Merge branch 'static-code-analysis-on-xls-branch' into 'working-copy'

Static code analysis on xls branch See merge request !3

Merge branch 'static-code-analysis-on-xls-branch' into 'working-copy'
48ffbfec · Alan Nelson · 647d8526 · 0f8d2665 · 48ffbfec · 48ffbfec
Commit 48ffbfec authored 6 years ago by Alan Nelson
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - verify
+  - build
+  - test
+  - security
+
+Check Makefile:
+  stage: verify
+  tags:
+    - linux, dockerd
+  script:
+    - docker run --rm -v "${PWD}:/work" -w /work mandrean/checkmake ./Makefile
+
+Lint and Validate dockerfiles:
+  stage: verify
+  tags:
+    - linux, dockerd
+  script:
+    - make test
+
+Make All Images:
+  stage: build
+  image: projectatomic/dockerfile-lint
+  tags:
+    - linux, dockerd
+  script:
+    - make 
+    
+test:
+  stage: test
+  tags:
+    - dockerd
+  script: 
+    - docker run --rm unl-its/static-code-analysis sonar-scanner -v
+
+Scan with Tenable:
+  stage: security
+  tags:
+    - linux, dockerd
+  script:
+    - make security
+
--- a/Makefile
+++ b/Makefile
@@ -2,29 +2,42 @@
 #    Build File for Docker Images    #
 ######################################

-.PHONY: magento2-unit-test magento2-xml-lint
+# All Dockerfiles
+####################
+DOCKERFILES := $(shell find ./ -name "Dockerfile")
+
+# List of images to clean
+####################
+#IMAGES_TO_CLEAN := $(shell echo $(shell echo $(shell grep -h LABEL $(DOCKERFILES)) | sed -e 's/LABEL name=//g') | tr [:space:] ' \n' | sort -u)
+IMAGES_TO_CLEAN := $(addprefix unl-its/, $(shell find ./  -maxdepth 1 -type d -not -name ".*" -printf '%f\n'))
+
+# Get the latest commit
+####################
+GIT_COMMIT = $(strip $(shell git rev-parse --short HEAD))
+
+# Docker build arguments
+####################
+BUILD_ARGS := --build-arg VCS_REF=$(GIT_COMMIT)
+
+.PHONY: all clean test $(DOCKERFILES) clean_images $(IMAGES_TO_CLEAN) static-code-analysis delete_dangling_images security

 all: \
-	php-lint_5.6 \
-	php-lint_7.0 \
-	php-lint_7.1 \
-	php-lint_7.2 \
-	php-lint_latest \
-	magento2-unit-test \
-	magento2-xml-lint
+	php-lint_5.6 php-lint_7.0 php-lint_7.1 php-lint_7.2 php-lint_latest \
+	magento2-unit-test magento2-xml-lint \
+	static-code-analysis

 # PHP Images
 ####################
-php-lint_5.6:
+php-lint_5.6: php-lint/5.6/Dockerfile
 	docker build -t unl-its/php-lint:5.6 -f php-lint/5.6/Dockerfile php-lint

-php-lint_7.0:
+php-lint_7.0: php-lint/7.0/Dockerfile
 	docker build -t unl-its/php-lint:7.0 -f php-lint/7.0/Dockerfile php-lint

-php-lint_7.1:
+php-lint_7.1: php-lint/7.1/Dockerfile
 	docker build -t unl-its/php-lint:7.1 -f php-lint/7.1/Dockerfile php-lint

-php-lint_7.2:
+php-lint_7.2: php-lint/7.2/Dockerfile
 	docker build -t unl-its/php-lint:7.2 -f php-lint/7.2/Dockerfile php-lint

 php-lint_latest: php-lint_7.2
@@ -33,19 +46,52 @@ php-lint_latest: php-lint_7.2

 # Application Images
 ####################
-magento2-unit-test:
+magento2-unit-test: magento2-unit-test/latest/Dockerfile
 	docker build -t unl-its/magento2-unit-test:latest magento2-unit-test/latest

-magento2-xml-lint:
+magento2-xml-lint: magento2-unit-test magento2-xml-lint/latest/Dockerfile
 	docker build -t unl-its/magento2-xml-lint:latest magento2-xml-lint/latest

+# Sonarqube static-code-analysis
+# #####################
+static-code-analysis:
+	docker build $(BUILD_ARGS) -t unl-its/static-code-analysis:latest static-code-analysis/
+	docker build $(BUILD_ARGS) -t unl-its/static-code-analysis:php static-code-analysis/
+	docker build $(BUILD_ARGS) -t unl-its/static-code-analysis:python static-code-analysis/

