BULL-3233: unit tests job

docker/pipeline-jobs/docker-compose-dockerfile-lint.yml

@@ -3,15 +3,15 @@ services:
   dockerfile-lint<<subProject>>:
     image: registry1.dso.mil/ironbank/opensource/hadolint/hadolint:v2.12.0
     container_name: dockerfile-lint<<subProject>>
-    entrypoint: ["${BASE_SCRIPTS_DIR}/dockerfile-lint/entrypoint.sh"]
-    working_dir: /root
+    entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/dockerfile-lint/entrypoint.sh"]
+    working_dir: /local-dev
     environment:
-      - REPORTS_DIR=${BASE_REPORTS_DIR}/dockerfile-lint<<subProject>>
-      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/dockerfile-lint
-      - UTILITY_DIR=${BASE_SCRIPTS_DIR}/utility
+      - REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/dockerfile-lint<<subProject>>
+      - SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/dockerfile-lint
+      - UTILITY_DIR=/local-dev/${BASE_SCRIPTS_DIR}/utility
       - SCAN_DIR=/app
       - CI_JOB_NAME=dockerfile-lint<<subProject>>
       - DOCKERFILE_LOC=Dockerfile
     volumes:
-      - ./:/root
+      - ./:/local-dev
       - ./<<projectName>><<subProject>>:/app

docker/pipeline-jobs/docker-compose-find-unauthorized.yml

@@ -3,15 +3,15 @@ services:
   find-unauthorized<<subProject>>:
     image: registry1.dso.mil/ironbank/opensource/python:v3.12.5
     container_name: find-unauthorized<<subProject>>
-    entrypoint: ["${BASE_SCRIPTS_DIR}/find-unauthorized/entrypoint.sh"]
-    working_dir: /root
+    entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/find-unauthorized/entrypoint.sh"]
+    working_dir: /local-dev
     environment:
-      - REPORTS_DIR=${BASE_REPORTS_DIR}/find-unauthorized<<subProject>>
-      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/find-unauthorized
-      - UTILITY_DIR=${BASE_SCRIPTS_DIR}/utility
+      - REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/find-unauthorized<<subProject>>
+      - SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/find-unauthorized
+      - UTILITY_DIR=/local-dev/${BASE_SCRIPTS_DIR}/utility
       - SCAN_DIR=/app
       - CI_JOB_NAME=find-unauthorized<<subProject>>
       - DOCKERFILE_LOC=Dockerfile
     volumes:
-      - ./:/root
+      - ./:/local-dev
       - ./<<projectName>><<subProject>>:/app

docker/pipeline-jobs/docker-compose-npm-lint.yml

@@ -3,13 +3,13 @@ services:
   npm-lint<<subProject>>:
     image: registry1.dso.mil/ironbank/opensource/nodejs/nodejs20:20.11
     container_name: npm-lint<<subProject>>
-    entrypoint: ["${BASE_SCRIPTS_DIR}/npm-lint/entrypoint.sh"]
-    working_dir: /root
+    entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/npm-lint/entrypoint.sh"]
+    working_dir: /local-dev
     environment:
-      - REPORTS_DIR=${BASE_REPORTS_DIR}/npm-lint<<subProject>>
-      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/npm-lint
+      - REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/npm-lint<<subProject>>
+      - SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/npm-lint
       - SCAN_DIR=/app
     volumes:
-      - ./:/root
+      - ./:/local-dev
       - ./<<projectName>><<subProject>>:/app
       
\ No newline at end of file

docker/pipeline-jobs/docker-compose-npm-unit-tests.yml

+services:
+
+  npm-unit-tests<<subProject>>:
+    image: registry1.dso.mil/ironbank/opensource/nodejs/nodejs20:20.11
+    container_name: npm-unit-tests<<subProject>>
+    entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/npm-unit-tests/entrypoint.sh"]
+    working_dir: /local-dev
+    environment:
+      - REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/npm-unit-tests<<subProject>>
+      - SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/npm-unit-tests
+      - UTILITY_DIR=/local-dev/${BASE_SCRIPTS_DIR}/utility
+      - SCAN_DIR=/app
+      - CI_JOB_NAME=npm-unit-tests<<subProject>>
+    volumes:
+      - ./:/local-dev
+      - ./<<projectName>><<subProject>>:/app
+      
\ No newline at end of file

docker/pipeline-jobs/docker-compose-trufflehog.yml

@@ -3,13 +3,15 @@ services:
   trufflehog<<subProject>>:
     image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
     container_name: trufflehog<<subProject>>
-    entrypoint: ["${BASE_SCRIPTS_DIR}/trufflehog/entrypoint.sh"]
-    working_dir: /root
+    entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/trufflehog/entrypoint.sh"]
+    working_dir: /local-dev
     environment:
-      - REPORTS_DIR=${BASE_REPORTS_DIR}/trufflehog<<subProject>>
-      - SCRIPTS_DIR=${BASE_SCRIPTS_DIR}/trufflehog
+      - REPORTS_DIR=/local-dev/${BASE_REPORTS_DIR}/trufflehog<<subProject>>
+      - SCRIPTS_DIR=/local-dev/${BASE_SCRIPTS_DIR}/trufflehog
+      - UTILITY_DIR=/local-dev/${BASE_SCRIPTS_DIR}/utility
       - SCAN_DIR=/app
+      - CI_JOB_NAME=trufflehog<<subProject>>
       - TRUFFLEHOG_EXCLUDE_PATHS=<<exclusions>>
     volumes:
-      - ./:/root
+      - ./:/local-dev
       - ./<<projectName>><<subProject>>:/app

formulas/baselines/node.yml

@@ -6,7 +6,11 @@ pipeline:
   pipelineJobs:
     npm-lint:
       composeFile: docker/pipeline-jobs/docker-compose-npm-lint.yml
+    npm-unit-tests:
+      composeFile: docker/pipeline-jobs/docker-compose-npm-unit-tests.yml
 
 getLocalDevDirs:
   - from: scripts/npm-lint
     to: scripts/npm-lint
+  - from: scripts/npm-unit-tests
+    to: scripts/npm-unit-tests

scripts/dockerfile-lint/entrypoint.sh

 #!/bin/bash
+# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/dockerfile-lint/base.yml
+# Modified to run in local dev.
 
