WIP

docker/Dockerfile.node-vite-ui.dev

@@ -10,7 +10,7 @@ USER node
 COPY --chown=node:node ./<<projectName>>-ui/package.json ./
 
 # install dependencies
-# TODO: It would be vest to ensure npm install has been run before creating the image for the first time, then the if check can be removed
+# TODO: It would be best to ensure npm install has been run before creating the image for the first time, then the if check can be removed
 RUN if test -f package-lock.json ; then npm ci ; else npm i ; fi
 
 EXPOSE 8080

docker/pipeline-jobs/docker-compose-dockerfile-lint.yml

+services:
+
+  dockerfile-lint<<subProject>>:
+    image: registry1.dso.mil/ironbank/opensource/hadolint/hadolint:v2.12.0
+    container_name: dockerfile-lint<<subProject>>
+    entrypoint: ["${BASE_SCRIPTS_DIR}/dockerfile-lint/entrypoint.sh"]
+    working_dir: /root
+    environment:
+      - REPORTS_DIR=${BASE_REPORTS_DIR}/dockerfile-lint<<subProject>>
+      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/dockerfile-lint
+      - SCAN_DIR=/app
+      - CI_JOB_NAME=dockerfile-lint<<subProject>>
+    volumes:
+      - ./:/root
+      - ./<<projectName>><<subProject>>:/app

scripts/dockerfile-lint/entrypoint.sh

+'${SCRIPTS_DIR}/monitor/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job URL: ${CI_JOB_URL}"'
+echo "removing any existing hadolint config."
+rm -rf .config/hadolint.yml .config/hadolint.yaml
+hadolint $APPROVED_REGISTRY $DOCKERFILE_LOC --failure-threshold warning | tee ${REPORTS_DIR}/${CI_JOB_NAME}.out
+
+if [ "$?" == "0" ]; then
+  ${SCRIPTS_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s pass -r pass
+else
+  if [ -s "${REPORTS_DIR}/${CI_JOB_NAME}.out" ]; then
+    ${SCRIPTS_DIR}/monitor/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
+  fi
+  exit 1
+fi

scripts/dockerfile-lint/monitorstatus.sh

+#!/bin/bash
+
+LOG_DIR="${REPORTS_DIR}"
+LOG_NAME="monitor_status"
+LOG_EXT=".yaml"
+LOG_FILE="${LOG_DIR}${LOG_NAME}${LOG_EXT}"
+STATUS_VALUES=("pass" "fail")
+REASON_VALUES=("defect" "config" "findings" "pass")
+
+job_name="${LOG_NAME}"
+status_file="${LOG_FILE}"
+status=""
+reason=""
+log=""
+
+function help_message() {
+  IFS="|"
+  echo "Usage: $0 [-h] [-s arg] [-r arg] [-l arg] [-f arg] [-j arg]" >&2
+  echo "  -h  Display this message" >&2
+  echo "  -s  Job status with value from (${STATUS_VALUES[*]})" >&2
+  echo "  -r  Job reason with value from (${REASON_VALUES[*]})" >&2
+  echo "  -l  Log message appended to list" >&2
+  echo "  -f  Path to log file, current value: ${LOG_DIR}" >&2
+  echo "  -j  Job name for status file creation, current value: ${LOG_NAME}" >&2
+  echo "      File extension for log file: ${LOG_EXT}" >&2
+}
+
+function error_message() {
+    echo "$1" >&2
+    exit 1
+}
+
+function check_string_in_list() {
+  local string="$1"
+  local list=("${@:2}")
+
+  for value in "${list[@]}"; do
+    if [[ "$string" == "$value" ]]; then
+      return 1
+    fi
+  done
+
+  return 0
+}
+
+USE_YQ=
+if command -v yq 2>&1 >/dev/null; then
+  USE_YQ="true"
+fi
+
+while getopts :hj:s:r:l:f: flag
+do 
+  case "${flag}" in 
+    h)
+      help_message
+      exit 0
+      ;;
+    s)
+      status=${OPTARG}
+      if check_string_in_list "$status" "${STATUS_VALUES[@]}"; then
+        error_message "Status value not in (${STATUS_VALUES[*]})"
+      fi 
+      ;;
+    r)
+      reason=${OPTARG}
+      if check_string_in_list "$reason" "${REASON_VALUES[@]}"; then
+        error_message "Reason value not in (${REASON_VALUES[*]})"
+      fi
+      ;;
+    l)
+      log=${OPTARG}
+      ;;
+    j)
+      job_name=${OPTARG}
+      status_file="${LOG_DIR}${job_name}${LOG_EXT}"
+      ;;
+    f)
+      LOG_FILE=${OPTARG}
+      ;;
+    :)
+      echo "Option -${OPTARG} requires an argument." >&2
+      echo ""
+      help_message
+      exit 1
+      ;;
+    ?)
+      echo "Invalid option: -${OPTARG}." >&2
+      echo ""
+      help_message
+      exit 1
+      ;;
+  esac
+done
+
+if [ -f "$status_file" ]; then
+  if [ -n "$status" ]; then
+    if [ -n "$USE_YQ" ]; then
+      yq -Yi ".status=\"$status\"" "$status_file"
+    else
+      tmpfile=$(mktemp)
+      cp "$status_file" "$tmpfile"
+      awk "{sub(/status: .*/,\"status: ${status}\"); print}" "$tmpfile" > "$status_file"
+      rm "$tmpfile"
+    fi
+  fi 
+
+  if [ -n "$reason" ]; then
+    if [ -n "$USE_YQ" ]; then
+      yq -Yi ".reason=\"$reason\"" "$status_file"
+    else
+      tmpfile=$(mktemp)
+      cp "$status_file" "$tmpfile"
+      awk "{sub(/reason: .*/,\"reason: ${reason}\"); print}" "$tmpfile" > "$status_file"
+      rm "$tmpfile"
+    fi
+  fi 
+else
+  if [ -z "$status" ]; then
+    error_message "Status code is required from (${STATUS_VALUES[*]}) during initial log creation"
+  fi 
+
+  if [ -z "$reason" ]; then
+    error_message "Reason code is required from (${REASON_VALUES[*]}) during initial log creation"
+  fi 
+
+  cat <<EOF > "$status_file"
+status: "$status"
+reason: "$reason"
+log:
+EOF
+fi
+
+if [ -n "$log" ]; then
+  if [ -f "$status_file" ]; then
+    echo "  - \"${log}\"" >> "$status_file"
+  else 
+    error_message "No log file exists (${status_file}) to append log message"
+  fi 
+fi 
+
+exit 0