Skip to content

Speed up hook execution time by up to 2x & reduce cpu load by up to 5x by bundling hook-sdk #3141

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Weltraumschaf merged 4 commits into from
Jul 21, 2025
Merged

Speed up hook execution time by up to 2x & reduce cpu load by up to 5x by bundling hook-sdk #3141

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bf04b77
Bundle hook-sdk
J12934 Jul 18, 2025
68bb0be
Add back package.json & lock to hook sdk image to ensure that depende…
J12934 Jul 18, 2025
0b09a77
Change test-scan to esm too
J12934 Jul 18, 2025
8103716
Ignore script installs during bun install
J12934 Jul 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions hook-sdk/nodejs/.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
# SPDX-License-Identifier: Apache-2.0

node_modules/
build/
1 change: 1 addition & 0 deletions hook-sdk/nodejs/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
# SPDX-License-Identifier: Apache-2.0

node_modules/
build/
14 changes: 8 additions & 6 deletions hook-sdk/nodejs/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
#
# SPDX-License-Identifier: Apache-2.0

FROM node:22-alpine AS build
WORKDIR /home/app
FROM oven/bun:1.2 AS build
WORKDIR /home/app/
COPY package.json package-lock.json ./
RUN npm ci --omit=dev --ignore-scripts
RUN bun install --ignore-scripts
COPY *.js ./
RUN bun run build

FROM node:22-alpine
ARG NODE_ENV
RUN addgroup --system --gid 1001 app && adduser app --system --uid 1001 --ingroup app
WORKDIR /home/app/hook-wrapper/
COPY --from=build --chown=root:root --chmod=755 /home/app/node_modules/ ./node_modules/
COPY --chown=root:root --chmod=755 ./hook-wrapper.js ./package.json ./package-lock.json ./
COPY --chown=root:root --chmod=755 ./package.json ./package-lock.json ./
COPY --from=build --chown=root:root --chmod=755 /home/app/build/ ./
USER 1001
ENV NODE_ENV=${NODE_ENV:-production}
ENTRYPOINT ["node", "/home/app/hook-wrapper/hook-wrapper.js"]
ENTRYPOINT ["node", "--enable-source-maps", "/home/app/hook-wrapper/hook-wrapper.js"]
4 changes: 3 additions & 1 deletion hook-sdk/nodejs/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,9 @@
"type": "module",
"description": "Handles external communication required for all secureCodeBox Hooks",
"main": "hook-wrapper.js",
"scripts": {},
"scripts": {
"build": "bun build --production --target=node --outdir=build/ --external=./hook/hook.js --sourcemap=external --minify ./hook-wrapper.js"
},
"keywords": [],
"author": "iteratec GmbH",
"license": "Apache-2.0",
Expand Down
1 change: 1 addition & 0 deletions parser-sdk/nodejs/.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
# SPDX-License-Identifier: Apache-2.0

node_modules/
build/
5 changes: 3 additions & 2 deletions parser-sdk/nodejs/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,17 @@
FROM oven/bun:1.2 AS build
WORKDIR /home/app/
COPY package.json package-lock.json ./
RUN bun install
RUN bun install --ignore-scripts
COPY *.js ./
RUN bun run build

FROM node:22-alpine
ARG NODE_ENV
RUN addgroup --system --gid 1001 app && adduser app --system --uid 1001 --ingroup app
WORKDIR /home/app/parser-wrapper/
COPY --from=build --chown=root:root --chmod=755 /home/app/build/ ./
COPY --chown=root:root --chmod=755 ./package.json ./package-lock.json ./
COPY --chown=root:root --chmod=755 ./findings-schema.json ./findings-schema.json
COPY --from=build --chown=root:root --chmod=755 /home/app/build/ ./
USER 1001
ENV NODE_ENV=${NODE_ENV:-production}
ENTRYPOINT ["node", "--enable-source-maps", "/home/app/parser-wrapper/parser-wrapper.js"]
4 changes: 1 addition & 3 deletions scanners/test-scan/parser/parser.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0

async function parse() {
export async function parse() {
if (process.env["PRODUCE_INVALID_FINDINGS"] === "true")
return getInvalidFindings();
else return getValidFindings();
Expand Down Expand Up @@ -64,5 +64,3 @@ function getValidFindings() {
},
];
}

module.exports.parse = parse;
Loading