Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: allow snyk node to be used for monorepos #477

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 44 additions & 25 deletions components/producers/snyk-node/task.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ spec:
params:
- name: producer-snyk-node-api-key
type: string
- name: producer-snyk-node-directories
type: array
default:
- .
description: Run Snyk For Javascript, Typescript, Node
volumes:
- name: scratch
Expand All @@ -24,38 +28,53 @@ spec:
env:
- name: SNYK_INTEGRATION_VERSION
value: docker

image: 'snyk/snyk:node'
image: snyk/snyk:node
script: |
#!/usr/bin/env bash
set -x
set +e

echo "authenticating to snyk"
snyk auth $(params.producer-snyk-node-api-key)

baseDir = $(pwd)
if [ ! -d $(workspaces.output.path)/source-code/node_modules ]; then
cd $(workspaces.output.path)/source-code/
npm install
exitCode=$?
if [[ $exitCode -eq 1 ]]; then
echo "npm install failed, trying yarn"
cd $(workspaces.output.path)/source-code/
yarn install


source_code=$(workspaces.output.path)/source-code/
subdirs=( $(params.producer-snyk-node-directories[*]) )
counter=0

for subdir in "${subdirs[@]}"
do

case "x${subdir}" in
(x/*|x*/..|x*/../*|x../*)
echo "you should not have upper links in your subdirectories: ${subdir}"
;;
esac

# cleanup subdirectories from .
absolute_subdir=$(cd ${subdir}; pwd)
subdir=${absolute_dir#${source_code}}

cd $(workspaces.output.path)/source-code/${subdir}

if [ -e yarn.lock ]
then
yarn install
else
npm install
fi
fi

cd $baseDir
echo "running snyk test"
snyk test --prune-repeated-subdependencies --skip-unresolved --sarif-file-output=/scratch/snyk.out $(workspaces.output.path)/source-code/
exitCode=$?
if [[ $exitCode -ne 0 && $exitCode -ne 1 ]]; then
echo "Snyk failed with exit code $exitCode"
exit $exitCode
else
echo "Snyk completed successfully! exitcode $exitCode"
fi
set +e
echo "running snyk test on directory $(pwd)"
snyk test --prune-repeated-subdependencies --skip-unresolved --sarif-file-output=/scratch/snyk-${counter}.out .
exitCode=$?
if [[ $exitCode -ne 0 && $exitCode -ne 1 ]]; then
echo "Snyk failed with exit code $exitCode"
exit $exitCode
else
echo "Snyk completed successfully for $(pwd)"
echo "${subdir} /scratch/snyk-${counter}.out" >> /scratch/snyk-index
fi
set -e
done
volumeMounts:
- mountPath: /scratch
name: scratch
Expand Down