Merge pull request #74 from cyber-dojo/use-junit-output-for-rubocop

Use junit output for rubocop lint

.github/workflows/main.yml

@@ -101,7 +101,6 @@ jobs:
           fetch-depth: 1
 
       - name: Run Rubocop lint on source
-        id: lint
         run:
           make rubocop_lint
 
@@ -113,10 +112,10 @@ jobs:
 
       - name: Attest evidence to Kosli
         if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }}
-        run: |
-          KOSLI_COMPLIANT=$([ "${{ steps.lint.outcome }}" == 'success' ] && echo true || echo false)
-          kosli attest generic \
+        run:
+          kosli attest junit
             --name=runner.rubocop-lint
+            --results-dir=./reports/rubocop
 
 
   snyk-code-scan:
@@ -252,7 +251,7 @@ jobs:
       - name: Get unit test coverage
         id: coverage
         run:
-            make coverage_server
+          make coverage_server
 
       - name: Setup Kosli CLI
         if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }}
@@ -266,8 +265,8 @@ jobs:
           KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
         run:
           kosli attest junit
-              --name=runner.unit-test
-              --results-dir=./reports/server/junit
+            --name=runner.unit-test
+            --results-dir=./reports/server/junit
 
       - name: Attest coverage evidence to Kosli
         if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }}
@@ -276,9 +275,9 @@ jobs:
         run: |
           KOSLI_COMPLIANT=$([ "${{ steps.coverage.outcome }}" == 'success' ] && echo true || echo false)
           kosli attest generic \
-              --description="unit-test branch-coverage and metrics" \
-              --name=runner.unit-test-branch-coverage \
-              --user-data="./reports/server/coverage_metrics.json"
+            --description="unit-test branch-coverage and metrics" \
+            --name=runner.unit-test-branch-coverage \
+            --user-data="./reports/server/coverage_metrics.json"
 
 
   integration-tests:
@@ -320,8 +319,8 @@ jobs:
           KOSLI_FINGERPRINT: ${{ needs.build-image.outputs.artifact_digest }}
         run:
           kosli attest junit
-              --name=runner.integration-test
-              --results-dir=./reports/client/junit
+            --name=runner.integration-test
+            --results-dir=./reports/client/junit
 
       - name: Attest coverage evidence to Kosli
         if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }}
@@ -330,9 +329,9 @@ jobs:
         run: |
           KOSLI_COMPLIANT=$([ "${{ steps.coverage.outcome }}" == 'success' ] && echo true || echo false)
           kosli attest generic \
-              --description="integration-test branch-coverage and metrics" \
-              --name=runner.integration-test-branch-coverage \
-              --user-data="./reports/client/coverage_metrics.json"
+            --description="integration-test branch-coverage and metrics" \
+            --name=runner.integration-test-branch-coverage \
+            --user-data="./reports/client/coverage_metrics.json"
 
 
   snyk-container-scan:
@@ -363,11 +362,7 @@ jobs:
           IMAGE_NAME: ${{ needs.setup.outputs.image_name }}
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         run:
-          snyk container test ${IMAGE_NAME}
-            --file=Dockerfile
-            --policy-path=.snyk
-            --sarif
-            --sarif-file-output="${SARIF_FILENAME}"
+          make snyk_container_scan
 
       - name: Setup Kosli CLI
         if: ${{ github.ref == 'refs/heads/main' && (success() || failure()) }}

.snyk

@@ -7,9 +7,4 @@ ignore:
         reason: No fix available
         expires: 2025-01-08T10:03:36.581Z
         created: 2024-11-08T10:03:36.589Z
-  SNYK-ALPINE320-CURL-8348469:
-    - '*':
-        reason: No fix available
-        expires: 2025-01-08T10:03:36.581Z
-        created: 2024-11-08T10:03:36.589Z
 patch: {}

Dockerfile

@@ -1,4 +1,4 @@
-FROM cyberdojo/docker-base:b3a6744
+FROM cyberdojo/docker-base:6be7b3c
 LABEL [email protected]
 
 RUN gem install --no-document 'concurrent-ruby'

Makefile

@@ -4,7 +4,8 @@ all_server: image_server test_server coverage_server
 image_server:
 	${PWD}/bin/build_image.sh server
 
-# test_server does NOT depend on build_server, because in the CI workflow, the image is built with a GitHub Action
+# test_server does NOT depend on build_server, because in the CI workflow,
+# the image is built with a GitHub Action.
 # If you want to run only some tests, locally, use run_tests.sh directly
 test_server:
 	${PWD}/bin/run_tests.sh server
@@ -26,19 +27,15 @@ coverage_client:
 
 
 rubocop_lint:
-	docker run --rm --volume "${PWD}:/app" cyberdojo/rubocop --raise-cop-error
+	${PWD}/bin/rubocop_lint.sh
 
 demo:
 	${PWD}/bin/demo.sh
 
-snyk-container:
-	snyk container test ${IMAGE_NAME} \
-        --file=Dockerfile \
-		--sarif \
-		--sarif-file-output=snyk.container.scan.json \
-        --policy-path=.snyk
+snyk_container_scan:
+	${PWD}/bin/snyk_container_scan.sh
 
-snyk-code:
+snyk_code_scan:
 	snyk code test \
 		--sarif \
 		--sarif-file-output=snyk.code.scan.json \

bin/rubocop_lint.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -Eeu
+
+export ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+rm -rf "${ROOT_DIR}/reports/rubocop" &> /dev/null || true
+mkdir -p "${ROOT_DIR}/reports/rubocop"
+
+docker run \
+  --rm \
+  --volume "${ROOT_DIR}/reports/rubocop/:/reports/" \
+  --volume "${ROOT_DIR}:/app" \
+  cyberdojo/rubocop \
+  --raise-cop-error \
+  --format=progress \
+  --format=junit \
+  --out=/reports/junit.xml

bin/snyk_container_scan.sh

@@ -6,9 +6,10 @@ source "${ROOT_DIR}/bin/lib.sh"
 export $(echo_versioner_env_vars)
 
 readonly IMAGE_NAME="${CYBER_DOJO_RUNNER_IMAGE}:${CYBER_DOJO_RUNNER_TAG}"
+readonly SARIF_FILENAME=${SARIF_FILENAME:-snyk.container.scan.json}
 
 snyk container test "${IMAGE_NAME}" \
   --file="${ROOT_DIR}/Dockerfile" \
   --sarif \
-  --sarif-file-output="${ROOT_DIR}/snyk.container.scan.json" \
+  --sarif-file-output="${ROOT_DIR}/${SARIF_FILENAME}" \
   --policy-path="${ROOT_DIR}/.snyk"

source/client/Dockerfile

@@ -1,4 +1,4 @@
-FROM cyberdojo/docker-base:b3a6744
+FROM cyberdojo/docker-base:6be7b3c
 LABEL [email protected]
 
 WORKDIR /runner