Skip to content

Commit

Permalink
Merge pull request #1295 from snyk/feat/docker-bundle
Browse files Browse the repository at this point in the history 
Docker partnership bundle
  • Loading branch information
@JackuB
JackuB committed Jul 28, 2020
2 parents 12ef8c7 + a745b64 commit d0bc022
Show file tree
Hide file tree
Showing 6 changed files with 87 additions and 3 deletions.
2 changes: 2 additions & 0 deletions .gitignore
View file
Expand Up @@ -15,3 +15,5 @@ snyk-result.json
snyk_report.css
snyk_report.html
!/docker/snyk_report.css
cert.pem
key.pem
4 changes: 4 additions & 0 deletions .npmignore
View file
Expand Up @@ -4,3 +4,7 @@ config.*.json
!config.default.json
tmp
.nyc_output
cert.pem
key.pem
/release-scripts
/dist/docker-mac-signed-bundle.tar.gz
21 changes: 18 additions & 3 deletions .releaserc
View file
Expand Up @@ -11,10 +11,20 @@
"path": "@semantic-release/exec",
"cmd": "pkg . -t node14-alpine-x64,node14-linux-x64,node14-macos-x64,node14-win-x64"
},
{
"//": "build docker package",
"path": "@semantic-release/exec",
"cmd": "./release-scripts/docker-desktop-release.sh"
},
{
"//": "build docker package",
"path": "@semantic-release/exec",
"cmd": "./release-scripts/sign-windows-binary.sh"
},
{
"//": "shasum all binaries",
"path": "@semantic-release/exec",
"cmd": "shasum -a 256 snyk-linux > snyk-linux.sha256 && shasum -a 256 snyk-macos > snyk-macos.sha256 && shasum -a 256 snyk-win.exe > snyk-win.exe.sha256 && shasum -a 256 snyk-alpine > snyk-alpine.sha256"
"cmd": "shasum -a 256 snyk-linux > snyk-linux.sha256 && shasum -a 256 snyk-macos > snyk-macos.sha256 && shasum -a 256 snyk-alpine > snyk-alpine.sha256"
},
{
"//": "removes the file we use to identify a build as a standalone binary",
Expand Down Expand Up @@ -48,12 +58,12 @@
"label": "snyk-macos.sha256"
},
{
"path": "./snyk-win.exe",
"path": "./snyk-win-signed.exe",
"name": "snyk-win.exe",
"label": "snyk-win.exe"
},
{
"path": "./snyk-win.exe.sha256",
"path": "./snyk-win-signed.exe.sha256",
"name": "snyk-win.exe.sha256",
"label": "snyk-win.exe.sha256"
},
Expand All @@ -66,6 +76,11 @@
"path": "./snyk-alpine.sha256",
"name": "snyk-alpine.sha256",
"label": "snyk-alpine.sha256"
},
{
"path": "./dist/docker-mac-signed-bundle.tar.gz",
"name": "docker-mac-signed-bundle.tar.gz",
"label": "docker-mac-signed-bundle.tar.gz"
}
]
}
Expand Down
30 changes: 30 additions & 0 deletions release-scripts/docker-desktop-release.sh
View file
@@ -0,0 +1,30 @@
#!/usr/bin/env bash
set -e

# Take built CLI
mkdir ./dist/docker
mkdir ./dist/docker/cli
cp -r ./dist/cli ./dist/docker/cli/cli
cp -r ./dist/lib ./dist/docker/cli/lib
cp ./package.json ./dist/docker/
cp ./config.default.json ./dist/docker/
cp -r ./help ./dist/docker/help

# Snyk CLI entry script
cp ./release-scripts/snyk-mac.sh ./dist/docker/

cd ./dist/docker

npm install --production

# Download macOS NodeJS binary, using same as pkg
curl "https://nodejs.org/dist/v14.6.0/node-v14.6.0-darwin-x64.tar.gz" | tar -xz

cd ..

# Create bundle, resolve symlinks
tar czfh docker-mac-signed-bundle.tar.gz ./docker

sha256sum docker-mac-signed-bundle.tar.gz > docker-mac-signed-bundle.tar.gz.sha256

rm -rf ./docker
24 changes: 24 additions & 0 deletions release-scripts/sign-windows-binary.sh
View file
@@ -0,0 +1,24 @@
#!/usr/bin/env bash

# create files as needed
CERT_FILE=cert.pem
if [ ! -f "$CERT_FILE" ]; then
echo "$SIGNING_CERT" | base64 --decode > "$CERT_FILE"
fi

# create files as needed
KEY_FILE=key.pem
if [ ! -f "$KEY_FILE" ]; then
echo "$SIGNING_KEY" | base64 --decode > "$KEY_FILE"
fi

osslsigncode sign -h sha512 \
-certs cert.pem \
-key key.pem \
-n "Snyk CLI" \
-i "https://snyk.io" \
-t "http://timestamp.comodoca.com/authenticode" \
-in snyk-win.exe \
-out snyk-win-signed.exe

sha256sum snyk-win-signed.exe > snyk-win-signed.exe.sha256
9 changes: 9 additions & 0 deletions release-scripts/snyk-mac.sh
View file
@@ -0,0 +1,9 @@
#!/usr/bin/env bash
set -e

DIRNAME=$(dirname "$0")

NODE="$DIRNAME/node-v14.6.0-darwin-x64/bin/node"
SNYK_CLI="$DIRNAME/cli/cli/index.js"

"$NODE" "$SNYK_CLI" "$@"

0 comments on commit d0bc022

Please sign in to comment.