Skip to content

Commit

Permalink
Use latest nancy (#9)
Browse files Browse the repository at this point in the history
new configuration option: nancyVersion. Valid values: 'latest' or a specific version, like `v.1.0.6'. Default value is 'latest'.
  • Loading branch information
bhamail authored Feb 19, 2021
1 parent 608b94b commit d1ee788
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 7 deletions.
13 changes: 8 additions & 5 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,18 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM alpine:3.12
FROM alpine:3.13

LABEL com.github.actions.name="Nancy for GitHub Actions" \
com.github.actions.description="Run Sonatype Nancy as part of your GitHub Actions workflow."

RUN apk add --no-cache curl && \
curl -L -o nancy.apk \
https://github.com/sonatype-nexus-community/nancy/releases/download/v1.0.0/nancy_1.0.0_linux_386.apk && \
apk add --no-cache --allow-untrusted nancy.apk
# required to fetch nancy.apk via curl
RUN apk add --no-cache curl

# required to get grep that supports -P option
RUN apk add --no-cache --upgrade grep

COPY install-nancy.sh /install-nancy.sh

COPY entrypoint.sh /entrypoint.sh

Expand Down
11 changes: 9 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ For example: `sleuth --loud`

The example below only requires `go` be installed in order to generate the `go.list` file.
You could instead have some other part of the CI build generate that file for use by `nancy`.
```
```yaml
name: Go Nancy

on: [push]
Expand All @@ -54,6 +54,13 @@ jobs:
uses: sonatype-nexus-community/nancy-github-action@main
```
The snippet below shows how to use a specific version of Nancy (rather than the latest)
```yaml
- name: Scan with specific Nancy version
uses: sonatype-nexus-community/nancy-github-action@use_latest_nancy
with:
nancyVersion: "v1.0.6"
```
## Development
I found it useful to leverage the [act](https://github.com/nektos/act) project while developing
Expand All @@ -62,7 +69,7 @@ of that branch. For example, a [test project](https://github.com/bhamail/nancy-g
Notice the commit hash `950a8965cd37d8e14aaa6aebd6c0d71b4da71fa3` used below in the `Scan` step to run the
development branch.

```
```yaml
name: Go
on:
Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@ name: 'Nancy for GitHub Actions'
author: 'Sonatype'
description: 'Run Sonatype Nancy as part of your GitHub Actions workflow.'
inputs:
nancyVersion:
description: 'The version of Nancy to run. Examples: "latest", "v1.0.15" See: https://github.com/sonatype-nexus-community/nancy/releases for available versions.'
required: true
default: 'latest'
goListFile:
description: 'The path to a file containing the output of a "go list ..." command.'
required: false
Expand Down
3 changes: 3 additions & 0 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# INPUT_NANCYVERSION env var is set automagically to the value of inputs.nancyVersion
/install-nancy.sh $INPUT_NANCYVERSION

nancy $2 < $1
33 changes: 33 additions & 0 deletions install-nancy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/bin/sh

# Copyright (c) 2019-present Sonatype, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

desiredVersion="$1"
echo "desired nancy version: ${desiredVersion}"
if [ -z "$desiredVersion" ]; then
>&2 echo "must specify a desiredVersion, like: latest or v1.0.15"
exit 1
elif [[ ${desiredVersion} == "latest" ]]; then
latest_version_is=$(curl --fail -s https://api.github.com/repos/sonatype-nexus-community/nancy/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
desiredVersion=${latest_version_is}
elif [[ ${desiredVersion:0:1} != "v" ]]; then
>&2 echo "specific nancy version (${desiredVersion}) must start with v, like: v1.0.15"
exit 1
fi
# installer filename excludes v from version
sourceUrl="https://github.com/sonatype-nexus-community/nancy/releases/download/${desiredVersion}/nancy_${desiredVersion:1}_linux_amd64.apk"
echo "installing nancy via ${sourceUrl}"
curl --fail -L -o nancy.apk ${sourceUrl}
apk add --no-progress --quiet --no-cache --allow-untrusted nancy.apk

0 comments on commit d1ee788

Please sign in to comment.