save ${IMG_NS}/auto-discovery-{{ .COMPONENT_NAME }}:${IMG_TAG} > auto-discovery-{{ .COMPONENT_NAME }}.tar + + kind-import: + desc: "Import Docker image into kind cluster" + deps: [docker-export] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kind load image-archive ./auto-discovery-{{ .COMPONENT_NAME }}.tar + + install: + desc: "Install CRDs into the K8s cluster specified in ~/.kube/config" + deps: [manifests] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kubectl apply -f ./crds/ + + uninstall: + desc: "Uninstall CRDs from the K8s cluster specified in ~/.kube/config" + deps: [manifests] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kubectl delete -f ./crds/ diff --git a/auto-discovery/kubernetes/pull-secret-extractor/Taskfile.yaml b/auto-discovery/kubernetes/pull-secret-extractor/Taskfile.yaml index 32e0f12a7d..8f6911cde3 100644 --- a/auto-discovery/kubernetes/pull-secret-extractor/Taskfile.yaml +++ b/auto-discovery/kubernetes/pull-secret-extractor/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" vars: IMG_NS: '{{default "securecodebox" .IMG_NS}}' diff --git a/demo-targets/Makefile b/demo-targets/Makefile deleted file mode 100644 index ff750a056f..0000000000 --- a/demo-targets/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# - -include ../prerequisites.mk - -.PHONY: helm-unit-tests -helm-unit-tests: - set -e; \ - for directory in ./*; do \ - if [ -d "$$directory" ]; then \ - dir_name=$$(basename "$$directory"); \ - helm unittest "$$directory"; \ - fi; \ - done \ No newline at end of file diff --git a/demo-targets/Taskfile.yaml b/demo-targets/Taskfile.yaml index c182550429..694d386a6e 100644 --- a/demo-targets/Taskfile.yaml +++ b/demo-targets/Taskfile.yaml @@ -2,9 +2,21 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" tasks: + helm-unit-tests: + desc: "Run helm unit tests for all demo targets" + preconditions: + - msg: "Helm unittest plugin is not installed. Install it from https://github.com/helm-unittest/helm-unittest/" + sh: "helm plugin list | grep -q 'unittest' || false" + vars: + CHARTS: + sh: find {{ .TASKFILE_DIR }} -maxdepth 2 -name "Chart.yaml" -exec dirname {} \; + cmds: + - for: { var: CHARTS } + cmd: helm unittest "{{ .ITEM }}" + deploy:app: internal: true status: diff --git a/documentation/Makefile b/documentation/Makefile deleted file mode 100644 index 0154493d2b..0000000000 --- a/documentation/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -DOCUMENTATION_DIR = $(shell pwd) -DIAGRAMS := $(shell find $(DOCUMENTATION_DIR) -type f -name '*.puml') -IMAGES := $(addsuffix .png, $(basename $(DIAGRAMS))) - -all: help - -.PHONY: puml -puml: $(IMAGES) ## Generate PlantUML images - -.PHONY: clean -clean: ## Wipe node_modules - rm -rf $(DOCUMENTATION_DIR)/node_modules - -.PHONY: install -install: ## Install Docusaurus stuff. (Needed once before you invoke start target). - npm install - -.PHONY: start -start: ## Start local Docusaurus. (Visit http://localhost:3000) - npm start - -%.png: %.puml - plantuml -tpng $^ - -.PHONY: help -help: ## Display this help screen. - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ - awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/documentation/Taskfile.yaml b/documentation/Taskfile.yaml new file mode 100644 index 0000000000..f94c163484 --- /dev/null +++ b/documentation/Taskfile.yaml @@ -0,0 +1,33 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +tasks: + puml: + desc: "Generate PlantUML images from .puml files" + sources: + - '{{ .TASKFILE_DIR }}/**/*.puml' + cmds: + - for: sources + cmd: plantuml -tpng {{ .ITEM }} + + clean: + desc: "Remove node_modules directory" + cmds: + - rm -rf {{ .TASKFILE_DIR }}/node_modules + + install: + desc: "Install Docusaurus dependencies" + cmds: + - cd {{ .TASKFILE_DIR }} && npm install + status: + - '[ -d {{ .TASKFILE_DIR }}/node_modules ]' + + start: + desc: "Start local Docusaurus server (visit http://localhost:3000)" + deps: [install] + cmds: + - cd {{ .TASKFILE_DIR }} && npm start + interactive: true diff --git a/documentation/docs/architecture/09_architecture_decisions/adr_0018.md b/documentation/docs/architecture/09_architecture_decisions/adr_0018.md index 1ec264d600..2a34bee655 100644 --- a/documentation/docs/architecture/09_architecture_decisions/adr_0018.md +++ b/documentation/docs/architecture/09_architecture_decisions/adr_0018.md @@ -10,10 +10,14 @@ sidebar_label: "ADR-0018" | | | |----------------|----------------------------------------------------| -| **Status**: | ACCEPTED | +| **Status**: | SUPERSEDED (by migration to Taskfiles, 2026-03-04) | | **Date**: | 2022-09-20 | | **Author(s)**: | Sven Strittmatter [sven.strittmatter@iteratec.com](mailto:Sven.Strittmatter@iteratec.com) | +:::note Migration to Taskfiles +As of March 2026, secureCodeBox has migrated from Makefiles to [Taskfiles](https://taskfile.dev/), which provides better cross-platform support and properly handles file paths with spaces. This ADR is kept for historical reference, but the original problem has been resolved by the migration. +::: + ## Context We have the [issue](https://github.com/secureCodeBox/secureCodeBox/issues/1353) that most of our [make][gnu-make] targets fail, if this repository working copy is cloned into a file location which contains white spaces in its file path. diff --git a/documentation/docs/contributing/integrating-a-hook/makefile.md b/documentation/docs/contributing/integrating-a-hook/makefile.md deleted file mode 100644 index 44452650e5..0000000000 --- a/documentation/docs/contributing/integrating-a-hook/makefile.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -title: Makefile (Deprecated) -sidebar_position: 5 ---- - -:::caution Deprecated -Makefiles have been deprecated in favor of Taskfiles. Please refer to the [Taskfile](./taskfile.md) documentation for the current approach. -::: - -To test your hook locally, you may use the following makefile. - -```makefile -#!/usr/bin/make -f - -include_guard = set -hook = finding-post-processing - -include ../../hooks.mk -``` - -See [Local Deployment](/docs/contributing/local-deployment) for examples how to use the Makefiles. - -## Available makefile targets - -| Target | Use | -| --------------------------------- | --------------------------------------------------------------------------------- | -| reset-integration-tests-namespace | Resets the integration-tests namespace | -| unit-tests | Run your hook unit tests | -| docker-build | Builds your hook | -| docker-export | Exports your hook into a .tar file | -| kind-import | Loads your hook .tar files into your local kind cluster | -| deploy | Deploys your hook helm chart into your local kind cluster | -| deploy-test-deps | Deploys your hook's test dependencies (demo-targets) into your local kind cluster | -| integration-tests | Deletes all scans and runs your integration test `scanners/SCANNER_NAME.test.js` | - -## Configuring your makefile (examples) - -### Adding test dependencies (demo-targets) - -```makefile -#!