 # Cleanup
 ####################
-clean:
-	docker image rm unl-its/php-lint:5.6; true
-	docker image rm unl-its/php-lint:7.0; true
-	docker image rm unl-its/php-lint:7.1; true
-	docker image rm unl-its/php-lint:7.2; true
-	docker image rm unl-its/php-lint:latest; true
-	docker image rm unl-its/magento2-unit-test:latest; true
+clean: clean_images
+
+test: $(DOCKERFILES)
+$(DOCKERFILES):
+	@echo "Linting and validating $(@D)..." 
+	@docker run --rm -i nimmis/label-inspector lint < $(@D)/Dockerfile
+	@docker run --rm -i nimmis/label-inspector validate < $(@D)/Dockerfile
+
+clean_images: $(IMAGES_TO_CLEAN) delete_dangling_images
+$(IMAGES_TO_CLEAN):
+	@echo "Uninstalling $@"
+	@docker rmi $(shell docker  images --format '{{.Repository}}:{{.Tag}}'  --filter reference=$@)
+
+IMAGES_TO_SCAN = $(shell docker images --format '{{.Repository}}:{{.Tag}}' | grep unl-its )
+security:
+	@docker login -u ${TENABLE_IO_ACCESS_KEY} -p ${TENABLE_IO_SECRET_KEY} registry.cloud.tenable.com
+	@for image in $(IMAGES_TO_SCAN); do \
+		docker tag $$image registry.cloud.tenable.com/`echo $$image | cut -d "/" -f 2`; \
+		docker push registry.cloud.tenable.com/`echo $$image | cut -d "/" -f 2`; \
+	done
+
+delete_dangling_images:
+	@echo "Removing dangling images"
+	@docker image prune -f
+help:
+	@echo -e "make [all] \n\t # Creates all the images"
+	@echo -e "make <TARGET> \n\t # Creates an specific image"
+	@echo -e "make clean \n\t # Cleanup"
+	@echo -e "make security \n\t # Send the images to Tenable. Use env variables TENABLE_IO_ACCESS_KEY and TENABLE_IO_SECRET_KEY"
+
+debug:
+	@echo -e "DOCKERFILES: \t $(DOCKERFILES)"
+	@echo -e "IMAGES_TO_CLEAN:\t $(IMAGES_TO_CLEAN)"
+	@echo -e "IMAGES_TO_SCAN:\t $(IMAGES_TO_SCAN)"
--- a/magento2-unit-test/latest/Dockerfile
+++ b/magento2-unit-test/latest/Dockerfile
 FROM centos:7

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Magento Unit Tester" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
+
 # Add additional REPOs
 RUN rpm -i https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \
  && rpm -i https://rhel7.iuscommunity.org/ius-release.rpm

--- a/magento2-xml-lint/latest/Dockerfile
+++ b/magento2-xml-lint/latest/Dockerfile
 FROM unl-its/magento2-unit-test:latest

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Magento 2 XML linter" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
 # Scripts
 COPY xml-lint docker-entrypoint /usr/local/bin/


--- a/php-lint/5.6/Dockerfile
+++ b/php-lint/5.6/Dockerfile
 FROM php:5.6-alpine

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="PHP 5.6 linter" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
 RUN apk add --no-cache bash

 COPY php-lint docker-entrypoint /usr/local/bin/

--- a/php-lint/7.0/Dockerfile
+++ b/php-lint/7.0/Dockerfile
 FROM php:7.0-alpine

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="PHP 7.0 linter" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
 RUN apk add --no-cache bash

 COPY php-lint docker-entrypoint /usr/local/bin/

--- a/php-lint/7.1/Dockerfile
+++ b/php-lint/7.1/Dockerfile
 FROM php:7.1-alpine

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="PHP 7.1 linter" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
 RUN apk add --no-cache bash

 COPY php-lint docker-entrypoint /usr/local/bin/

--- a/php-lint/7.2/Dockerfile
+++ b/php-lint/7.2/Dockerfile
 FROM php:7.2-alpine

+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="PHP 7.2 linter" \
+      org.label-schema.description="" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version=$VERSION \
+      org.label-schema.schema-version="1.0" \
+      maintainer="Alan Nelson <alan.nelson@nebraska.edu>"
+
 RUN apk add --no-cache bash

 COPY php-lint docker-entrypoint /usr/local/bin/

--- a/static-code-analysis/Dockerfile
+++ b/static-code-analysis/Dockerfile
+FROM openjdk:8-jre-alpine
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Sonarqube Static Code Analyzer" \
+      org.label-schema.description="Docker image for static code analysis using a Sonarqube server" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version="0.1.0" \
+      org.label-schema.schema-version="1.0" \
+      maintainer="J.R. Barreras <barreras@unl.edu>"
+
+ENV SONAR_SCANNER_VERSION 3.2.0.1227
+
+WORKDIR /opt
+
+RUN apk add --no-cache curl sed bash nodejs-current nodejs-npm su-exec && \
+    mkdir -p /opt/src  && \
+    curl --insecure -o ./sonarscanner.zip -L  https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}.zip  && \
+    unzip sonarscanner.zip  && \
+    rm sonarscanner.zip
+
+ENV SONAR_RUNNER_HOME=/opt/sonar-scanner-${SONAR_SCANNER_VERSION}
+ENV PATH $PATH:/opt/sonar-scanner-${SONAR_SCANNER_VERSION}/bin
+
+COPY entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+CMD /bin/bash
+
--- a/static-code-analysis/entrypoint.sh
+++ b/static-code-analysis/entrypoint.sh
+#!/bin/bash
+
+# Add local user
+# Either use the LOCAL_USER_ID if passed in at runtime or
+# fallback
+
+USER_ID=${LOCAL_USER_ID:-9001}
+
+su-exec user "$@"