Commit dba67a0
Changed files (17)
exe
lib
examine
bin/console
@@ -1,7 +1,8 @@
#!/usr/bin/env ruby
+# frozen_string_literal: true
-require "bundler/setup"
-require "examine"
+require 'bundler/setup'
+require 'examine'
# You can add fixtures and/or initialization code here to make experimenting
# with your gem easier. You can also use a different console, if you like.
@@ -10,5 +11,5 @@ require "examine"
# require "pry"
# Pry.start
-require "irb"
+require 'irb'
IRB.start(__FILE__)
bin/lint
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+[ -z "$DEBUG" ] || set -x
+
+echo [$(date "+%H:%M:%S")] "==> Running setup…"
+bin/setup
+
+echo [$(date "+%H:%M:%S")] "==> Running linters…"
+bundle exec rake lint
bin/test
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# script/test: Run test suite for application. Optionally pass in a path to an
+# individual test file to run a single test.
+
+
+set -e
+
+cd "$(dirname "$0")/.."
+
+[ -z "$DEBUG" ] || set -x
+
+# GC customizations
+export RUBY_GC_MALLOC_LIMIT=79000000
+export RUBY_GC_HEAP_INIT_SLOTS=800000
+export RUBY_HEAP_FREE_MIN=100000
+export RUBY_HEAP_SLOTS_INCREMENT=400000
+export RUBY_HEAP_SLOTS_GROWTH_FACTOR=1
+
+echo ["$(date "+%H:%M:%S")"] "==> Running setup…"
+bin/setup
+
+echo ["$(date "+%H:%M:%S")"] "==> Running tests…"
+if [[ $# -eq 0 ]]; then
+ bundle exec rake spec
+else
+ bundle exec rspec "$1"
+fi
exe/examine
@@ -1,5 +1,6 @@
#!/usr/bin/env ruby
+# frozen_string_literal: true
-require "examine"
+require 'examine'
Examine::CLI::Application.start(ARGV)
lib/examine/cli/application.rb
@@ -1,5 +1,8 @@
+# frozen_string_literal: true
+
module Examine
module CLI
+ # Entrypoint to the CLI.
class Application < Thor
package_name 'examine'
lib/examine/cli/clair.rb
@@ -1,12 +1,15 @@
+# frozen_string_literal: true
+
module Examine
module CLI
+ # Entrypoint into the `examine clair` subcommand.
class Clair < Thor
DOWNLOAD_PATH = 'https://github.com/arminc/clair-scanner/releases/download/'
EXECUTABLES = {
'x86-darwin' => 'clair-scanner_darwin_386',
'x86-linux' => 'clair-scanner_linux_386',
'x86_64-darwin' => 'clair-scanner_darwin_amd64',
- 'x86_64-linux' => 'clair-scanner_linux_amd64',
+ 'x86_64-linux' => 'clair-scanner_linux_amd64'
}.freeze
class_option :local_scan_version, desc: 'Version of the arminc/clair-local-scan image', default: 'latest', type: :string
@@ -16,6 +19,8 @@ module Examine
desc 'start', 'start a clair server'
def start
ensure_docker_installed!
+ return unless started?
+
spawn clair_db
wait_until clair_db_running?
@@ -28,32 +33,23 @@ module Examine
method_option :report, desc: 'report file', default: 'report.json', type: :string
method_option :log, desc: 'log file', default: 'clair.log', type: :string
method_option :whitelist, desc: 'whitelist file', default: nil, type: :string
- desc 'scan <image>', 'scan a specific image'
+ desc 'scan <image>', 'scan a specific docker image. E.g mokhan/minbox:latest'
def scan(image)
- start unless started?