/usr/bin/make -f - -include_guard = set -hook = generic-webhook - -include ../../hooks.mk - - -deploy-test-deps: deploy-test-dep-http-webhook deploy-test-dep-test-scan - -deploy: - @echo ".: ๐Ÿ’พ Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install ro-hook . \ - --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ - --set="hook.image.tag=$(IMG_TAG)" \ - --set="webhookUrl=http://http-webhook/hallo-welt" - -integration-tests: - @echo ".: ๐Ÿฉบ Starting integration test in kind namespace 'integration-tests'." - kubectl -n integration-tests delete scans --all - cd ../../tests/integration/ && npm ci && npx --yes --package jest@$(JEST_VERSION) jest --verbose --ci --colors --coverage --passWithNoTests generic/read-only-write-hook.test.js - -``` - -This adds the http-webhook demo-target to your integration tests. -`deploy-test-dep-test-scan` is a sample scanner used in most hook integration tests. - -The above makefile also overrides the `integration-test` target such that it references the generic folder as a test suite. - -### Changing the unit test language - -```makefile -#!/usr/bin/make -f - -include_guard = set -hook = persistence-defectdojo - -include ../../hooks.mk - -unit-tests: - @$(MAKE) -s unit-test-java -``` - -You can choose from: `unit-test-js` `unit-test-py` `unit-test-java`. diff --git a/documentation/docs/contributing/integrating-a-scanner/integrating-a-scanner.md b/documentation/docs/contributing/integrating-a-scanner/integrating-a-scanner.md index dfe90f70b6..974bd64a44 100644 --- a/documentation/docs/contributing/integrating-a-scanner/integrating-a-scanner.md +++ b/documentation/docs/contributing/integrating-a-scanner/integrating-a-scanner.md @@ -54,7 +54,7 @@ scanners/nmap To create a new Helm Chart for your scanner you can use the following command (replace _new-scanner_ with the name of the scanner): ```bash -make create-new-scanner NAME=new-scanner +task create-new-scanner -- NAME=new-scanner ``` This command will create a new directory named _new-scanner_ and some template files provided by `helm` to simplify the creation of Helm Charts (see [Helm | Getting Started](https://helm.sh/docs/chart_template_guide/getting_started/)). diff --git a/documentation/docs/contributing/operator.md b/documentation/docs/contributing/operator.md index 200e561bfc..4e9caf0bbd 100644 --- a/documentation/docs/contributing/operator.md +++ b/documentation/docs/contributing/operator.md @@ -72,13 +72,13 @@ make This will produce the operator as `bin/manager`. If you wonder why the operator is named _manager_ (the resulting binary). The reason for that is in Kubernetes a combination of more than one _controller_ is called _controller-manager_ or short _manager_. In contrast, _operator_ is created by the community to name a _controller-manager_ which controls _custom resources_ and hence we use _custom resources_. (see [https://book.kubebuilder.io/](https://book.kubebuilder.io/) for further information) -To run the operator locally you can simply execute `make run` in the `operator` directory of this repository: +To run the operator locally you can simply execute `task run` in the `operator` directory of this repository: _NOTICE:_ You will need to uninstall the operator with `helm -n securecodebox-system uninstall securecodebox-operator` from your local cluster, if you've installed it via helm. Unless both operators try to work on the same cluster which may cause unexpected behavior. ```bash cd operator -make run +task run ``` To run multiple operator instances locally (e.g. SCB operator and SCB Autodiscovery operator) the `metrics-bind-address` and `health-probe-bind-address` port needs to be changed via commandline arguements for one of the operators.
diff --git a/documentation/docs/contributing/test-concept/operator-test.md b/documentation/docs/contributing/test-concept/operator-test.md index 81027fd245..d5e203423b 100644 --- a/documentation/docs/contributing/test-concept/operator-test.md +++ b/documentation/docs/contributing/test-concept/operator-test.md @@ -130,10 +130,10 @@ We use the `Eventually` control loop again to check for the fulfillment of our c ### How to run a test -Running the test is easy through our makefiles. In the operator folder (securecodebox/operator), it is sufficient to run +Running the test is easy through our Taskfiles. In the operator folder (securecodebox/operator), it is sufficient to run ```bash cd operator -make test +task test ``` to execute a test run of the operator. diff --git a/env-paths.mk b/env-paths.mk deleted file mode 100644 index 40ca7e6c62..0000000000 --- a/env-paths.mk +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -PROJECT_DIR = $(shell pwd) -BIN_DIR = $(PROJECT_DIR)/bin -SCANNERS_DIR = $(PROJECT_DIR)/scanners -HOOKS_DIR = $(PROJECT_DIR)/hooks -DEMO_TARGETS_DIR = $(PROJECT_DIR)/demo-targets -OPERATOR_DIR = $(PROJECT_DIR)/operator -PARSER_SDK_DIR = $(PROJECT_DIR)/parser-sdk/nodejs -HOOK_SDK_DIR = $(PROJECT_DIR)/hook-sdk/nodejs -AUTO_DISCOVERY_DIR = $(PROJECT_DIR)/auto-discovery -HELM_DOCS_DIR = $(PROJECT_DIR)/.helm-docs -TEMPLATES_DIR = $(PROJECT_DIR)/.templates -TESTS_HELPERS_DIR = $(PROJECT_DIR)/tests/integration - -SCANNERS_CHART_LIST := $(sort $(wildcard $(SCANNERS_DIR)/*/Chart.yaml)) -SCANNERS_TEST_LIST := $(sort $(wildcard $(SCANNERS_DIR)/*/Makefile)) -HOOKS_CHART_LIST := $(sort $(wildcard $(HOOKS_DIR)/*/Chart.yaml)) -HOOKS_TEST_LIST := $(sort $(wildcard $(HOOKS_DIR)/*/Makefile)) -DEMO_TARGETS_CHART_LIST := $(sort $(wildcard $(DEMO_TARGETS_DIR)/*/Chart.yaml)) diff --git a/hook-sdk/nodejs/Makefile b/hook-sdk/nodejs/Makefile deleted file mode 100644 index b8f588dca2..0000000000 --- a/hook-sdk/nodejs/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -sdk = hook-sdk -include_guard = set -include ../../sdk.mk diff --git a/hook-sdk/nodejs/Taskfile.yaml b/hook-sdk/nodejs/Taskfile.yaml new file mode 100644 index 0000000000..a7492de8bb --- /dev/null +++ b/hook-sdk/nodejs/Taskfile.yaml @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +env: + IMG_NS: securecodebox + IMG_TAG: + sh: 'echo "sha-$(git rev-parse --short HEAD)"' + +vars: + SDK_NAME: hook-sdk + +tasks: + docker-build: + desc: "Build the hook-sdk Docker image" + preconditions: + - msg: "Docker is not running, please start Docker first" + sh: "docker info >/dev/null 2>&1 || false" + cmds: + - 'echo "Building {{ .SDK_NAME }}-nodejs image with tag ${IMG_TAG}"' + - docker build -t ${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG} {{ .TASKFILE_DIR }} + status: + - docker images | grep -q "${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG}" || false + + docker-export: + desc: "Export the hook-sdk Docker image to a tar file" + deps: [docker-build] + cmds: + - 'echo "Exporting {{ .SDK_NAME }}-nodejs image to tar file"' + - docker save ${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG} -o {{ .SDK_NAME }}.tar + + kind-import: + desc: "Import the hook-sdk Docker image into kind cluster" + deps: [docker-export] + cmds: + - 'echo "Importing {{ .SDK_NAME }}.tar to local kind cluster"' + - kind load image-archive ./{{ .SDK_NAME }}.tar diff --git a/hooks.mk b/hooks.mk deleted file mode 100644 index 5dee78f711..0000000000 --- a/hooks.mk +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# This include is a base for all hooks make files. - -module = hook -prefix = hook -name = ${hook} - -include ../../test-base.mk -include ../../env-paths.mk -# Telling the env-paths file where the root project dir is. This is done to allow the generation of the paths of the -# different project folders relative to where the