Merge pull request #7 from ForAllSecure/enhanced-cli-support

update cli support
ForAllSecure · Sep 24, 2024 · 4b52b47 · 4b52b47
2 parents 5f5628e + 0fd0e29
commit 4b52b47
Show file tree

Hide file tree

Showing 9 changed files with 222 additions and 69 deletions.
diff --git a/MODULE.bazel b/MODULE.bazel
@@ -1,10 +1,10 @@
 module(
     name = "rules_mayhem",
-    version = "0.7.3",
+    version = "0.7.4",
 )
 
 bazel_dep(name = "bazel_skylib", version = "1.7.1")
 bazel_dep(name = "platforms", version = "0.0.10")
 
-rules_mayhem_dependencies = use_extension("@rules_mayhem//mayhem:extensions.bzl", "rules_mayhem_dependencies")
-use_repo(rules_mayhem_dependencies, "mayhem_cli_linux", "mayhem_cli_windows", "yq_cli_linux", "yq_cli_windows")
+rules_mayhem_extension = use_extension("@rules_mayhem//mayhem:extensions.bzl", "rules_mayhem_extension")
+use_repo(rules_mayhem_extension, "mayhem_cli_linux", "mayhem_cli_windows", "yq_cli_linux", "yq_cli_osx", "yq_cli_windows")
diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock
diff --git a/README.md b/README.md
@@ -1,43 +1,62 @@
 # rules_mayhem
 
-Generates a Mayhemfile and kicks off a Mayhem run.
+Run Mayhem from your Bazel infrastructure.
 
 ## To include
 
 You can add the following snippet:
 
 ```
 ## MODULE.bazel
-bazel_dep(name = "rules_mayhem", version = "0.7.0")
+bazel_dep(name = "rules_mayhem", version = "0.7.3")
+rules_mayhem_extension = use_extension("@rules_mayhem//mayhem:extensions.bzl", "rules_mayhem_extension")
+use_repo(rules_mayhem_extension, "mayhem_cli_linux", "mayhem_cli_windows", "yq_cli_linux", "yq_cli_osx", "yq_cli_windows")
 ```
+
+```
+## WORKSPACE
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+http_archive(
+    name = "rules_mayhem",
+    strip_prefix = "rules_mayhem",
+    urls = ["https://github.com/ForAllSecure/rules_mayhem/releases/download/0.7.3/rules_mayhem-0.7.3.tar.gz"],
+    sha256 = "911a861da6e053e3e4c32505a4b4bbaa7ca3404611570be8b16cd2dd6d13e039",
+)
+
+
+load("@rules_mayhem//mayhem:repositories.bzl", "rules_mayhem_repositories")
+rules_mayhem_repositories(mayhem_url = "https://app.mayhem.security") # or your own Mayhem instance
+```
+
 > *Note: Please see the latest release notes for instructions on how to include the latest release of rules_mayhem into your environment.*
 
 ### Pre-requisites
 
-You'll need to modify your `.bazelrc` to use `--spawn-strategy=standalone`. 
+You'll need to modify your `.bazelrc` to set your Mayhem environment variables and use `--spawn-strategy=standalone`. 
 
 ```
 # Enable bzlmod
 common --enable_bzlmod
 
-# Define MAYHEM_URL - you can (and should!) change this if you have your own instance
-build --define=MAYHEM_URL=app.mayhem.security
+# Define MAYHEM_URL and MAYHEM_TOKEN - you can (and should!) change this if you have your own instance
+build --action_env=MAYHEM_URL=$MAYHEM_URL --action_env=MAYHEM_TOKEN=$MAYHEM_TOKEN
 
 # Spawn strategy - if this is not set, bazel tries to reference files that don't exist
 build --spawn_strategy=standalone
 ```
 
-Or, you can pass it to bazel directly, with `bazel build --spawn-strategy=standalone [...]`
+Or, you can pass it to bazel directly, with `bazel build --spawn-strategy=standalone --action_env=MAYHEM_URL=$MAYHEM_URL --action_env=MAYHEM_TOKEN=$MAYHEM_TOKEN [...]`
 
 
 ## To build a Mayhemfile
 
 Create a BUILD file:
 ```                                                                                                                                                              
-load("//mayhem:mayhem.bzl", "mayhemfile", "mayhem_run", "mayhem_package")
+load("//mayhem:mayhem.bzl", "mayhem_init", "mayhem_run", "mayhem_package")
 
 # Generates a minimal Mayhemfile
-mayhemfile(
+mayhem_init(
     name = "factor_mayhemfile",
     project = "bazel-rules",
     target = "factor",
@@ -59,7 +78,7 @@ INFO: 1 process: 1 internal.
 INFO: Build completed successfully, 1 total action
 ```
 
-Should produce valid Mayhemfile:
+This should produce a valid Mayhemfile:
 ```
 $ cat bazel-out/k8-fastbuild/bin/examples/factor_mayhemfile.mayhemfile
 
@@ -123,7 +142,7 @@ mayhem_run(
 Then build:
 
 ```
-bazel build //examples:run_factor
+bazel build --action_env=MAYHEM_URL=$MAYHEM_URL --action_env=MAYHEM_TOKEN=$MAYHEM_TOKEN //examples:run_factor
 INFO: Analyzed target //examples:run_factor (0 packages loaded, 0 targets configured).
 INFO: From Starting Mayhem run from 'examples':
 WARNING /home/xansec/mayhem/github/mcode/rules_mayhem/examples/testsuite is not a file or directory, skipping
@@ -210,7 +229,12 @@ INFO: Build completed successfully, 3 total actions
 