 mkdir -p ${REPORTS_DIR}
 rm -f ${REPORTS_DIR}/*
 
-${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev"
+${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev" 
 set -o pipefail
 hadolint $APPROVED_REGISTRY $SCAN_DIR/$DOCKERFILE_LOC --failure-threshold warning | tee ${REPORTS_DIR}/${CI_JOB_NAME}.out
 

scripts/find-unauthorized/cmdscan.py

+# This script and config file unauthorized.json copied from: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/tree/master/scripts/dockerfile-scan/cmdscan
+
 from sys import argv, exit, stderr
 from os import path
 import json

scripts/find-unauthorized/entrypoint.sh

 #!/bin/bash
+# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/find-unauthorized/base.yml
+# Modified to run in local dev.
 
 mkdir -p ${REPORTS_DIR}
 rm -f ${REPORTS_DIR}/*

scripts/npm-lint/entrypoint.sh

 #!/bin/bash
+# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/lint/npm.yml
 
 cd ${SCAN_DIR}
 npm run lint

scripts/npm-unit-tests/entrypoint.sh

+#!/bin/bash
+# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/unit-tests/npm.yml
+
+cd ${SCAN_DIR}
+npm run test:unit

scripts/trufflehog/entrypoint.sh

 #!/bin/bash
 
+# Copied from CI/CD execution steps: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/blob/master/jobs/find-unauthorized/base.yml
+# Modified to run in local dev.
+
 mkdir -p ${REPORTS_DIR}
+rm -f ${REPORTS_DIR}/*
+
+${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s fail -r config -l "Job run in local dev"
 REPORT_FILE=${REPORTS_DIR}/trufflehog_report.json 
 # enable shell globbing for recursive exclude matching. allows use of '**/*' format
 shopt -s globstar
@@ -13,4 +19,14 @@ trufflehog3 -vvv --ignore-nosecret --format json --zero --no-history \
   ${SCAN_DIR}
 set +x
 shopt -u globstar
+trufflehog3 --version > ${REPORTS_DIR}/trufflehog_version.txt
 python ${SCRIPTS_DIR}/trufflehog-gate-check.py "${REPORT_FILE}"
+
+if [ "$?" == "0" ]; then
+  ${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -s pass -r pass
+else
+  if [ -s "${REPORTS_DIR}/${CI_JOB_NAME}.out" ]; then
+    ${UTILITY_DIR}/monitorstatus.sh -j ${CI_JOB_NAME} -r findings -l "${CI_JOB_NAME} process found findings, check job for details"
+  fi
+  exit 1
+fi

scripts/trufflehog/trufflehog-gate-check.py

+# This script and config file rules.yml copied from https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/tree/master/scripts/gate-checks/trufflehog
+
 import sys
 import json
 

scripts/utility/monitorstatus.sh

 #!/bin/bash
+# This script was copied from https://code.il2.dso.mil/platform-one/devops/pipeline-templates/-/tree/master/scripts/monitor
+# Specific changes for local dev are commented below.
 
-LOG_DIR="${REPORTS_DIR}/"
+LOG_DIR="${REPORTS_DIR}/" # Changed from original
 LOG_NAME="monitor_status"
 LOG_EXT=".yaml"
-LOG_FILE="${LOG_DIR}${LOG_NAME}${LOG_EXT}"
 STATUS_VALUES=("pass" "fail")
 REASON_VALUES=("defect" "config" "findings" "pass")
 
-job_name="${LOG_NAME}"
-status_file="${LOG_FILE}"
 status=""
 reason=""
 log=""
@@ -71,31 +70,32 @@ do
       log=${OPTARG}
       ;;
     j)
-      job_name=${OPTARG}
-      status_file="${LOG_DIR}${job_name}${LOG_EXT}"
+      LOG_NAME=${OPTARG}
       ;;
     f)
-      LOG_FILE=${OPTARG}
+      LOG_DIR=${OPTARG}
       ;;
     :)
       echo "Option -${OPTARG} requires an argument." >&2
-      echo ""
+      echo "" >&2
       help_message
       exit 1
       ;;
     ?)
       echo "Invalid option: -${OPTARG}." >&2
-      echo ""
+      echo "" >&2
       help_message
       exit 1
       ;;
   esac
 done
 
+status_file="${LOG_DIR}${LOG_NAME}${LOG_EXT}"
+
 if [ -f "$status_file" ]; then
   if [ -n "$status" ]; then
     if [ -n "$USE_YQ" ]; then
-      yq -Yi ".status=\"$status\"" "$status_file"
+      yq e -i ".status=\"$status\"" "$status_file"
     else
       tmpfile=$(mktemp)
       cp "$status_file" "$tmpfile"
@@ -106,7 +106,7 @@ if [ -f "$status_file" ]; then
 
   if [ -n "$reason" ]; then
     if [ -n "$USE_YQ" ]; then
-      yq -Yi ".reason=\"$reason\"" "$status_file"
+      yq e -i ".reason=\"$reason\"" "$status_file"
     else
       tmpfile=$(mktemp)
       cp "$status_file" "$tmpfile"