makefile is being run from. So BIN_DIR= $(PROJECT_DIR)/bin will be -# BIN_DIR=../../bin -PROJECT_DIR=../.. - -module = $(hook-prefix) - -.PHONY: docker-build -docker-build: | common-docker-build - -.PHONY: docker-export -docker-export: | common-docker-export - -.PHONY: kind-import -kind-import: | common-kind-import - -.PHONY: unit-tests -unit-tests: - @$(MAKE) -s unit-test-js - -.PHONY: helm-unit-tests -helm-unit-tests: - echo "Running helm unit tests for $(name)"; \ - helm unittest . \ - -.PHONY: deploy -deploy: ## ๐Ÿ’พ Deploy this module via HelmChart into namespace "integration-tests" - @echo ".: ๐Ÿ’พ Deploying '$(name)' $(hook-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install $(name) . --wait \ - --set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)-$(name)" \ - --set="hook.image.tag=$(IMG_TAG)" - -.PHONY: integration-tests -integration-tests: ## ๐Ÿฉบ Start integration test for this module in the namespace "integration-tests" - @echo ".: ๐Ÿฉบ Starting integration test in kind namespace 'integration-tests'." - @if [ -d "$(hook-prefix)/integration-tests" ]; then \ - kubectl -n integration-tests delete scans --all; \ - npm ci --prefix $(TESTS_HELPERS_DIR); \ - cd $(hook-prefix)/integration-tests && npm ci && npm run test:integration \ - else \ - echo ".: ๐Ÿšซ Integration tests folder for $(name) does not exist, skipped."; \ - fi - - - diff --git a/hooks/Taskfile.yaml b/hooks/Taskfile.yaml index b55830e652..f45396f6f7 100644 --- a/hooks/Taskfile.yaml +++ b/hooks/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: demo-targets: @@ -26,6 +26,8 @@ env: tasks: build: desc: Build the Docker image for the {{ .hookName }} hook + requires: + vars: [hookName] status: - docker images | grep -q "docker.io/securecodebox/hook-{{ .hookName }}:${IMG_TAG}" || false preconditions: @@ -65,28 +67,30 @@ tasks: # test:setup tasks test:setup:hook-sdk: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/../hook-sdk/nodejs' status: - - "[ -d {{ .TASKFILE_DIR }}/../hook-sdk/nodejs/node_modules ] || false" + - test -d node_modules cmds: - - cd {{ .TASKFILE_DIR }}/../hook-sdk/nodejs/ && bun install + - bun install test:setup:test-helpers: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/../tests/integration' status: - - "[ -d {{ .TASKFILE_DIR }}/../tests/integration/node_modules ] || false" + - test -d node_modules cmds: - - cd {{ .TASKFILE_DIR }}/../tests/integration && bun install + - bun install test:setup:hook-deps: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/{{ .hookName }}/hook' status: - - "[ -d {{ .TASKFILE_DIR }}/{{ .hookName }}/hook/node_modules ] || false" + - '{{ if eq "true" .hookUsesNpmDependencies }}test -d node_modules{{ else }}true{{ end }}' cmds: - - | - {{ if eq "true" .hookUsesNpmDependencies }} - cd {{ .TASKFILE_DIR }}/{{ .hookName }}/hook/ && bun install - {{ else }} - echo "Hook has no custom dependencies. Skipping." - {{ end }} + - '{{ if eq "true" .hookUsesNpmDependencies }}bun install{{ else }}echo "Hook has no custom dependencies. Skipping."{{ end }}' test:setup: + run: once cmds: - task: test:setup:hook-sdk - task: test:setup:test-helpers @@ -141,6 +145,6 @@ tasks: test: desc: Run all tests for the {{ .hookName }} hook cmds: - - task test:unit - - task test:helm - - task test:integration + - task: test:unit + - task: test:helm + - task: test:integration diff --git a/hooks/cascading-scans/Taskfile.yaml b/hooks/cascading-scans/Taskfile.yaml index c1307fd720..f05ffc8143 100644 --- a/hooks/cascading-scans/Taskfile.yaml +++ b/hooks/cascading-scans/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/hooks/finding-post-processing/Taskfile.yaml b/hooks/finding-post-processing/Taskfile.yaml index dbd1d3674e..18e7cca951 100644 --- a/hooks/finding-post-processing/Taskfile.yaml +++ b/hooks/finding-post-processing/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/generic-webhook/Taskfile.yaml b/hooks/generic-webhook/Taskfile.yaml index 506312ea12..eeb5d74db1 100644 --- a/hooks/generic-webhook/Taskfile.yaml +++ b/hooks/generic-webhook/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/notification/Taskfile.yaml b/hooks/notification/Taskfile.yaml index 782e978bd0..bd6994607c 100644 --- a/hooks/notification/Taskfile.yaml +++ b/hooks/notification/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/hooks/persistence-azure-monitor/Taskfile.yaml b/hooks/persistence-azure-monitor/Taskfile.yaml index 8e3bc1385f..d3af66fecc 100644 --- a/hooks/persistence-azure-monitor/Taskfile.yaml +++ b/hooks/persistence-azure-monitor/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/persistence-defectdojo/Taskfile.yaml b/hooks/persistence-defectdojo/Taskfile.yaml index 7fc8ed8490..91b5d50425 100644 --- a/hooks/persistence-defectdojo/Taskfile.yaml +++ b/hooks/persistence-defectdojo/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/persistence-dependencytrack/Taskfile.yaml b/hooks/persistence-dependencytrack/Taskfile.yaml index 0f5dd6e616..2c07c6c11f 100644 --- a/hooks/persistence-dependencytrack/Taskfile.yaml +++ b/hooks/persistence-dependencytrack/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/persistence-elastic/Taskfile.yaml b/hooks/persistence-elastic/Taskfile.yaml index b652974104..a1753e6db6 100644 --- a/hooks/persistence-elastic/Taskfile.yaml +++ b/hooks/persistence-elastic/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/hooks/update-field-hook/Taskfile.yaml b/hooks/update-field-hook/Taskfile.yaml index 5013f4d600..300b4b94ed 100644 --- a/hooks/update-field-hook/Taskfile.yaml +++ b/hooks/update-field-hook/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: hook: diff --git a/operator/Makefile b/operator/Makefile deleted file mode 100644 index 4410f947e9..0000000000 --- a/operator/Makefile +++ /dev/null @@ -1,214 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -include ../prerequisites.mk -include ../env-paths.mk -## Telling the env-paths file where the root project dir is. This is done to allow the generation of the paths of the different project folders relative to where the makefile is being run from. -## So BIN_DIR= $(PROJECT_DIR)/bin will be BIN_DIR=../bin -PROJECT_DIR=.. - -IMG_NS ?= securecodebox - -# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -# Derived automatically from k8s.io/api in go.mod - updated by renovate via go.mod. -ENVTEST_K8S_VERSION ?= $(shell v='$(call gomodver,k8s.io/api)'; printf '%s\n' "$$v" | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/') - -# Image URL to use all building/pushing image targets for the operator -OPERATOR_IMG ?= operator - -# Image URL to use all building/pushing image targets for the lurker -LURKER_IMG ?= lurker - -# Tag used for the images -IMG_TAG ?= sha-$$(git rev-parse --short HEAD) - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -# Setting SHELL to bash allows bash commands to be executed by recipes. -# This is a requirement for 'setup-envtest.sh' in the test target. