forked from ShiftLeftSecurity/sast-scan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
appimage-reqs.sh
executable file
·135 lines (111 loc) · 5.62 KB
/
appimage-reqs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env bash
set -e
# This script is used by the image generated by builder.Dockerfile to create the AppImage for sast-scan
# if you want to use this standalone, ensure ARCH is set to the right architecture, currently it has only
# been tested on x86_64 and arm64
# It is also used by the Dockerfile generating the scan image to satisfy all dependencies.
## App Versions
source building_env.sh
## First parameter is the path to the AppDir where all the building happens, you can use whatever path you want
## but it needs to be the same as the one in appimage-builder.yml if you are using it too.
APPDIR=$1
echo "AppDir is ${APPDIR}"
## Remove any previous build
if [ -z "$KEEP_BUILD_ARTIFACTS" ]; then
rm -rf "${APPDIR}"
mkdir -p "${APPDIR}"
else
echo "Keeping build artifacts from previous build"
fi
## Make usr and icons dirs
mkdir -p "${APPDIR}"/usr/src
mkdir -p "${APPDIR}"/usr/local/lib/"${LIBARCH}"-linux-gnu
mkdir -p "${APPDIR}"/usr/share/{metainfo,icons}
## Ensure the required folders exist.
USR_BIN_PATH=${APPDIR}/usr/bin/
OPTDIR=${APPDIR}/opt
mkdir -p "$USR_BIN_PATH"
mkdir -p "$OPTDIR"
## Ensure our binaries to be downloaded are in the path.
export PATH=$PATH:${USR_BIN_PATH}:${USR_BIN_PATH}/nodejs/bin
echo "$PWD"
## Get all the packages we have in the dynamic lang version of this script
source dynamic-lang.sh
## Download and install gosec (https://github.com/securego/gosec)
GOSEC_TAR="gosec_${GOSEC_VERSION}_linux_${ARCH_ALT_NAME}.tar.gz"
echo "Downloading ${GOSEC_TAR}"
curl -LO "https://github.com/securego/gosec/releases/download/v${GOSEC_VERSION}/${GOSEC_TAR}"
tar -C "${USR_BIN_PATH}" -xzvf "${GOSEC_TAR}"
chmod +x "${USR_BIN_PATH}"gosec
mayberm "${GOSEC_TAR}"
## Download and install staticcheck (https://github.com/dominikh/go-tools)
STCHECK_TAR="staticcheck_linux_${ARCH_ALT_NAME}.tar.gz"
echo "Downloading ${STCHECK_TAR}"
curl -LO "https://github.com/dominikh/go-tools/releases/download/${SC_VERSION}/${STCHECK_TAR}"
tar -C /tmp -xzvf "${STCHECK_TAR}"
chmod +x /tmp/staticcheck/staticcheck
cp /tmp/staticcheck/staticcheck "${USR_BIN_PATH}"staticcheck
mayberm "${STCHECK_TAR}"
## Download and install pmd (https://github.com/pmd/pmd)
PMD_ZIP=pmd-bin-${PMD_VERSION}.zip
if [ ! -f "${PMD_ZIP}" ]; then
echo "Downloading ${PMD_ZIP}"
wget "https://github.com/pmd/pmd/releases/download/pmd_releases%2F${PMD_VERSION}/${PMD_ZIP}"
fi
if [ ! -d "${OPTDIR}"/pmd-bin ]; then
echo "Installing ${PMD_ZIP}"
unzip -q pmd-bin-${PMD_VERSION}.zip -d "${OPTDIR}"/
mv -f "${OPTDIR}"/pmd-bin-${PMD_VERSION} "${OPTDIR}"/pmd-bin
mayberm ${PMD_ZIP}
else
echo "PMD already installed"
fi
## Download and install detekt (https://github.com/detekt/detekt)
curl -L "https://github.com/detekt/detekt/releases/download/v${DETEKT_VERSION}/detekt-cli-${DETEKT_VERSION}-all.jar" -o "${USR_BIN_PATH}detekt-cli.jar"
# SpotBugs ---------------------------------------------------------------
## Download and install spotbugs (https://github.com/spotbugs/spotbugs)
SPOTBUGS_TGZ="spotbugs-${SB_VERSION}.tgz"
SPOTBUGS_OPTDIR="${OPTDIR}/spotbugs-${SB_VERSION}"
if [ ! -d "${OPTDIR}"/spotbugs ]; then
echo "Downloading ${SPOTBUGS_TGZ}"
curl -LO "https://github.com/spotbugs/spotbugs/releases/download/${SB_VERSION}/${SPOTBUGS_TGZ}"
tar -C "${OPTDIR}" -xzvf spotbugs-${SB_VERSION}.tgz
rm ${SPOTBUGS_TGZ}
## Download and install findsecbugs plugin for spotbugs (https://find-sec-bugs.github.io/)
curl -LO "https://repo1.maven.org/maven2/com/h3xstream/findsecbugs/findsecbugs-plugin/${FSB_VERSION}/findsecbugs-plugin-${FSB_VERSION}.jar"
mv -f findsecbugs-plugin-${FSB_VERSION}.jar "${SPOTBUGS_OPTDIR}"/plugin/findsecbugs-plugin.jar
## Download and install sb-contrib plugin for spotbugs (https://github.com/mebigfatguy/fb-contrib)
curl -LO "https://repo1.maven.org/maven2/com/mebigfatguy/sb-contrib/sb-contrib/${SB_CONTRIB_VERSION}/sb-contrib-${SB_CONTRIB_VERSION}.jar"
mv -f sb-contrib-${SB_CONTRIB_VERSION}.jar "${SPOTBUGS_OPTDIR}"/plugin/sb-contrib.jar
mv -f "${SPOTBUGS_OPTDIR}" "${OPTDIR}"/spotbugs
else
echo "SpotBugs already installed"
fi
# End SpotBugs -----------------------------------------------------------
## install composer
if [ ! -f composer-setup.php ]; then
echo "Downloading composer"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
fi
php composer-setup.php
mv -f composer.phar "${USR_BIN_PATH}"composer
mayberm composer-setup.php
# Install application dependencies
npm install --no-audit --progress=false --omit=dev --production --no-save --prefix "${APPDIR}"/usr/local/lib yarn @cyclonedx/cdxgen @microsoft/rush
mkdir -p "${APPDIR}"/opt/phpsast
pushd "${APPDIR}"/opt/phpsast
composer init --name shiftleft/scan --description scan --quiet
composer require --quiet --no-cache -n --no-ansi --dev vimeo/psalm:^5.15
popd
# I suspect at the time of writing this, the behavoir of --prefix + --root is as described in this issue:
# https://github.com/pypa/pip/issues/7829#issuecomment-596330888
# TL;DR the resulting path prefix will be ${APPDIR}/usr which is consistent with what we want in all cases, if this is
# invoked within a docker build APPDIR will be simply /
python3 -m pip install -v --prefix=/usr --root="${APPDIR}" -r "${PWD}"/requirements.txt --no-warn-script-location --force-reinstall
composer require --quiet --no-cache --dev phpstan/phpstan
## Copy the python application code into the AppDir if APPIMAGE is set
if [ -n "${APPIMAGE}" ]; then
cp -r scan lib tools_config "${APPDIR}"/usr/src
cp tools_config/scan.png "${APPDIR}"/usr/share/icons/
cp tools_config/io.shiftleft.scan.appdata.xml "${APPDIR}"/usr/share/metainfo/
fi