constellation/bazel/ci/govulncheck.sh.in

#!/usr/bin/env bash

###### script header ######

lib=$(realpath @@BASE_LIB@@) || exit 1
stat "${lib}" >> /dev/null || exit 1

# shellcheck source=../sh/lib.bash
if ! source "${lib}"; then
  echo "Error: could not find import"
  exit 1
fi

go=$(realpath @@GO@@)
stat "${go}" >> /dev/null
govulncheck=$(realpath @@GOVULNCHECK@@)
stat "${govulncheck}" >> /dev/null

cd "${BUILD_WORKSPACE_DIRECTORY}"

###### script body ######

submodules=$(${go} list -f '{{.Dir}}' -m)

PATH=$(dirname "${go}"):${PATH}

check() {
  err=0

  echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
  for mod in ${submodules}; do
    echo "  ${mod}"
    echo -n "  "
    CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
      tail -n 2 | # Providing some nice output...
      tr '\n' ' ' |
      sed s/" your code and"// &&
      printf "\n" ||
      err=$?
  done

  exit "${err}"

}

if test -v SILENT; then
  check > /dev/null
else
  check
fi
bazel: add govulncheck to //:check target (#1512) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-27 07:35:51 -04:00			`#!/usr/bin/env bash`

bazel: improve script template resilience Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-29 08:13:26 -04:00			`###### script header ######`

bazel: add govulncheck to //:check target (#1512) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-27 07:35:51 -04:00			`lib=$(realpath @@BASE_LIB@@) \|\| exit 1`
bazel: improve script template resilience Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-29 08:13:26 -04:00			`stat "${lib}" >> /dev/null \|\| exit 1`
bazel: add govulncheck to //:check target (#1512) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-27 07:35:51 -04:00
			`# shellcheck source=../sh/lib.bash`
			`if ! source "${lib}"; then`
			`echo "Error: could not find import"`
			`exit 1`
			`fi`

bazel: improve script template resilience Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-29 08:13:26 -04:00			`go=$(realpath @@GO@@)`
			`stat "${go}" >> /dev/null`
			`govulncheck=$(realpath @@GOVULNCHECK@@)`
			`stat "${govulncheck}" >> /dev/null`

			`cd "${BUILD_WORKSPACE_DIRECTORY}"`

			`###### script body ######`
bazel: add govulncheck to //:check target (#1512) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-27 07:35:51 -04:00
			`submodules=$(${go} list -f '{{.Dir}}' -m)`

			`PATH=$(dirname "${go}"):${PATH}`

bazel check: silent env for cleaner output (#1898) * explicitly ignore pkgs for cleaner output * do not ignore but redirect stderr * silent env var to silent stderr * add silent env var to vuln,lint,tf * fix golangci silent * Update bazel/ci/terraform.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/golicenses.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/govulncheck.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/golangci_lint.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> --------- Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> 2023-06-14 07:58:21 -04:00			`check() {`
			`err=0`

			`echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"`
			`for mod in ${submodules}; do`
			`echo " ${mod}"`
			`echo -n " "`
			`CGO_ENABLED=0 ${govulncheck} "${mod}/..." \|`
			`tail -n 2 \| # Providing some nice output...`
			`tr '\n' ' ' \|`
			`sed s/" your code and"// &&`
			`printf "\n" \|\|`
			`err=$?`
			`done`

			`exit "${err}"`

			`}`

			`if test -v SILENT; then`
			`check > /dev/null`
			`else`
			`check`
			`fi`