secureCodeBox · nigthknight · Jul 20, 2021 · Jul 20, 2021 · Jul 20, 2021 · Jul 26, 2021
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -384,6 +384,111 @@ jobs:
         working-directory: ./scanners/${{ matrix.unit }}/
         run: make integration-tests
 
+  # ---- Makefiles Hooks ----
+
+  makefile-hooks:
+    name: "Make Hooks"
+    needs:
+      - sdk
+      - operator
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        unit: ["finding-post-processing"]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        name: Setup Node
+        with:
+          node-version: ${{ env. NODE_VERSION }}
+
+      - name: Update NPM
+        run: |
+          npm i -g npm@${{ env.NPM_VERSION }}
+          npm i -g jest
+
+      - name: Install Dependencies
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make install-deps
+
+      - name: Unit Tests
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make unit-tests
+
+      - name: Set baseImageTag To commit Hash
+        run: |
+          echo "baseImageTag=sha-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
+
+      - name: Docker Meta
+        id: docker_meta
+        uses: crazy-max/ghaction-docker-meta@v1
+        with:
+          images: ${{ env.DOCKER_NAMESPACE }}/hook-${{ matrix.unit }}
+          tag-sha: true
+          tag-semver: |
+            {{ version }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: Build
+        uses: docker/build-push-action@v2
+        with:
+          context: ./hooks/${{ matrix.unit }}/hook/
+          file: ./hooks/${{ matrix.unit }}/hook/Dockerfile
+          load: true
+          build-args: |
+            namespace=${{ env.DOCKER_NAMESPACE }}
+            baseImageTag=${{ env.baseImageTag }}
+          platforms: linux/amd64
+          push: ${{ github.event_name == 'release' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+
+      - name: Export Docker Images
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make docker-export
+
+      - name: "Start kind cluster"
+        run: |
+          kind version
+          kind create cluster --image kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6 --wait 3m
+
+      - name: "Inspect kind cluster"
+        run: |
+          kubectl config current-context
+          kubectl get node
+
+      - name: Kind Import Images
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make kind-import
+
+      - name: Install Operator
+        working-directory: ./operator
+        run: |
+          make helm-deploy
+
+      - name: Deploy ${{ matrix.unit }}
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make deploy
+
+      - name: Deploy Test Dependencies
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make deploy-test-deps
+
+      - name: Start Integration Tests
+        working-directory: ./hooks/${{ matrix.unit }}/
+        run: make integration-tests
+
+
   # ---- Build Stage | Matrix Hooks ----
 
   hooks:
@@ -394,7 +499,6 @@ jobs:
       matrix:
         hook:
           - cascading-scans
-          - finding-post-processing
           - generic-webhook
           - notification
           - persistence-elastic

