diff options
Diffstat (limited to 'tasks')
| -rw-r--r-- | tasks/.keep | 0 | ||||
| -rw-r--r-- | tasks/dgoss/task.yml | 47 | ||||
| -rw-r--r-- | tasks/dockerhub-readme/task.yml | 32 | ||||
| -rw-r--r-- | tasks/hadolint/task.yml | 22 | ||||
| -rw-r--r-- | tasks/markdownlint/task.yml | 24 | ||||
| -rw-r--r-- | tasks/shellcheck/task.yml | 25 | ||||
| -rw-r--r-- | tasks/trivy-image/task.yml | 28 |
7 files changed, 178 insertions, 0 deletions
diff --git a/tasks/.keep b/tasks/.keep deleted file mode 100644 index e69de29..0000000 --- a/tasks/.keep +++ /dev/null diff --git a/tasks/dgoss/task.yml b/tasks/dgoss/task.yml new file mode 100644 index 0000000..8727487 --- /dev/null +++ b/tasks/dgoss/task.yml @@ -0,0 +1,47 @@ +--- +platform: linux +image_resource: + type: registry-image + source: {repository: debian} + +inputs: + - name: docker-repo + - name: image + +run: + path: /bin/bash + args: + - -eufo + - pipefail + - -c + - | + apt-get update + apt-get install --no-install-recommends -y \ + ca-certificates \ + curl \ + fuse-overlayfs \ + podman + + curl -fsSL https://goss.rocks/install | sh + + export GOSS_SLEEP=${GOSS_SLEEP:-5} + export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} + export INPUT_TAR=${INPUT_TAR:-image/image.tar} + + if [ -f docker-repo/goss.yaml ]; then + # The default 'mount' strategy uses 'sleep infinity' to keep + # the container alive. If there's an ENTRYPOINT or CMD, use 'cp' + # instead to prevent dgoss from overriding it. + if grep -qE '^(ENTRYPOINT|CMD)' docker-repo/Dockerfile; then + export GOSS_FILES_STRATEGY=cp + fi + goss --gossfile docker-repo/goss.yaml render > goss.yaml + dgoss run docker-archive:${INPUT_TAR} + else + echo "You're a naughty boy, no goss.yaml file found!" >&2 + fi + +params: + CONTAINER_RUNTIME: + GOSS_SLEEP: + INPUT_TAR: diff --git a/tasks/dockerhub-readme/task.yml b/tasks/dockerhub-readme/task.yml new file mode 100644 index 0000000..d81d1b3 --- /dev/null +++ b/tasks/dockerhub-readme/task.yml @@ -0,0 +1,32 @@ +--- +platform: linux +image_resource: + type: registry-image + source: + repository: peterevans/dockerhub-description + tag: 3 + +inputs: + - name: docker-repo + +run: + path: ash + args: + - -eufo + - pipefail + - -c + - | + if [ -f "${README_FILEPATH}" ]; then + echo "DOCKERHUB_REPOSITORY=${DOCKERHUB_REPOSITORY}" + echo "SHORT_DESCRIPTION=${SHORT_DESCRIPTION:-}" + sh /entrypoint.sh + else + echo "No README.md found at ${README_FILEPATH}" + fi + +params: + DOCKERHUB_USERNAME: + DOCKERHUB_PASSWORD: + DOCKERHUB_REPOSITORY: + README_FILEPATH: docker-repo/README.md + SHORT_DESCRIPTION: diff --git a/tasks/hadolint/task.yml b/tasks/hadolint/task.yml new file mode 100644 index 0000000..40cf683 --- /dev/null +++ b/tasks/hadolint/task.yml @@ -0,0 +1,22 @@ +--- +platform: linux +image_resource: + type: registry-image + source: + repository: docker.io/hadolint/hadolint + tag: latest-debian + +inputs: + - name: docker-repo + +run: + path: bash + args: + - -eufo + - pipefail + - -c + - | + hadolint "${DOCKERFILE}" + +params: + DOCKERFILE: docker-repo/Dockerfile diff --git a/tasks/markdownlint/task.yml b/tasks/markdownlint/task.yml new file mode 100644 index 0000000..62c5921 --- /dev/null +++ b/tasks/markdownlint/task.yml @@ -0,0 +1,24 @@ +--- +platform: linux +image_resource: + type: registry-image + source: + repository: ghcr.io/igorshubovych/markdownlint-cli + tag: latest + +inputs: + - name: repo + +run: + path: ash + args: + - -eufo + - pipefail + - -c + - | + echo "PARAMS=${PARAMS:-}" + cd repo + markdownlint ${PARAMS} + +params: + PARAMS: '**/*.md' diff --git a/tasks/shellcheck/task.yml b/tasks/shellcheck/task.yml new file mode 100644 index 0000000..3a9c40d --- /dev/null +++ b/tasks/shellcheck/task.yml @@ -0,0 +1,25 @@ +--- +platform: linux +image_resource: + type: registry-image + source: + repository: alpine + tag: latest + +inputs: + - name: repo + +run: + path: ash + args: + - -eufo + - pipefail + - -c + - | + apk add --no-progress --no-interactive shellcheck findutils + shellcheck --version + find repo/ \ + -type f \ + -name '*.sh' \ + -print0 |\ + xargs -r0 shellcheck -x diff --git a/tasks/trivy-image/task.yml b/tasks/trivy-image/task.yml new file mode 100644 index 0000000..59940a9 --- /dev/null +++ b/tasks/trivy-image/task.yml @@ -0,0 +1,28 @@ +--- +platform: linux +image_resource: + type: registry-image + source: {repository: docker.io/aquasec/trivy} + +inputs: + - name: docker-repo + - name: image + +run: + path: ash + args: + - -euo + - pipefail + - -c + - | + trivy image \ + --ignore-unfixed \ + --severity HIGH,CRITICAL \ + --exit-code ${EXIT_CODE} \ + --ignorefile "${TRIVY_IGNORE}" \ + --input "${INPUT_TAR}" + +params: + TRIVY_IGNORE: docker-repo/.trivyignore + INPUT_TAR: image/image.tar + EXIT_CODE: 1 |