+ start
system "docker pull #{image}"
- command = [
- clair_exe,
- "-c #{options[:url]}",
- "--ip #{options[:ip] || Socket.ip_address_list[1].ip_address}",
- "-r #{options[:report]}",
- "-l #{options[:log]}",
- image,
- ]
- command.insert(-2, "-w #{options[:whitelist]}") if options[:whitelist]
- system command.join(' ')
+ system scan_command_for(image, options)
end
desc 'status', 'status of clair server'
def status
- system "docker ps -a | grep clair"
+ system 'docker ps -a | grep clair'
end
desc 'stop', 'stop all clair servers'
def stop
system "docker stop $(docker ps | grep -v CONT | grep clair- | awk '{ print $1 }')"
- system "docker system prune -f"
+ system 'docker system prune -f'
end
private
@@ -66,10 +62,22 @@ module Examine
@clair_exe ||= executable_exists?('clair-scanner') || download_clair
end
+ def scan_command_for(image, options)
+ command = [
+ clair_exe, "-c #{options[:url]}",
+ "--ip #{clair_ip}",
+ "-r #{options[:report]}", "-l #{options[:log]}", image
+ ]
+ command.insert(-2, "-w #{options[:whitelist]}") if options[:whitelist]
+ command.join(' ')
+ end
+
+ def clair_ip
+ options[:ip] || Socket.ip_address_list[1].ip_address
+ end
+
def executable_exists?(exe)
- ENV['PATH'].split(':').map { |x| File.join(x, exe) }.find do |x|
- File.exist?(x)
- end
+ ENV['PATH'].split(':').map { |x| File.join(x, exe) }.find { |x| File.exist?(x) }
end
def download_clair
lib/examine/cli.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
require 'down'
require 'socket'
require 'thor'
@@ -5,8 +7,3 @@ require 'timeout'
require 'examine/cli/clair'
require 'examine/cli/application'
-
-module Examine
- module CLI
- end
-end
lib/examine/version.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
module Examine
- VERSION = "0.1.2"
+ VERSION = '0.1.2'
end
lib/examine.rb
@@ -1,5 +1,7 @@
-require "examine/cli"
-require "examine/version"
+# frozen_string_literal: true
+
+require 'examine/cli'
+require 'examine/version'
module Examine
class Error < StandardError; end
spec/examine_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
RSpec.describe Examine do
specify { expect(Examine::VERSION).not_to be_nil }
end
spec/spec_helper.rb
@@ -1,9 +1,11 @@
-require "bundler/setup"
-require "examine"
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'examine'
RSpec.configure do |config|
# Enable flags like --only-failures and --next-failure
- config.example_status_persistence_file_path = ".rspec_status"
+ config.example_status_persistence_file_path = '.rspec_status'
# Disable RSpec exposing methods globally on `Module` and `main`
config.disable_monkey_patching!
.gitlab-ci.yml
@@ -25,7 +25,17 @@ rspec:
GIT_STRATEGY: none
stage: test
script:
- - cd /examine/ && bundle exec rspec
+ - cd /examine/ && ./bin/test
+
+lint:
+ image:
+ name: $DOCKER_IMAGE
+ entrypoint: [""]
+ variables:
+ GIT_STRATEGY: none
+ stage: test
+ script:
+ - cd /examine/ && ./bin/lint
container_scanning:
image:
.rubocop.yml
@@ -0,0 +1,30 @@
+require:
+ - rubocop/cop/internal_affairs
+ - rubocop-rspec
+AllCops:
+ Exclude:
+ - 'coverage/**/*'
+ - 'pkg/**/*'
+ - 'tmp/**/*'
+ - 'vendor/**/*'
+ TargetRubyVersion: 2.5
+
+Layout/IndentFirstArrayElement:
+ EnforcedStyle: consistent
+
+Metrics/BlockLength:
+ Exclude:
+ - '*.gemspec'
+ - 'spec/**/*.rb'
+
+Metrics/LineLength:
+ Exclude:
+ - 'spec/**/*.rb'
+ IgnoredPatterns:
+ - '^#*'
+
+Naming/RescuedExceptionsVariableName:
+ PreferredName: error
+
+RSpec/NamedSubject:
+ Enabled: false
examine.gemspec
@@ -1,31 +1,35 @@
+# frozen_string_literal: true
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path('lib', __dir__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "examine/version"
+require 'examine/version'
Gem::Specification.new do |spec|
- spec.name = "examine"
+ spec.name = 'examine'
spec.version = Examine::VERSION
- spec.authors = ["mo"]
- spec.email = ["mo@mokhan.ca"]
+ spec.authors = ['mo']
+ spec.email = ['mo@mokhan.ca']
- spec.summary = %q{Examine your software.}
- spec.description = %q{Examine your software.}
- spec.homepage = "https://gitlab.com/xlgmokha/examine/"
- spec.license = "MIT"
+ spec.summary = 'Examine your software.'