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - -all: build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Development - -.PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName="securecodebox-manager-role",headerFile="hack/boilerplate.yaml.txt" crd:maxDescLen=256,headerFile="hack/boilerplate.yaml.txt" webhook paths="./..." output:crd:artifacts:config=crds output:rbac:artifacts:config=templates/rbac - -.PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - -.PHONY: test -test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test -tags="fast slow" ./... -coverprofile cover.out - -.PHONY: test-fast -test-fast: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -tags="fast" ./... -coverprofile cover.out - -.PHONY: view-coverage -view-coverage: - go tool cover -html=cover.out - -## Helm unit tests -.PHONY: helm-unit-tests -helm-unit-tests: - echo "Running helm unit tests for operator"; \ - helm unittest . \ - -##@ Build - -.PHONY: build -build: generate fmt vet ## Build manager binary. - go build -o bin/manager main.go - -.PHONY: run -run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go - -.PHONY: docker-build -docker-build: ## Build docker image with the manager. - @echo ".: โš™๏ธ Build Container Images" - docker build -t $(IMG_NS)/${OPERATOR_IMG}:${IMG_TAG} . - cd $(PROJECT_DIR)/lurker && docker build -t $(IMG_NS)/$(LURKER_IMG):$(IMG_TAG) . - -.PHONY: docker-push -docker-push: ## Push docker image with the manager. - docker push $(IMG_NS)/${OPERATOR_IMG}:${IMG_TAG} - docker push $(IMG_NS)/$(LURKER_IMG):$(IMG_TAG) - -.PHONY: docker-export -docker-export: - $(MAKE) docker-export-operator - $(MAKE) docker-export-lurker - -.PHONY: docker-export-operator -docker-export-operator: - @echo ".: ๐Ÿ’พ Export Operator Image" - docker save $(IMG_NS)/$(OPERATOR_IMG):$(IMG_TAG) > $(OPERATOR_IMG).tar - -.PHONY: docker-export-lurker -docker-export-lurker: - @echo ".: ๐Ÿ’พ Export Lurker Image" - docker save $(IMG_NS)/$(LURKER_IMG):$(IMG_TAG) > $(LURKER_IMG).tar - -##@ Deployment - -.PHONY: kind-import -kind-import: - @echo ".: ๐Ÿ’พ Importing the image archive to local kind cluster." - kind load image-archive ./$(OPERATOR_IMG).tar - kind load image-archive ./$(LURKER_IMG).tar - -.PHONY: helm-deploy -helm-deploy: - @echo ".: โš™๏ธ Deploying Operator with the Image tag '$(IMG_TAG)' into kind." - # If not exists create namespace where the tests will be executed - kubectl create namespace integration-tests --dry-run=client -o yaml | kubectl apply -f - - # If not exists create secureCodeBox operator namespace - kubectl create namespace securecodebox-system --dry-run=client -o yaml | kubectl apply -f - - - MINIO_ROOT_USER=$(kubectl get secret securecodebox-operator-minio -n securecodebox-system -o=jsonpath='{.data.root-user}' | base64 --decode) - MINIO_ROOT_PASSWORD=$(kubectl get secret --namespace "securecodebox-system" securecodebox-operator-minio -o jsonpath="{.data.root-password}" | base64 -d) - - helm -n securecodebox-system upgrade --install securecodebox-operator ./ --wait \ - --set="image.repository=docker.io/$(IMG_NS)/$(OPERATOR_IMG)" \ - --set="image.tag=$(IMG_TAG)" \ - --set="image.pullPolicy=IfNotPresent" \ - --set="lurker.image.repository=docker.io/$(IMG_NS)/$(LURKER_IMG)" \ - --set="lurker.image.tag=$(IMG_TAG)" \ - --set="lurker.image.pullPolicy=IfNotPresent" \ - --set="minio.auth.rootUser = $(MINIO_ROOT_USER)" \ - --set="minio.auth.rootPassword = $(MINIO_ROOT_PASSWORD)" - -.PHONY: install -install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config. - kubectl apply -f ./crds/ - -.PHONY: uninstall -uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. - kubectl delete -f ./crds/ - -##@ Build Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen -ENVTEST ?= $(LOCALBIN)/setup-envtest - -## Tool Versions -# renovate: datasource=github-releases depName=kubernetes-sigs/controller-tools -CONTROLLER_TOOLS_VERSION ?= v0.18.0 -# Derived automatically from sigs.k8s.io/controller-runtime in go.mod - updated by renovate via go.mod. -ENVTEST_VERSION ?= $(shell v='$(call gomodver,sigs.k8s.io/controller-runtime)'; printf '%s\n' "$$v" | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/') - -.PHONY: controller-gen -controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. -$(CONTROLLER_GEN): $(LOCALBIN) - $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) - -.PHONY: envtest -envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. -$(ENVTEST): $(LOCALBIN) - $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) - -# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist -# $1 - target path with name of binary -# $2 - package url which can be installed -# $3 - specific version of package -define go-install-tool -@[ -f "$(1)-$(3)" ] && [ "$$(readlink -- "$(1)" 2>/dev/null)" = "$(1)-$(3)" ] || { \ -set -e; \ -package=$(2)@$(3) ;\ -echo "Downloading $${package}" ;\ -rm -f "$(1)" ;\ -GOBIN="$(LOCALBIN)" go install $${package} ;\ -mv "$(LOCALBIN)/$$(basename "$(1)")" "$(1)-$(3)" ;\ -} ;\ -ln -sf "$$(realpath "$(1)-$(3)")" "$(1)" -endef -define gomodver -$(shell go list -m -f '{{if .Replace}}{{.Replace.Version}}{{else}}{{.Version}}{{end}}' $(1) 2>/dev/null) -endef \ No newline at end of file diff --git a/operator/Taskfile.yaml b/operator/Taskfile.yaml new file mode 100644 index 0000000000..b226568f54 --- /dev/null +++ b/operator/Taskfile.yaml @@ -0,0 +1,232 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +env: + IMG_NS: securecodebox + IMG_TAG: + sh: 'echo "sha-$(git rev-parse --short HEAD)"' + +vars: + OPERATOR_IMG: operator + LURKER_IMG: lurker + CONTROLLER_TOOLS_VERSION: v0.18.0 + ENVTEST_K8S_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' k8s.io/api 2>/dev/null | sed -E 's/^v?[0-9]+\.([0-9]+).*/1.\1/' + ENVTEST_VERSION: + sh: cd {{ .TASKFILE_DIR }} && go list -m -f '{{"{{"}}.Version{{"}}"}}' sigs.k8s.io/controller-runtime 2>/dev/null | sed -E 's/^v?([0-9]+)\.([0-9]+).*/release-\1.\2/' + LOCALBIN: '{{ .TASKFILE_DIR }}/bin' + +tasks: + controller-gen: + desc: "Download controller-gen locally if necessary" + run: once + dir: '{{ .TASKFILE_DIR }}' + generates: + - '{{ .LOCALBIN }}/controller-gen' + - '{{ .LOCALBIN }}/.controller-gen.version' + cmds: + - mkdir -p {{ .LOCALBIN }} + - rm -f {{ .LOCALBIN }}/controller-gen + - GOBIN={{ .LOCALBIN }} go install sigs.k8s.io/controller-tools/cmd/controller-gen@{{ .CONTROLLER_TOOLS_VERSION }} + - echo "{{ .CONTROLLER_TOOLS_VERSION }}" > {{ .LOCALBIN }}/.controller-gen.version + status: + - test -f {{ .LOCALBIN }}/controller-gen + - grep -qxF "{{ .CONTROLLER_TOOLS_VERSION }}" {{ .LOCALBIN }}/.controller-gen.version 2>/dev/null + + envtest: + desc: "Download setup-envtest locally if necessary" + run: once + dir: '{{ .TASKFILE_DIR }}' + generates: + - '{{ .LOCALBIN }}/setup-envtest' + - '{{ .LOCALBIN }}/.setup-envtest.version' + cmds: + - mkdir -p {{ .LOCALBIN }} + - rm -f {{ .LOCALBIN }}/setup-envtest + - GOBIN={{ .LOCALBIN }} go install sigs.k8s.io/controller-runtime/tools/setup-envtest@{{ .ENVTEST_VERSION }} + - echo "{{ .ENVTEST_VERSION }}" > {{ .LOCALBIN }}/.setup-envtest.version + status: + - test -f {{ .LOCALBIN }}/setup-envtest + - grep -qxF "{{ .ENVTEST_VERSION }}" {{ .LOCALBIN }}/.setup-envtest.version 2>/dev/null + + manifests: + desc: "Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects" + deps: [controller-gen] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + {{ .LOCALBIN }}/controller-gen rbac:roleName="securecodebox-manager-role",headerFile="hack/boilerplate.yaml.txt" \ + crd:maxDescLen=256,headerFile="hack/boilerplate.yaml.txt" \ + webhook paths="./..." \ + output:crd:artifacts:config=crds \ + output:rbac:artifacts:config=templates/rbac + + generate: + desc: "Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations" + deps: [controller-gen] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - '{{ .LOCALBIN }}/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."' + + fmt: + desc: "Run go fmt against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go fmt ./... + + vet: + desc: "Run go vet against code" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go vet ./... + + test: + desc: "Run all tests (fast and slow)" + deps: [manifests, generate, fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} --bin-dir {{ .LOCALBIN }} -p path)" \ + go test -tags="fast slow" ./... -coverprofile cover.out + + test-fast: + desc: "Run fast tests only" + deps: [manifests, generate, fmt, vet, envtest] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - | + KUBEBUILDER_ASSETS="$({{ .LOCALBIN }}/setup-envtest use {{ .ENVTEST_K8S_VERSION }} -p path)" \ + go test -tags="fast" ./... -coverprofile cover.out + + view-coverage: + desc: "View test coverage in browser" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go tool cover -html=cover.out + + helm-unit-tests: + desc: "Run helm unit tests for operator" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Helm unittest plugin is not installed. Install it from https://github.com/helm-unittest/helm-unittest/" + sh: "helm plugin list | grep -q 'unittest' || false" + cmds: + - 'echo "Running helm unit tests for operator"' + - helm unittest . + + build: + desc: "Build manager binary" + deps: [generate, fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go build -o bin/manager main.go + + run: + desc: "Run the controller from your host" + deps: [manifests, generate, fmt, vet] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - go run ./main.go + + docker-build: + desc: "Build Docker images for operator and lurker" + dir: '{{ .TASKFILE_DIR }}' + preconditions: + - msg: "Docker is not running, please start Docker first" + sh: "docker info >/dev/null 2>&1 || false" + cmds: + - 'echo "Building Container Images"' + - docker build -t ${IMG_NS}/{{ .OPERATOR_IMG }}:${IMG_TAG} {{ .TASKFILE_DIR }} + - docker build -t ${IMG_NS}/{{ .LURKER_IMG }}:${IMG_TAG} {{ .TASKFILE_DIR }}/../lurker + status: + - docker images | grep -q "${IMG_NS}/{{ .OPERATOR_IMG }}:${IMG_TAG}" || false + - docker images | grep -q "${IMG_NS}/{{ .LURKER_IMG }}:${IMG_TAG}" || false + + docker-push: + desc: "Push Docker images for operator and lurker" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - docker push ${IMG_NS}/{{ .OPERATOR_IMG }}:${IMG_TAG} + - docker push ${IMG_NS}/{{ .LURKER_IMG }}:${IMG_TAG} + + docker-export: + desc: "Export Docker images to tar files" + deps: [docker-build] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - task: docker-export-operator + - task: docker-export-lurker + + docker-export-operator: + desc: "Export operator Docker image to tar file" + deps: [docker-build] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - 'echo "Exporting Operator Image"' + - docker save ${IMG_NS}/{{ .OPERATOR_IMG }}:${IMG_TAG} > {{ .OPERATOR_IMG }}.tar + + docker-export-lurker: + desc: "Export lurker Docker image to tar file" + deps: [docker-build] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - 'echo "Exporting Lurker Image"' + - docker save ${IMG_NS}/{{ .LURKER_IMG }}:${IMG_TAG} > {{ .LURKER_IMG }}.tar + + kind-import: + desc: "Import Docker images into kind cluster" + deps: [docker-export] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - 'echo "Importing image archives to local kind cluster"' + - kind load image-archive ./{{ .OPERATOR_IMG }}.tar + - kind load image-archive ./{{ .LURKER_IMG }}.tar + + helm-deploy: + desc: "Deploy operator to kind cluster using Helm" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - 'echo "Deploying Operator with image tag ${IMG_TAG} into kind"' + - kubectl create namespace integration-tests --dry-run=client -o yaml | kubectl apply -f - + - kubectl create namespace securecodebox-system --dry-run=client -o yaml | kubectl apply -f - + - | + MINIO_ROOT_USER=$(kubectl get secret securecodebox-operator-minio -n securecodebox-system -o=jsonpath='{.data.root-user}' 2>/dev/null | base64 --decode || echo "") + MINIO_ROOT_PASSWORD=$(kubectl get secret securecodebox-operator-minio -n securecodebox-system -o=jsonpath='{.data.root-password}' 2>/dev/null | base64 --decode || echo "") + + MINIO_ARGS="" + if [ -n "$MINIO_ROOT_USER" ] && [ -n "$MINIO_ROOT_PASSWORD" ]; then + MINIO_ARGS="--set=minio.auth.rootUser=$MINIO_ROOT_USER --set=minio.auth.rootPassword=$MINIO_ROOT_PASSWORD" + fi + + helm -n securecodebox-system upgrade --install securecodebox-operator ./ --wait \ + --set="image.repository=docker.io/${IMG_NS}/{{ .OPERATOR_IMG }}" \ + --set="image.tag=${IMG_TAG}" \ + --set="image.pullPolicy=IfNotPresent" \ + --set="lurker.image.repository=docker.io/${IMG_NS}/{{ .LURKER_IMG }}" \ + --set="lurker.image.tag=${IMG_TAG}" \ + --set="lurker.image.pullPolicy=IfNotPresent" \ + $MINIO_ARGS + + kind-deploy: + desc: "Import and deploy Docker images to kind" + dir: '{{ .TASKFILE_DIR }}' + cmds: + - task: kind-import + - task: helm-deploy + + install: + desc: "Install CRDs into the K8s cluster specified in ~/.kube/config" + deps: [manifests] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kubectl apply -f ./crds/ + + uninstall: + desc: "Uninstall CRDs from the K8s cluster specified in ~/.kube/config" + deps: [manifests] + dir: '{{ .TASKFILE_DIR }}' + cmds: + - kubectl delete -f ./crds/ diff --git a/parser-sdk/nodejs/Makefile b/parser-sdk/nodejs/Makefile deleted file mode 100644 index 8a0ad23176..0000000000 --- a/parser-sdk/nodejs/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 - -sdk = parser-sdk -include_guard = set -include ../../sdk.mk diff --git a/parser-sdk/nodejs/Taskfile.yaml b/parser-sdk/nodejs/Taskfile.yaml new file mode 100644 index 0000000000..28a3d0a445 --- /dev/null +++ b/parser-sdk/nodejs/Taskfile.yaml @@ -0,0 +1,39 @@ +# SPDX-FileCopyrightText: the secureCodeBox authors +# +# SPDX-License-Identifier: Apache-2.0 + +version: "3.48.0" + +env: + IMG_NS: securecodebox + IMG_TAG: + sh: 'echo "sha-$(git rev-parse --short HEAD)"' + +vars: + SDK_NAME: parser-sdk + +tasks: + docker-build: + desc: "Build the parser-sdk Docker image" + preconditions: + - msg: "Docker is not running, please start Docker first" + sh: "docker info >/dev/null 2>&1 || false" + cmds: + - 'echo "Building {{ .SDK_NAME }}-nodejs image with tag ${IMG_TAG}"' + - docker build -t ${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG} {{ .TASKFILE_DIR }} + status: + - docker images | grep -q "${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG}" || false + + docker-export: + desc: "Export the parser-sdk Docker image to a tar file" + deps: [docker-build] + cmds: + - 'echo "Exporting {{ .SDK_NAME }}-nodejs image to tar file"' + - docker save ${IMG_NS}/{{ .SDK_NAME }}-nodejs:${IMG_TAG} -o {{ .SDK_NAME }}.tar + + kind-import: + desc: "Import the parser-sdk Docker image into kind cluster" + deps: [docker-export] + cmds: + - 'echo "Importing {{ .SDK_NAME }}.tar to local kind cluster"' + - kind load image-archive ./{{ .SDK_NAME }}.tar diff --git a/prerequisites.mk b/prerequisites.mk deleted file mode 