diff --git a/hooks/finding-post-processing/.helmignore b/hooks/finding-post-processing/.helmignore
@@ -33,4 +33,5 @@ config/*
 Dockerfile
 .dockerignore
 docs/
-
+*.tar
+hook/*
diff --git a/hooks/finding-post-processing/Makefile b/hooks/finding-post-processing/Makefile
@@ -0,0 +1,112 @@
+#!/usr/bin/make -f
+#
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+# This Makefile is intended to be used for developement and testing only.
+# For using this hook/hook in production please use the helm chart.
+# See: <https://docs.securecodebox.io/docs/getting-started/installation>
+#
+# This Makefile expects some additional software to be installed:
+# - git
+# - node + npm
+# - docker
+# - kind
+# - kubectl
+# - helm
+
+# Thx to https://stackoverflow.com/questions/5618615/check-if-a-program-exists-from-a-makefile
+EXECUTABLES = make docker kind git node npm npx kubectl helm
+K := $(foreach exec,$(EXECUTABLES),\
+        $(if $(shell which $(exec)),some string,$(error "ERROR: The prerequisites are not met to execute this makefile! No '$(exec)' found in your PATH")))
+
+
+# Variables you might want to override:
+#
+# IMG_NS:				Defines the namespace under which the images are build.
+#						For `securecodebox/hook-nmap` `securecodebox` is the namespace
+#						Defaults to `securecodebox`
+#
+# BASE_IMG_TAG:			Defines the tag of the base image used to build this hook/hook
+#
+# IMG_TAG:				Tag used to tag the newly created image. Defaults to the shortend commit hash
+#						prefixed with `sha-` e.g. `sha-ef8de4b7`
+#
+# JEST_VERSION  		Defines the jest version used for executing the tests. Defaults to latest
+#
+# Examples:
+# 	make all IMG_TAG=main
+# 	make deploy IMG_TAG=$(git rev-parse --short HEAD)
+# 	make integration-tests
+#
+
+SHELL = /bin/sh
+
+IMG_NS ?= securecodebox
+GIT_TAG ?= $$(git rev-parse --short HEAD)
+BASE_IMG_TAG ?= latest
+IMG_TAG ?= "sha-$(GIT_TAG)"
+JEST_VERSION ?= latest
+
+hook = finding-post-processing
+hook-prefix = hook-
+
+
+build: | install-deps docker-build
+
+test: | unit-tests docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests
+
+all: | clean install-deps unit-tests docker-build docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests
+
+.PHONY: unit-tests install-deps docker-build docker-export kind-import deploy-prerequisites deploy deploy-test-deps integration-tests all build test
+
+unit-tests:
+	@echo ".: 🧪 Starting unit-tests for hook '$(hook)' with 'jest@$(JEST_VERSION)'."
+	cd hook && npx --yes --package jest@$(JEST_VERSION) jest --ci --colors --coverage .
+
+install-deps:
+	@echo ".: ⚙️ Installing all hook specific dependencies."
+	cd hook && npm ci
+
+docker-build:
+	@echo ".: ⚙️ Build With BASE_IMG_TAG: '$(BASE_IMG_TAG)'."
+	docker build --build-arg=baseImageTag=$(BASE_IMG_TAG) --build-arg=namespace=$(IMG_NS) -t $(IMG_NS)/$(hook-prefix)$(hook):$(IMG_TAG) -f ./hook/Dockerfile ./hook
+
+docker-export:
+	@echo ".: ⚙️ Saving new docker image archive to '$(hook-prefix)$(hook).tar'."
+	docker save $(IMG_NS)/$(hook-prefix)$(hook):$(IMG_TAG) -o $(hook-prefix)$(hook).tar
+
+kind-import:
+	@echo ".: 💾 Importing the image archive '$(hook-prefix)$(hook).tar' to local kind cluster."
+	kind load image-archive ./$(hook-prefix)$(hook).tar
+
+deploy:
+	@echo ".: 💾 Deploying '$(hook)' hook HelmChart with the docker tag '$(IMG_TAG)' into kind namespace 'integration-tests'."
+	helm -n integration-tests upgrade --install $(hook) ./ --wait \
+		--values ./integration-tests/__testFiles__/values.yaml \
+		--set="hook.image.repository=docker.io/$(IMG_NS)/$(hook-prefix)$(hook)" \
+		--set="hook.image.tag=$(IMG_TAG)"
+
+deploy-test-deps:
+	@echo ".: 💾 Deploying test dependency HelmChart with the docker tag '$(BASE_IMG_TAG)' into kind namespace 'integration-tests'."
+	helm -n integration-tests upgrade --install test-scan ../../scanners/test-scan/ --wait \
+	  --set="scanner.image.tag=$(BASE_IMG_TAG)" \
+	  --set="parser.image.tag=$(BASE_IMG_TAG)"
+
+install-integration-test-deps:
+
+integration-tests:
+	@echo ".: 🩺 Starting integration test in kind namespace 'integration-tests'."
+	kubectl -n integration-tests delete scans --all
+	cd ../../tests/integration && npm ci
+	npx jest --ci --config=./integration-tests/jest.config.json --colors --coverage ./integration-tests
+
+clean:
+	@echo ".: 🧹 Cleaning up all generated files."
+	rm -f ./$(hook-prefix)$(hook).tar
+	rm -rf ./hook/node_modules
+	rm -rf ./hook/coverage
+	rm -rf ./integration-tests/node_modules
+	rm -rf ./integration-tests/coverage
diff --git a/hooks/finding-post-processing/hook/jest.config.json b/hooks/finding-post-processing/hook/jest.config.json
@@ -0,0 +1 @@
+{}
diff --git a/hooks/finding-post-processing/integration-tests/__testFiles__/values.yaml b/hooks/finding-post-processing/integration-tests/__testFiles__/values.yaml
@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2020 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Default values for dispatcher.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+  # image.tag - defaults to the charts version
+  # image.repository -- Hook image repository
+  repository: docker.io/securecodebox/finding-post-processing
+  # parserImage.tag -- Parser image tag
+  # @default -- defaults to the charts version
+  tag: null
+
+rules:
+  - matches:
+      anyOf:
+        - category: "Open Port"
+    override:
+      severity: "high"
-      severity: "high"
+      severity: "HIGH"
-      severity: "high"
+      severity: "HIGH"
+      category: "SomeNewCategory"
diff --git a/...ion/hooks/finding-post-processing.test.js → ...ion-tests/finding-post-processing.test.js b/...ion/hooks/finding-post-processing.test.js → ...ion-tests/finding-post-processing.test.js
@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-const { scan } = require("../helpers");
+const { scan } = require("../../../tests/integration/helpers.js");
 
 jest.retryTimes(3);
 

diff --git a/hooks/finding-post-processing/integration-tests/jest.config.json b/hooks/finding-post-processing/integration-tests/jest.config.json
@@ -0,0 +1 @@
+{}
-Original file line number
+Diff line change
@@ Expand Up / @@ -33,4 +33,5 @@ config/* @@
     Dockerfile
     .dockerignore
     docs/
+    *.tar
+    hook/*