Skip to content

Commit

Permalink
Build: Install semgrep and gosec in build stage for CI tests (#180)
Browse files Browse the repository at this point in the history
  • Loading branch information
@xnyo
xnyo authored Apr 5, 2024
1 parent 2729ec9 commit 12d52dc
Showing 1 changed file with 19 additions and 5 deletions.
24 changes: 19 additions & 5 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,43 @@
FROM golang:1.21-alpine as builder
ARG GOLANGCI_LINT_VERSION=v1.55.2
ARG GOSEC_VERSION=v2.18.2
ARG SEMGREP_VERSION=1.67.0

FROM golang:1.21-alpine3.18 as builder

ARG GOLANGCI_LINT_VERSION
ARG GOSEC_VERSION
ARG SEMGREP_VERSION

WORKDIR /go/src/github.com/grafana/plugin-validator
ADD . /go/src/github.com/grafana/plugin-validator

RUN apk add --no-cache git ca-certificates curl && \
RUN apk add --no-cache git ca-certificates curl python3 python3-dev py3-pip && \
update-ca-certificates

RUN git clone https://github.com/magefile/mage --depth 1 && \
cd mage && \
go run bootstrap.go && \
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION} && \
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin ${GOSEC_VERSION} && \
python3 -m pip install semgrep==${SEMGREP_VERSION} --ignore-installed

RUN cd /go/src/github.com/grafana/plugin-validator && \
mage -v build:ci && \
ls -al bin

FROM alpine:3.18

ARG GOSEC_VERSION
ARG SEMGREP_VERSION

RUN apk add --no-cache git ca-certificates curl wget python3 python3-dev py3-pip alpine-sdk && \
update-ca-certificates

# install gosec
RUN curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin v2.18.2
RUN curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b /usr/local/bin ${GOSEC_VERSION}

# install semgrep
RUN python3 -m pip install semgrep --ignore-installed
RUN python3 -m pip install semgrep==${SEMGREP_VERSION} --ignore-installed

WORKDIR /app
COPY --from=builder /go/src/github.com/grafana/plugin-validator/bin bin
Expand Down

0 comments on commit 12d52dc

Please sign in to comment.