search

sonatype-nexus-community / nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index
Apache License 2.0
564 stars 74 forks source link

Docker from Nancy #82

Closed DarthHater closed 4 years ago

DarthHater commented 4 years ago

Now that we use GoReleaser, let's stretch our legs and do some Docker!

This pull request makes the following changes:

The docker build is done such that we should expect:

    - "sonatypecommunity/nancy:latest"
    - "sonatypecommunity/nancy:{{ .Tag }}"
    - "sonatypecommunity/nancy:v{{ .Major }}"
    - "sonatypecommunity/nancy:v{{ .Major }}.{{ .Minor }}"

Given v0.1.1 as a tag we'd end up with:

    - "sonatypecommunity/nancy:latest"
    - "sonatypecommunity/nancy:v0.1.1"
    - "sonatypecommunity/nancy:v0"
    - "sonatypecommunity/nancy:v0.1"

Tested locally with skip_push set to true, and disable on GH releases:

(base) 800 nancy (DockerInHouse)$ go list -m all | docker run -i sonatypecommunity/nancy:latest 
 __  __
/\ \/\ \
\ \ `\\ \      __       ___      ___    __  __
 \ \ , ` \   /'__`\   /' _ `\   /'___\ /\ \/\ \
  \ \ \`\ \ /\ \L\.\_ /\ \/\ \ /\ \__/ \ \ \_\ \
   \ \_\ \_\\ \__/.\_\\ \_\ \_\\ \____\ \/`____ \
    \/_/\/_/ \/__/\/_/ \/_/\/_/ \/____/  `/___/> \
                                            /\___/
                                            \/__/
  _        _                           _    _
 /_)      /_` _  _  _ _/_     _  _    (/   /_` _ . _  _   _/  _
/_) /_/  ._/ /_// //_|/  /_/ /_//_'  (_X  /   / / /_'/ //_/ _\
    _/                   _/ /
2020/02/27 04:27:46 Nancy version: 0.1.2
2020/02/27 04:27:47 Response: &{Status:200 OK StatusCode:200 Proto:HTTP/2.0 ProtoMajor:2 ProtoMinor:0 Header:map[Content-Length:[7681] Content-Type:[application/vnd.ossindex.component-report.v1+json] Date:[Thu, 27 Feb 2020 04:27:48 GMT] Set-Cookie:[AWSALB=edrch3AJH2PSolb6QTNiJnPLEmhGgyw4sROnCAhToSLt2Z1y+8LHZf2+hUPQxgD/r4tpRfCLNQpaC9Q39BZRknPOev8gy4Wt5/IHBeOiqgCkmOp1g7jqc/Quf/B4; Expires=Thu, 05 Mar 2020 04:27:48 GMT; Path=/ AWSALBCORS=edrch3AJH2PSolb6QTNiJnPLEmhGgyw4sROnCAhToSLt2Z1y+8LHZf2+hUPQxgD/r4tpRfCLNQpaC9Q39BZRknPOev8gy4Wt5/IHBeOiqgCkmOp1g7jqc/Quf/B4; Expires=Thu, 05 Mar 2020 04:27:48 GMT; Path=/; SameSite=None; Secure]] Body:{cs:0xc009c73e00} ContentLength:7681 TransferEncoding:[] Close:false Uncompressed:false Trailer:map[] Request:0xc0000e8300 TLS:0xc009c41340}
Nancy version: 0.1.2
[1/38]pkg:golang/github.com/AndreasBriese/bbloom@0.0.0-20180913140656-343706a395b7   No known vulnerabilities against package/version
[2/38]pkg:golang/github.com/BurntSushi/toml@0.3.1   No known vulnerabilities against package/version
[3/38]pkg:golang/github.com/Flaque/filet@0.0.0-20190209224823-fc4d33cfcf93   No known vulnerabilities against package/version
[4/38]pkg:golang/github.com/Masterminds/semver@0.0.0-20180403130225-3c92f33da7a8   No known vulnerabilities against package/version
[5/38]pkg:golang/github.com/Masterminds/vcs@1.13.1   No known vulnerabilities against package/version
[6/38]pkg:golang/github.com/armon/go-radix@1.0.0   No known vulnerabilities against package/version
[7/38]pkg:golang/github.com/beevik/etree@1.1.0   No known vulnerabilities against package/version
[8/38]pkg:golang/github.com/boltdb/bolt@1.3.1   No known vulnerabilities against package/version
[9/38]pkg:golang/github.com/common-nighthawk/go-figure@0.0.0-20190529165535-67e0ed34491a   No known vulnerabilities against package/version
[10/38]pkg:golang/github.com/davecgh/go-spew@1.1.1   No known vulnerabilities against package/version
