From acaab31481562aea5232d54d5666133b7cf4b559 Mon Sep 17 00:00:00 2001 From: david-sandy <92327545+david-sandy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:47:37 -0600 Subject: [PATCH 1/3] Added buildkite asdf installer --- .buildkite/hooks/pre-command | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .buildkite/hooks/pre-command diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command new file mode 100644 index 00000000..a3d5bffd --- /dev/null +++ b/.buildkite/hooks/pre-command @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -eu +pushd "$(dirname "${BASH_SOURCE[0]}")"/../.. + +# Skip the rest if this is pipeline upload or empty +if [[ "${BUILDKITE_COMMAND:-}" =~ "buildkite-agent pipeline upload".* ]]; then + exit 0 +fi + +TOOL_VERSION_FILES=() +mapfile -d $'\0' TOOL_VERSION_FILES < <(fd .tool-versions --hidden --absolute-path --print0) + +for file in "${TOOL_VERSION_FILES[@]}"; do + echo "Installing asdf dependencies as defined in ${file}:" + parent=$(dirname "${file}") + pushd "${parent}" + + asdf install + + popd +done + +popd From 1706ca0b462b6318e5d3aab07d9f584bd4551a9c Mon Sep 17 00:00:00 2001 From: david-sandy <92327545+david-sandy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:50:11 -0600 Subject: [PATCH 2/3] Added trivy to tool-versions --- .tool-verions | 1 + 1 file changed, 1 insertion(+) create mode 100644 .tool-verions diff --git a/.tool-verions b/.tool-verions new file mode 100644 index 00000000..9eb39d5f --- /dev/null +++ b/.tool-verions @@ -0,0 +1 @@ +trivy 0.20.0 From e2e0f258e79db3c59441bb65f3f13f613619961b Mon Sep 17 00:00:00 2001 From: david-sandy <92327545+david-sandy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:52:08 -0600 Subject: [PATCH 3/3] Added trivy to run --- buildkite.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/buildkite.yml b/buildkite.yml index ab46103d..84652b68 100644 --- a/buildkite.yml +++ b/buildkite.yml @@ -1,4 +1,7 @@ steps: + - label: :lock: trivy - security + command: ./buildkite/run-trivy.sh + agents: { queue: "standard" } - label: ':go:' # Note: go fmt on its own ignores testdata/ directories. command: test -z $(gfind internal/testdata -type f -name '*.go' -exec gofmt -l {} \;)