 # To Do
 
-- Customizeable Mayhem CLI download URL
-- Combine the `mayhem_run` targets into the `mayhemfile` and `mayhem_package` targets and execute with `bazel run`
-- Use output flag for `mayhem run` instead of custom wrapper script
-- Tests are currently `sh_test` only and do not run on Windows
+- [x] Customizeable Mayhem CLI download URL
+- [x] Support for packaging binaries
+- [x] `wait` parameter to `mayhem_run()`: Support waiting for Mayhem run to complete
+- [x] `fail_on_defects` parameter to `mayhem_run()`: Return exit code 1 if Mayhem run finds defects
+- [x] `mayhem_download` rule to grab testsuite and coverage info
+- [ ] Support MacOS (currently only Linux and Windows; MacOS requires binary signing and unpackaging)
+- [ ] Run the `mayhem_run` targets with `bazel run` instead of `bazel build`
+- [ ] Use output flag for `mayhem run` instead of custom wrapper script
+- [ ] Tests are currently `sh_test` only and do not run on Windows
diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod
@@ -1,10 +1,9 @@
-workspace(name = "rules_mayhem")
+# workspace(name = "rules_mayhem")
 
-load("@rules_mayhem//mayhem:repositories.bzl", "rules_mayhem_repositories", "rules_mayhem_archives")
+# load("@rules_mayhem//mayhem:repositories.bzl", "rules_mayhem_repositories")
 
-rules_mayhem_repositories()
-rules_mayhem_archives()
+# rules_mayhem_repositories(mayhem_url = "https://app.mayhem.security")
 
-load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace")
+# load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace")
 
-bazel_skylib_workspace()
+# bazel_skylib_workspace()
diff --git a/examples/BUILD b/examples/BUILD
@@ -1,4 +1,4 @@
-load("@rules_mayhem//mayhem:mayhem.bzl", "mayhem_init", "mayhem_run", "mayhem_package")
+load("@rules_mayhem//mayhem:mayhem.bzl", "mayhem_init", "mayhem_run", "mayhem_package", "mayhem_download")
 
 # Generates a minimal Mayhemfile
 mayhem_init(
@@ -64,14 +64,15 @@ mayhem_run(
 
 mayhem_run(
     name = "run_base64",
+    duration = "60",
     mayhemfile = ":base64_mayhemfile",
 )
 
 mayhem_run(
     name = "run_lighttpd",
-    duration = "60",
     regression = True, # run regression only
     wait = True, # wait for Mayhem to finish
+    fail_on_defects = True, # fail if defects are found
     mayhemfile = ":lighttpd_mayhemfile",
 )
 
@@ -80,13 +81,21 @@ mayhem_run(
 mayhem_run(
     name = "run_mayhemit",
     image = "ubuntu:latest",
-    project = "bazel-rules",
     owner = "forallsecure-demo",
+    project = "bazel-rules",
     target = "mayhemit",
     all = True,
     target_path = ":package_mayhemit"
 )
 
+mayhem_download(
+    name = "download_mayhemit",
+    owner = "forallsecure-demo",
+    project = "bazel-rules",
+    target = "mayhemit",
+    output_dir = "mayhemit_output",
+)
+
 
 sh_test(
     name = "validate_factor",

diff --git a/mayhem/BUILD b/mayhem/BUILD
@@ -14,20 +14,48 @@ bzl_library(
     srcs = ["repositories.bzl"],
 )
 
+config_setting(
+    name = "is_linux_x64",
+    constraint_values = [
+        "@platforms//os:linux",
+        "@platforms//cpu:x86_64",
+    ],
+)
+
+config_setting(
+    name = "is_windows_x64",
+    constraint_values = [
+        "@platforms//os:windows",
+        "@platforms//cpu:x86_64",
+    ],
+)
+
+config_setting(
+    name = "is_osx_x64",
+    constraint_values = [
+        "@platforms//os:osx",
+        "@platforms//cpu:x86_64",
+    ],
+)
+
 alias(
     name = "mayhem_cli",
     actual = select({
-        "@platforms//os:linux": "@mayhem_cli_linux//file",
-        "@platforms//os:windows": "@mayhem_cli_windows//file",
+        ":is_linux_x64": "@mayhem_cli_linux//file",
+        ":is_windows_x64": "@mayhem_cli_windows//file",
+        # ":is_osx_x64": "@mayhem_cli_osx//file",
+        "//conditions:default": "@platforms//:incompatible",
     }),
     visibility = ["//visibility:public"],
 )
 
 alias(
     name = "yq_cli",
     actual = select({
-        "@platforms//os:linux": "@yq_cli_linux//file",
-        "@platforms//os:windows": "@yq_cli_windows//file",
+        ":is_linux_x64": "@yq_cli_linux//file",
+        ":is_windows_x64": "@yq_cli_windows//file",
+        ":is_osx_x64": "@yq_cli_osx//file",
+        "//conditions:default": "@platforms//:incompatible",
     }),
     visibility = ["//visibility:public"],
 )
diff --git a/mayhem/extensions.bzl b/mayhem/extensions.bzl
@@ -1,8 +1,8 @@
-load("@rules_mayhem//mayhem:repositories.bzl", "rules_mayhem_repositories", "rules_mayhem_archives")
-def _rules_mayhem_dependencies_impl(_ctx):
-    rules_mayhem_repositories()
-    rules_mayhem_archives()
+load("@rules_mayhem//mayhem:repositories.bzl", "rules_mayhem_repositories")
+def _rules_mayhem_extension_impl(_ctx):
+    mayhem_url = _ctx.getenv("MAYHEM_URL")
+    rules_mayhem_repositories(mayhem_url)
 
-rules_mayhem_dependencies = module_extension(
-    implementation = _rules_mayhem_dependencies_impl,
+rules_mayhem_extension = module_extension(
+    implementation = _rules_mayhem_extension_impl,
 )