[11/38]pkg:golang/github.com/dgraph-io/badger@1.5.5-0.20181004181505-439fd464b155   No known vulnerabilities against package/version
[12/38]pkg:golang/github.com/dgryski/go-farm@0.0.0-20180109070241-2de33835d102   No known vulnerabilities against package/version
[13/38]pkg:golang/github.com/dustin/go-humanize@1.0.0   No known vulnerabilities against package/version
[14/38]pkg:golang/github.com/golang/dep@0.5.4   No known vulnerabilities against package/version
[15/38]pkg:golang/github.com/golang/protobuf@1.2.0   No known vulnerabilities against package/version
[16/38]pkg:golang/github.com/google/go-cmp@0.3.1   No known vulnerabilities against package/version
[17/38]pkg:golang/github.com/jarcoal/httpmock@1.0.4   No known vulnerabilities against package/version
[18/38]pkg:golang/github.com/jmank88/nuts@0.3.0   No known vulnerabilities against package/version
[19/38]pkg:golang/github.com/konsorten/go-windows-terminal-sequences@1.0.1   No known vulnerabilities against package/version
[20/38]pkg:golang/github.com/logrusorgru/aurora@0.0.0-20190803045625-94edacc10f9b   No known vulnerabilities against package/version
[21/38]pkg:golang/github.com/nightlyone/lockfile@0.0.0-20180618180623-0ad87eef1443   No known vulnerabilities against package/version
[22/38]pkg:golang/github.com/package-url/packageurl-go@0.1.0   No known vulnerabilities against package/version
[23/38]pkg:golang/github.com/pelletier/go-toml@1.4.0   No known vulnerabilities against package/version
[24/38]pkg:golang/github.com/pkg/errors@0.8.0   No known vulnerabilities against package/version
[25/38]pkg:golang/github.com/pmezard/go-difflib@1.0.0   No known vulnerabilities against package/version
[26/38]pkg:golang/github.com/sdboyer/constext@0.0.0-20170321163424-836a14457353   No known vulnerabilities against package/version
[27/38]pkg:golang/github.com/shopspring/decimal@0.0.0-20180709203117-cd690d0c9e24   No known vulnerabilities against package/version
[28/38]pkg:golang/github.com/sirupsen/logrus@1.4.2   No known vulnerabilities against package/version
[29/38]pkg:golang/github.com/spf13/afero@1.2.2   No known vulnerabilities against package/version
[30/38]pkg:golang/github.com/stretchr/testify@1.3.0   No known vulnerabilities against package/version
[31/38]pkg:golang/golang.org/x/net@0.0.0-20181220203305-927f97764cc3   No known vulnerabilities against package/version
[32/38]pkg:golang/golang.org/x/sync@0.0.0-20181221193216-37e7f081c4d4   No known vulnerabilities against package/version
[33/38]pkg:golang/golang.org/x/sys@0.0.0-20200202164722-d101bd2416d5   No known vulnerabilities against package/version
[34/38]pkg:golang/golang.org/x/text@0.3.0   No known vulnerabilities against package/version
[35/38]pkg:golang/github.com/go-check/check@0.0.0-20161208181325-20d25e280405   No known vulnerabilities against package/version
[36/38]pkg:golang/github.com/go-playground/assert@1.2.1   No known vulnerabilities against package/version
[37/38]pkg:golang/github.com/go-yaml/yaml@2.2.2   No known vulnerabilities against package/version
[38/38]pkg:golang/github.com/stretchr/objx@0.1.1   No known vulnerabilities against package/version

Audited dependencies:38,Vulnerable:0

It relates to the following issue #s:

cc @bhamail / @DarthHater / @djschleen / @fitzoh / @zendern / @allenhsieh

DarthHater commented 4 years ago

@zendern @fitzoh @bhamail I consider this ready to go (and I have the ENV stuff setup on CircleCI for it), anyone wanna bless me?