Skip to content

Commit

Permalink
fix: support git plugin on docker image (#91)
Browse files Browse the repository at this point in the history
The Alpine docker image doesn't include `git`.

+ Publish the README to the DockerHub page:
#8 (comment)
  • Loading branch information
Baruch Odem (Rothkoff) authored Jun 12, 2023
1 parent 0107d66 commit 6fcfc07
Show file tree
Hide file tree
Showing 5 changed files with 36 additions and 13 deletions.
19 changes: 10 additions & 9 deletions .github/workflows/pr-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
test:
strategy:
matrix:
os: [ ubuntu-latest ]
os: [ubuntu-latest]

runs-on: ${{ matrix.os }}

Expand All @@ -19,7 +19,7 @@ jobs:

- uses: actions/setup-go@v4
with:
go-version: '^1.20'
go-version: "^1.20"

- name: Go Linter
run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m
Expand All @@ -32,25 +32,26 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- run: make build
- name: Run docker and check its output
run: if docker run -t checkmarx/2ms:latest --version | grep "2ms version"; then
echo "Docker ran as expected";
run:
if docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo | grep -A 5 "Summary:"; then
echo "Docker ran as expected";
else
echo "Docker did not run as expected";
exit 1;
echo "Docker did not run as expected";
exit 1;
fi

kics:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: mkdir -p kics-results

- name: Run KICS scan
uses: checkmarx/kics-github-action@master
with:
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,3 +85,10 @@ jobs:
tags: |
checkmarx/2ms:latest
checkmarx/2ms:${{ needs.test.outputs.version }}
- name: Update Docker repo description
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
repository: checkmarx/2ms
4 changes: 4 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,13 @@ RUN go build -o /app/2ms .
# ^^^^ disable kics Healthcheck result
FROM alpine:3.18

RUN apk add --no-cache git=2.40.1-r0

RUN addgroup -S 2ms && adduser -S 2ms -G 2ms
USER 2ms

RUN git config --global --add safe.directory /repo

COPY --from=builder /app/2ms /2ms
ENTRYPOINT ["/2ms"]

17 changes: 14 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,27 @@ During the software development lifecycle (SDLC), developers ofen communicate an
2ms is built over a secret detection engine (currently [gitleaks](https://github.com/gitleaks/gitleaks)) and includes various plugins to interact with popular platforms. This means anyone can contribute, improve and extend 2ms quite easily. We believe that by working together, we can create a more secure digital world. You're welcome to join our [community](https://github.com/Checkmarx/2ms/discussions).

## Supported Platforms
* Confluence
* Discord (coming soon)

## Getting 2ms
- Confluence
- Discord (coming soon)

## Getting 2ms

```
# git clone https://github.com/Checkmarx/2ms.git
# cd 2ms
# go build
# ./2ms (linux / mac)
```

### Docker

```
docker run -v path/to/my/repo:/repo checkmarx/2ms git /repo
```

(For `git` command, you have to mount your git repository to `/repo` inside the container)

## Getting started

### Command line arguments (wip, see [#20](https://github.com/Checkmarx/2ms/discussions/20))
Expand All @@ -32,4 +42,5 @@ During the software development lifecycle (SDLC), developers ofen communicate an
- `--confluence-token` confluence token

---

Made by Checkmarx with :heart:
2 changes: 1 addition & 1 deletion plugins/paligo.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (p *PaligoPlugin) DefineCommand(channels Channels) (*cobra.Command, error)
Short: "Scan Paligo instance",
Long: "Scan Paligo instance for sensitive information.",
Run: func(cmd *cobra.Command, args []string) {
// Waits for MarkFlagsMutuallyExclusiveAndRequired https://github.com/spf13/cobra/pull/1972
// Waits for MarkFlagsOneRequired https://github.com/spf13/cobra/pull/1952
if p.auth == "" && (p.username == "" || p.token == "") {
p.Channels.Errors <- fmt.Errorf("exactly one of the flags in the group %v must be set; none were set", []string{paligoAuthFlag, paligoUsernameFlag, paligoTokenFlag})
return
Expand Down

0 comments on commit 6fcfc07

Please sign in to comment.