From 6fcfc07231483b3859cf23baabcad4106fcd7c3d Mon Sep 17 00:00:00 2001
From: "Baruch Odem (Rothkoff)" <baruch.odem@checkmarx.com>
Date: Mon, 12 Jun 2023 15:11:32 +0300
Subject: [PATCH] fix: support git plugin on docker image (#91)

The Alpine docker image doesn't include `git`.

+ Publish the README to the DockerHub page:
https://github.com/Checkmarx/2ms/issues/8#issuecomment-1587175380
---
 .github/workflows/pr-validation.yml | 19 ++++++++++---------
 .github/workflows/release.yml       |  7 +++++++
 Dockerfile                          |  4 ++++
 README.md                           | 17 ++++++++++++++---
 plugins/paligo.go                   |  2 +-
 5 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
index 54349a84..809df8f1 100644
--- a/.github/workflows/pr-validation.yml
+++ b/.github/workflows/pr-validation.yml
@@ -9,7 +9,7 @@ jobs:
   test:
     strategy:
       matrix:
-        os: [ ubuntu-latest ]
+        os: [ubuntu-latest]
 
     runs-on: ${{ matrix.os }}
 
@@ -19,7 +19,7 @@ jobs:
 
       - uses: actions/setup-go@v4
         with:
-          go-version: '^1.20'
+          go-version: "^1.20"
 
       - name: Go Linter
         run: docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m
@@ -32,17 +32,18 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
-      
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
-      
+
       - run: make build
       - name: Run docker and check its output
-        run: if docker run -t checkmarx/2ms:latest --version | grep "2ms version"; then
-            echo "Docker ran as expected";
+        run:
+          if docker run -v "$(pwd)":/repo -t checkmarx/2ms:latest git /repo | grep -A 5 "Summary:"; then
+          echo "Docker ran as expected";
           else
-            echo "Docker did not run as expected";
-            exit 1;
+          echo "Docker did not run as expected";
+          exit 1;
           fi
 
   kics:
@@ -50,7 +51,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - run: mkdir -p kics-results
-      
+
       - name: Run KICS scan
         uses: checkmarx/kics-github-action@master
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7d710c7f..8c89ee79 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -85,3 +85,10 @@ jobs:
           tags: |
             checkmarx/2ms:latest
             checkmarx/2ms:${{ needs.test.outputs.version }}
+
+      - name: Update Docker repo description
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          repository: checkmarx/2ms
diff --git a/Dockerfile b/Dockerfile
index e6a37ae9..bf5990a1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,9 +14,13 @@ RUN go build -o /app/2ms .
 # ^^^^ disable kics Healthcheck result
 FROM alpine:3.18
 
+RUN apk add --no-cache git=2.40.1-r0
+
 RUN addgroup -S 2ms && adduser -S 2ms -G 2ms
 USER 2ms
 
+RUN git config --global --add safe.directory /repo
+
 COPY --from=builder /app/2ms /2ms
 ENTRYPOINT ["/2ms"]
 
diff --git a/README.md b/README.md
index aff76dd9..97038cc9 100644
--- a/README.md
+++ b/README.md
@@ -11,10 +11,12 @@ During the software development lifecycle (SDLC), developers ofen communicate an
 2ms is built over a secret detection engine (currently [gitleaks](https://github.com/gitleaks/gitleaks)) and includes various plugins to interact with popular platforms. This means anyone can contribute, improve and extend 2ms quite easily. We believe that by working together, we can create a more secure digital world. You're welcome to join our [community](https://github.com/Checkmarx/2ms/discussions).
 
 ## Supported Platforms
-* Confluence
-* Discord (coming soon)
 
-## Getting 2ms 
+- Confluence
+- Discord (coming soon)
+
+## Getting 2ms
+
 ```
 # git clone https://github.com/Checkmarx/2ms.git
 # cd 2ms
@@ -22,6 +24,14 @@ During the software development lifecycle (SDLC), developers ofen communicate an
 # ./2ms (linux / mac)
 ```
 
+### Docker
+
+```
+docker run -v path/to/my/repo:/repo checkmarx/2ms git /repo
+```
+
+(For `git` command, you have to mount your git repository to `/repo` inside the container)
+
 ## Getting started
 
 ### Command line arguments (wip, see [#20](https://github.com/Checkmarx/2ms/discussions/20))
@@ -32,4 +42,5 @@ During the software development lifecycle (SDLC), developers ofen communicate an
 - `--confluence-token` confluence token
 
 ---
+
 Made by Checkmarx with :heart:
diff --git a/plugins/paligo.go b/plugins/paligo.go
index f221f36f..57e45f60 100644
--- a/plugins/paligo.go
+++ b/plugins/paligo.go
@@ -66,7 +66,7 @@ func (p *PaligoPlugin) DefineCommand(channels Channels) (*cobra.Command, error)
 		Short: "Scan Paligo instance",
 		Long:  "Scan Paligo instance for sensitive information.",
 		Run: func(cmd *cobra.Command, args []string) {
-			// Waits for MarkFlagsMutuallyExclusiveAndRequired https://github.com/spf13/cobra/pull/1972
+			// Waits for MarkFlagsOneRequired https://github.com/spf13/cobra/pull/1952
 			if p.auth == "" && (p.username == "" || p.token == "") {
 				p.Channels.Errors <- fmt.Errorf("exactly one of the flags in the group %v must be set; none were set", []string{paligoAuthFlag, paligoUsernameFlag, paligoTokenFlag})
 				return