+ spec.description = 'Examine your software.'
+ spec.homepage = 'https://gitlab.com/xlgmokha/examine/'
+ spec.license = 'MIT'
# Specify which files should be added to the gem when it is released.
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
- spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
+ spec.files = Dir.chdir(File.expand_path(__dir__)) do
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
end
- spec.bindir = "exe"
+ spec.bindir = 'exe'
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
- spec.require_paths = ["lib"]
+ spec.require_paths = ['lib']
- spec.add_dependency "down", "~> 4.8"
- spec.add_dependency "thor", "~> 0.20"
- spec.add_development_dependency "bundler", "~> 2.0"
- spec.add_development_dependency "rake", "~> 10.0"
- spec.add_development_dependency "rspec", "~> 3.0"
+ spec.add_dependency 'down', '~> 4.8'
+ spec.add_dependency 'thor', '~> 0.20'
+ spec.add_development_dependency 'bundler', '~> 2.0'
+ spec.add_development_dependency 'bundler-audit', '~> 0.6'
+ spec.add_development_dependency 'rake', '~> 10.0'
+ spec.add_development_dependency 'rspec', '~> 3.0'
+ spec.add_development_dependency 'rubocop', '~> 0.52'
+ spec.add_development_dependency 'rubocop-rspec', '~> 1.22'
end
Gemfile
@@ -1,4 +1,6 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
# Specify your gem's dependencies in examine.gemspec
gemspec
Gemfile.lock
@@ -10,10 +10,19 @@ GEM
specs:
addressable (2.6.0)
public_suffix (>= 2.0.2, < 4.0)
+ ast (2.4.0)
+ bundler-audit (0.6.1)
+ bundler (>= 1.2.0, < 3)
+ thor (~> 0.18)
diff-lcs (1.3)
down (4.8.1)
addressable (~> 2.5)
+ jaro_winkler (1.5.2)
+ parallel (1.17.0)
+ parser (2.6.3.0)
+ ast (~> 2.4.0)
public_suffix (3.1.1)
+ rainbow (3.0.0)
rake (10.5.0)
rspec (3.8.0)
rspec-core (~> 3.8.0)
@@ -28,16 +37,30 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-support (3.8.2)
+ rubocop (0.71.0)
+ jaro_winkler (~> 1.5.1)
+ parallel (~> 1.10)
+ parser (>= 2.6)
+ rainbow (>= 2.2.2, < 4.0)
+ ruby-progressbar (~> 1.7)
+ unicode-display_width (>= 1.4.0, < 1.7)
+ rubocop-rspec (1.33.0)
+ rubocop (>= 0.60.0)
+ ruby-progressbar (1.10.1)
thor (0.20.3)
+ unicode-display_width (1.6.0)
PLATFORMS
ruby
DEPENDENCIES
bundler (~> 2.0)
+ bundler-audit (~> 0.6)
examine!
rake (~> 10.0)
rspec (~> 3.0)
+ rubocop (~> 0.52)
+ rubocop-rspec (~> 1.22)
BUNDLED WITH
2.0.2
Rakefile
@@ -1,6 +1,13 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+# frozen_string_literal: true
+
+require 'bundler/audit/task'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new(:rubocop)
+Bundler::Audit::Task.new
-task :default => :spec
+task lint: [:rubocop, 'bundle:audit']
+task default: :spec