100644 index 645eb340a8..0000000000 --- a/prerequisites.mk +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# This is an include file for our module make files to check some prerequisite. -# - -# Here we check that the path to the project directory does not contain white spaces. -# -# We do not allow white spaces for reasons (See https://github.com/secureCodeBox/secureCodeBox/issues/1353). -# This is an implementation which should work in any shell (some CI jobs use /bin/sh): It removes spaces from the tested -# var and compares it with the original string. If they're same there are no spaces in string. -PROJECT_DIR_CLEANSED=$(shell printf "%s" $(PROJECT_DIR)) -PROJECT_PATH_CONTAINS_WHITESPACES=$(shell if [ "$(PROJECT_DIR)" = "$(PROJECT_DIR_CLEANSED)" ]; then echo 0; else echo 1; fi) -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(PROJECT_PATH_CONTAINS_WHITESPACES),1) -$(error The path to this repo ($(PROJECT_DIR)) contains white spaces and make can't deal with this! \ -Move or checkout this project to a location w/o spaces in the direcotry path) -endif - -# Here we check for a proper installed Python. -PYTHON = $(shell which python3) -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(PYTHON),) -PYTHON = $(shell which python) -ifeq ($(PYTHON),) -$(error PYTHON=$(PYTHON) not found in $(PATH)) -endif -endif - -PYTHON_VERSION_MIN=3.0 -PYTHON_VERSION=$(shell $(PYTHON) -c \ -'import sys; print(float(str(sys.version_info[0]) + "." + str(sys.version_info[1])))') -PYTHON_VERSION_OK=$(shell $(PYTHON) -c 'print(int($(PYTHON_VERSION) >= $(PYTHON_VERSION_MIN)))' ) - -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(PYTHON_VERSION_OK), 0) # True == 1 -$(error Need python version >= $(PYTHON_VERSION_MIN) (current: $(PYTHON_VERSION))) -endif - -# Here wecheck that all necessary 3rd party tools are present. -# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile -PREREQUISITES = make docker kind git node npm npx kubectl helm yq java go -# Python is separated here (and added hardcoded in the error message) because it will lead to clunky python binary -# paths in the error message if one uses PyEnv, instead of simply the tool name to install. -EXECUTABLES = $(PREREQUISITES) $(PYTHON) -ALL_EXECUTABLES_OK := $(foreach exec,\ - $(EXECUTABLES),\ - $(if $(shell which $(exec)),\ - some string,\ - $(error "The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH. Install all these tools: $(PREREQUISITES) python"))\ -) diff --git a/scanners.mk b/scanners.mk deleted file mode 100644 index ee72a220f5..0000000000 --- a/scanners.mk +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# This include is a base for all scanners make files. - -name = ${scanner} - -include ../../test-base.mk -include ../../env-paths.mk -# Telling the env-paths file where the root project dir is. This is done to allow the generation of the paths of the -# different project folders relative to where the makefile is being run from. So BIN_DIR= $(PROJECT_DIR)/bin will be -# BIN_DIR=../../bin -PROJECT_DIR=../.. - -module = $(scanner-prefix) - -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(custom_scanner),) -docker-build: | docker-build-parser -docker-export: | docker-export-parser -kind-import: | kind-import-parser -deploy: deploy-without-scanner -else -docker-build: | docker-build-parser docker-build-scanner -docker-export: | docker-export-parser docker-export-scanner -kind-import: | kind-import-parser kind-import-scanner -deploy: deploy-with-scanner -endif - -.PHONY: unit-tests -unit-tests: - @$(MAKE) -s unit-test-js module=$(parser-prefix) - -.PHONY: helm-unit-tests -helm-unit-tests: - echo "Running helm unit tests for $(name)"; \ - helm unittest . \ - -.PHONY: install-deps -install-deps: - @$(MAKE) -s install-deps-js module=$(parser-prefix) - -.PHONY: docker-build-parser -docker-build-parser: - @$(MAKE) -s common-docker-build module=$(parser-prefix) - -.PHONY: docker-export-parser -docker-export-parser: - @$(MAKE) -s common-docker-export module=$(parser-prefix) - -.PHONY: kind-import-parser -kind-import-parser: - @$(MAKE) -s common-kind-import module=$(parser-prefix) - -.PHONY: docker-build-scanner -docker-build-scanner: - @$(MAKE) -s common-docker-build - -.PHONY: docker-export-scanner -docker-export-scanner: - @$(MAKE) -s common-docker-export - -.PHONY: kind-import-scanner -kind-import-scanner: - @$(MAKE) -s common-kind-import - -.PHONY: deploy-without-scanner -deploy-without-scanner: - @echo ".: ๐Ÿ’พ Deploying '$(name)' $(scanner-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install $(name) ./ --wait \ - --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(name)" \ - --set="parser.image.tag=$(IMG_TAG)" \ - --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ - --set-string="parser.env[0].value=true" \ - --set="scanner.backoffLimit=1" - -.PHONY: deploy-with-scanner -deploy-with-scanner: - @echo ".: ๐Ÿ’พ Deploying '$(name)' $(scanner-prefix) HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'." - helm -n integration-tests upgrade --install $(name) ./ --wait \ - --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-$(name)" \ - --set="parser.image.tag=$(IMG_TAG)" \ - --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ - --set-string="parser.env[0].value=true" \ - --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-$(name)" \ - --set="scanner.image.tag=$(IMG_TAG)" \ - --set="scanner.backoffLimit=1" - -.PHONY: integration-tests -integration-tests: - @echo ".: ๐Ÿฉบ Starting integration test in kind namespace 'integration-tests'." - kubectl -n integration-tests delete scans --all - cd $(SCANNERS_DIR) && npm ci && cd $(scanner)/integration-tests && npm run test:integration -- $(scanner)/integration-tests diff --git a/scanners/Taskfile.yaml b/scanners/Taskfile.yaml index 24f21e5397..bcb30de22a 100644 --- a/scanners/Taskfile.yaml +++ b/scanners/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: demo-targets: @@ -27,6 +27,8 @@ env: tasks: build: desc: Build the Docker image for the {{ .scannerName }} scanner + requires: + vars: [scannerName] status: - docker images | grep -q "docker.io/securecodebox/scanner-{{ .scannerName }}:${IMG_TAG}" || false - docker images | grep -q "docker.io/securecodebox/parser-{{ .scannerName }}:${IMG_TAG}" || false @@ -82,29 +84,38 @@ tasks: # test:setup tasks test:setup:parser-sdk: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/../parser-sdk/nodejs' status: - - "[ -d {{ .TASKFILE_DIR }}/../parser-sdk/nodejs/node_modules ] || false" + - test -d node_modules cmds: - - cd {{ .TASKFILE_DIR }}/../parser-sdk/nodejs/ && bun install + - bun install test:setup:scanner-dir: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}' status: - - "[ -d {{ .TASKFILE_DIR }}/node_modules ] || false" + - test -d node_modules cmds: - - cd {{ .TASKFILE_DIR }}/ && bun install + - bun install test:setup:test-helpers: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/../tests/integration' status: - - "[ -d {{ .TASKFILE_DIR }}/../tests/integration/node_modules ] || false" + - test -d node_modules cmds: - - cd {{ .TASKFILE_DIR }}/../tests/integration && bun install + - bun install test:setup:parser-deps: internal: true + run: once + dir: '{{ .TASKFILE_DIR }}/{{ .scannerName }}/parser' status: - - '{{ if eq "true" .parserUsesNpmDependencies -}}[ -d {{ .TASKFILE_DIR }}/{{ .scannerName }}/parser/node_modules ] || false{{ else -}}true{{ end -}}' + - '{{ if eq "true" .parserUsesNpmDependencies }}test -d node_modules{{ else }}true{{ end }}' cmds: - - cd {{ .TASKFILE_DIR }}/{{ .scannerName }}/parser/ && bun install + - bun install test:setup: + run: once cmds: - task: test:setup:parser-sdk - task: test:setup:scanner-dir @@ -154,6 +165,6 @@ tasks: test: desc: Run all tests for the {{ .scannerName }} scanner cmds: - - task test:unit - - task test:helm - - task test:integration + - task: test:unit + - task: test:helm + - task: test:integration diff --git a/scanners/ffuf/Taskfile.yaml b/scanners/ffuf/Taskfile.yaml index b112e9f6e5..acb3c4ea6e 100644 --- a/scanners/ffuf/Taskfile.yaml +++ b/scanners/ffuf/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/git-repo-scanner/Taskfile.yaml b/scanners/git-repo-scanner/Taskfile.yaml index aa7524c73f..b3037b56b2 100644 --- a/scanners/git-repo-scanner/Taskfile.yaml +++ b/scanners/git-repo-scanner/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/gitleaks/Taskfile.yaml b/scanners/gitleaks/Taskfile.yaml index 8988f3f9fd..6f75690389 100644 --- a/scanners/gitleaks/Taskfile.yaml +++ b/scanners/gitleaks/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/kube-hunter/Taskfile.yaml b/scanners/kube-hunter/Taskfile.yaml index cee4e0e134..3a92a86d15 100644 --- a/scanners/kube-hunter/Taskfile.yaml +++ b/scanners/kube-hunter/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/ncrack/Taskfile.yaml b/scanners/ncrack/Taskfile.yaml index 832eab3ea0..eb4c31118f 100644 --- a/scanners/ncrack/Taskfile.yaml +++ b/scanners/ncrack/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/nikto/Taskfile.yaml b/scanners/nikto/Taskfile.yaml index 8ca7765e7d..3036a678cd 100644 --- a/scanners/nikto/Taskfile.yaml +++ b/scanners/nikto/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/nmap/Taskfile.yaml b/scanners/nmap/Taskfile.yaml index b3b42498e0..bbe225f530 100644 --- a/scanners/nmap/Taskfile.yaml +++ b/scanners/nmap/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/nuclei/Taskfile.yaml b/scanners/nuclei/Taskfile.yaml index a530451afc..d35d545e51 100644 --- a/scanners/nuclei/Taskfile.yaml +++ b/scanners/nuclei/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/screenshooter/Taskfile.yaml b/scanners/screenshooter/Taskfile.yaml index 11e85fd93f..53ea2a6940 100644 --- a/scanners/screenshooter/Taskfile.yaml +++ b/scanners/screenshooter/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/semgrep/Taskfile.yaml b/scanners/semgrep/Taskfile.yaml index 142059348c..659cf8dc42 100644 --- a/scanners/semgrep/Taskfile.yaml +++ b/scanners/semgrep/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/ssh-audit/Taskfile.yaml b/scanners/ssh-audit/Taskfile.yaml index d67db7f0ce..a4d4795685 100644 --- a/scanners/ssh-audit/Taskfile.yaml +++ b/scanners/ssh-audit/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/sslyze/Taskfile.yaml b/scanners/sslyze/Taskfile.yaml index 6c6db81f31..9417789158 100644 --- a/scanners/sslyze/Taskfile.yaml +++ b/scanners/sslyze/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/subfinder/Taskfile.yaml b/scanners/subfinder/Taskfile.yaml index e21299b463..76f5438615 100644 --- a/scanners/subfinder/Taskfile.yaml +++ b/scanners/subfinder/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/test-scan/Taskfile.yaml b/scanners/test-scan/Taskfile.yaml index aa578895e3..f2dd303f4a 100644 --- a/scanners/test-scan/Taskfile.yaml +++ b/scanners/test-scan/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/trivy-sbom/Taskfile.yaml b/scanners/trivy-sbom/Taskfile.yaml index a63be5bb22..8eb3d5f61c 100644 --- a/scanners/trivy-sbom/Taskfile.yaml +++ b/scanners/trivy-sbom/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/trivy/Taskfile.yaml b/scanners/trivy/Taskfile.yaml index e59e71ce7a..45fe6102b8 100644 --- a/scanners/trivy/Taskfile.yaml +++ b/scanners/trivy/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/whatweb/Taskfile.yaml b/scanners/whatweb/Taskfile.yaml index 0d5660bfad..e93e74dbdc 100644 --- a/scanners/whatweb/Taskfile.yaml +++ b/scanners/whatweb/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/wpscan/Taskfile.yaml b/scanners/wpscan/Taskfile.yaml index a3af82c558..2ad783ef31 100644 --- a/scanners/wpscan/Taskfile.yaml +++ b/scanners/wpscan/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/scanners/zap-automation-framework/Taskfile.yaml b/scanners/zap-automation-framework/Taskfile.yaml index b3c480bcef..d17964df2e 100644 --- a/scanners/zap-automation-framework/Taskfile.yaml +++ b/scanners/zap-automation-framework/Taskfile.yaml @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -version: "3.44.0" +version: "3.48.0" includes: scanner: diff --git a/sdk.mk b/sdk.mk deleted file mode 100644 index 73d0a8123a..0000000000 --- a/sdk.mk +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# This include is a base for all SDK make files. - -name = ${sdk} -module = ${sdk} -include ../../test-base.mk -include ../../env-paths.mk -# Telling the env-paths file where the root project dir is. This is done to allow the generation of the paths of the -# different project folders relative to where the makefile is being run from. So BIN_DIR= $(PROJECT_DIR)/bin will be -# BIN_DIR=../../bin -PROJECT_DIR=../.. - -.PHONY: docker-build -docker-build: | docker-build-sdk - -.PHONY: docker-export -docker-export: | docker-export-sdk - -.PHONY: kind-import -kind-import: | kind-import-sdk - -.PHONY: docker-build-sdk -docker-build-sdk: - @echo ".: โš™๏ธ Build '$(name)'." - docker build -t $(IMG_NS)/$(name)-nodejs:$(IMG_TAG) . - -.PHONY: docker-export-sdk -docker-export-sdk: - @echo ".: โš™๏ธ Build '$(name)'." - docker save $(IMG_NS)/$(name)-nodejs:$(IMG_TAG) -o $(name).tar - -.PHONY: kind-import-sdk -kind-import-sdk: - @echo ".: ๐Ÿ’พ Importing the image archive '$(name).tar' to local kind cluster." - kind load image-archive ./$(name).tar diff --git a/test-base.mk b/test-base.mk deleted file mode 100644 index b0749566b0..0000000000 --- a/test-base.mk +++ /dev/null @@ -1,223 +0,0 @@ -#!/usr/bin/make -f -# -# SPDX-FileCopyrightText: the secureCodeBox authors -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# This include is a base test setup used for hooks, scanners, and SDKs. -# - -# include must be two levels up because this file is included effectivity two levels deeper in the modules hierarchy. -include ../../prerequisites.mk - -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(include_guard),) -$(error you should never run this makefile directly!) -endif - -# IMPORTANT: The body of conditionals MUST not be indented! Indentation result in -# errors on macOS/FreeBSD because the line wil be interpreted as command which must -# inside a recipe (target). (see https://github.com/secureCodeBox/secureCodeBox/issues/1353) -ifeq ($(name),) -$(error name ENV is not set) -endif - -# Variables you might want to override: -# -# IMG_NS: Defines the namespace under which the images are build. -# For `securecodebox/scanner-nmap` `securecodebox` is the namespace -# Defaults to `securecodebox` -# -# BASE_IMG_TAG: Defines the tag of the base image used to build this scanner/hook -# -# IMG_TAG: Tag used to tag the newly created image. Defaults to the shortened commit hash -# prefixed with `sha-` e.g. `sha-ef8de4b7` -# -# KIND_CLUSTER_NAME: Defines the name of the kind cluster (created by kind create cluster --name cluster-name) -# -# Examples: -# make all IMG_TAG=main -# make deploy IMG_TAG=$(git rev-parse --short HEAD) -# make kind-import KIND_CLUSTER_NAME=your-cluster-name -# make integration-tests -# - -SHELL = /bin/sh - -IMG_NS ?= securecodebox -GIT_TAG ?= $$(git rev-parse --short HEAD) -BASE_IMG_TAG ?= sha-$(GIT_TAG) -IMG_TAG ?= "sha-$(GIT_TAG)" -KIND_CLUSTER_NAME ?= kind - -parser-prefix = parser -scanner-prefix = scanner -hook-prefix = hook - -all: help - -.PHONY: test -test: | reset-integration-tests-namespace reset-demo-targets-namespace clean-operator clean-parser-sdk clean-hook-sdk unit-tests docker-build docker-export kind-import deploy deploy-test-deps integration-tests ## ๐Ÿงช Complete clean Test for this module. - -.PHONY: install-deps-js -install-deps-js: - @echo ".: โš™๏ธ Installing all $(module) specific javascript dependencies." - cd .. && npm ci - cd ../.. && npm ci - cd ../../${module}-sdk/nodejs && npm ci - cd ${module}/ && npm ci - -.PHONY: unit-test-js -unit-test-js: install-deps-js - @echo ".: ๐Ÿงช Starting unit-tests for '$(name)' $(module)." - npm run test:unit -- ${name}/${module}/ - -.PHONY: install-deps-py -install-deps-py: - @echo ".: โš™๏ธ Installing all $(module) specific python dependencies." - $(PYTHON) -m pip install --upgrade pip setuptools wheel pytest - cd $(module)/ && $(PYTHON) -m pip install -r requirements.txt - -.PHONY: unit-test-py -unit-test-py: install-deps-py - cd $(module)/ && $(PYTHON) -m pytest --ignore-glob='*_local.py' --ignore=tests/docker - -.PHONY: unit-test-java -unit-test-java: - cd $(module)/ && ./gradlew test - -.PHONY: common-docker-build -common-docker-build: - @echo ".: โš™๏ธ Build '$(name)' $(module) with BASE_IMG_TAG: '$(BASE_IMG_TAG)'." - docker build \ - --build-arg=scannerVersion=$(shell yq -e .appVersion ./Chart.yaml) \ - --build-arg=baseImageTag=$(BASE_IMG_TAG) \ - --build-arg=namespace=$(IMG_NS) \ - -t $(IMG_NS)/$(module)-$(name):$(IMG_TAG) \ - -f ./$(module)/Dockerfile \ - ./$(module) - -.PHONY: common-docker-export -common-docker-export: - @echo ".: โš™๏ธ Saving new docker image archive to '$(module)-$(name).tar'." - docker save $(IMG_NS)/$(module)-$(name):$(IMG_TAG) -o $(module)-$(name).tar - -.PHONY: common-kind-import -common-kind-import: - @echo ".: ๐Ÿ’พ Importing the image archive '$(module)-$(name).tar' to local kind cluster." - kind load image-archive ./$(module)-$(name).tar --name $(KIND_CLUSTER_NAME) - -.PHONY: deploy-test-deps -deploy-test-deps: deploy-test-dep-namespace - -.PHONY: deploy-test-dep-namespace -deploy-test-dep-namespace: - # If not exists create namespace where the tests will be executed - kubectl create namespace demo-targets --dry-run=client -o yaml | kubectl apply -f - - -.PHONY: deploy-test-dep-dummy-ssh -deploy-test-dep-dummy-ssh: - helm -n demo-targets upgrade --install dummy-ssh ../../demo-targets/dummy-ssh/ --set="fullnameOverride=dummy-ssh" --wait - -.PHONY: deploy-test-dep-unsafe-https -deploy-test-dep-unsafe-https: - helm -n demo-targets upgrade --install unsafe-https ../../demo-targets/unsafe-https/ --set="fullnameOverride=unsafe-https" --wait - -.PHONY: deploy-test-dep-bodgeit -deploy-test-dep-bodgeit: - helm -n demo-targets upgrade --install bodgeit ../../demo-targets/bodgeit/ --set="fullnameOverride=bodgeit" --wait - -.PHONY: deploy-test-dep-petstore -deploy-test-dep-petstore: - helm -n demo-targets upgrade --install petstore ../../demo-targets/swagger-petstore/ --set="fullnameOverride=petstore" --wait - -.PHONY: deploy-test-dep-old-wordpress -deploy-test-dep-old-wordpress: - helm -n demo-targets upgrade --install old-wordpress ../../demo-targets/old-wordpress/ --set="fullnameOverride=old-wordpress" --wait - -.PHONY: deploy-test-dep-old-typo3 -deploy-test-dep-old-typo3: - helm -n demo-targets upgrade --install old-typo3 ../../demo-targets/old-typo3/ --set="fullnameOverride=old-typo3" --wait - -.PHONY: deploy-test-dep-juiceshop -deploy-test-dep-juiceshop: - helm -n demo-targets upgrade --install juiceshop ../../demo-targets/juice-shop/ --set="fullnameOverride=juiceshop" --wait - -.PHONY: deploy-test-dep-vulnerable-log4j -deploy-test-dep-vulnerable-log4j: - helm -n demo-targets upgrade --install vulnerable-log4j ../../demo-targets/vulnerable-log4j/ --set="fullnameOverride=vulnerable-log4j" --wait - -.PHONY: deploy-test-dep-nginx -deploy-test-dep-nginx: - # Delete leftover nginx's. Unfortunately can't create deployment only if not exists (like namespaces) - kubectl delete deployment nginx --namespace demo-targets --ignore-not-found --wait - kubectl delete svc nginx --namespace demo-targets --ignore-not-found --wait - # Install plain nginx server - kubectl create deployment --image nginx:alpine nginx --namespace demo-targets - kubectl expose deployment nginx --port 80 --namespace demo-targets - -.PHONY: deploy-test-dep-http-webhook -deploy-test-dep-http-webhook: - helm -n integration-tests upgrade --install http-webhook ../../demo-targets/http-webhook/ - -.PHONY: deploy-test-dep-test-scan -deploy-test-dep-test-scan: - cd ../../scanners/test-scan/ && $(MAKE) docker-build docker-export kind-import && \ - helm -n integration-tests upgrade --install test-scan . \ - --set="scanner.image.repository=docker.io/$(IMG_NS)/$(scanner-prefix)-test-scan" \ - --set="parser.image.repository=docker.io/$(IMG_NS)/$(parser-prefix)-test-scan" \ - --set="parser.image.tag=$(IMG_TAG)" \ - --set="scanner.image.tag=$(IMG_TAG)" \ - --set="parser.env[0].name=CRASH_ON_FAILED_VALIDATION" \ - --set-string="parser.env[0].value=true" - -.PHONY: deploy-test-dep-old-joomla -deploy-test-dep-old-joomla: - helm -n demo-targets install old-joomla ../../demo-targets/old-joomla/ --set="fullnameOverride=old-joomla" --wait - -.PHONY: reset -reset: ## ๐Ÿงน removing all generated files for this module. - @echo ".: ๐Ÿงน removing all generated files." - rm -f ./$(module)-$(name).tar - rm -rf ./$(module)/node_modules - rm -rf ./$(module)/coverage - rm -rf ./integration-tests/node_modules - rm -rf ./integration-tests/coverage - rm -rf ../node_modules - rm -rf ../coverage - -.PHONY: reset-integration-tests-namespace -reset-integration-tests-namespace: - @echo ".: ๐Ÿงน Resetting 'integration-tests' namespace" - kubectl delete namespace integration-tests --wait || true - kubectl create namespace integration-tests - -.PHONY: reset-demo-targets-namespace -reset-demo-targets-namespace: - @echo ".: ๐Ÿงน Resetting 'demo-targets' namespace" - kubectl delete namespace demo-targets --wait || true - kubectl create namespace demo-targets - -.PHONY: clean-operator -clean-operator: - make -C $(OPERATOR_DIR) docker-build - make -C $(OPERATOR_DIR) docker-export - make -C $(OPERATOR_DIR) kind-import - rm $(OPERATOR_DIR)/operator.tar $(OPERATOR_DIR)/lurker.tar - make -C $(OPERATOR_DIR) helm-deploy - -.PHONY: clean-parser-sdk -clean-parser-sdk: - make -C $(PARSER_SDK_DIR) docker-build-sdk - -.PHONY: clean-hook-sdk -clean-hook-sdk: - make -C $(HOOK_SDK_DIR) docker-build-sdk - -.PHONY: help -help: ## ๐Ÿ”ฎ Display this help screen. - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ - awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'