Documentation
¶
Index ¶
- Constants
- Variables
- func ReplaceCommandPlaceholders(input string, env map[string]string) string
- func ResetExecutableCache()
- func UpdateExecutableCache(candidates []Candidate) error
- type BaseCandidate
- type Candidate
- func DiscoverContainerCandidates(opts *DiscoverContainerOptions) []Candidate
- func DiscoverExecutables() ([]Candidate, error)
- func DiscoverNixStoreCandidates(opts *DiscoverNixOptions) []Candidate
- func DiscoverPathCandidates(opts *DiscoverPathOptions) []Candidate
- func LoadCachedExecutables() ([]Candidate, error)
- func LoadExecutables() ([]Candidate, error)
- func SelectCandidate(candidates []Candidate, options CandidateFilter) *Candidate
- type CandidateFilter
- type CandidateType
- type ContainerCache
- type ContainerCandidate
- type ContainerCerts
- type ContainerMount
- type ContainerPackage
- type ContainerSecurity
- type DiscoverContainerOptions
- type DiscoverNixOptions
- type DiscoverPathOptions
- type ExecCandidate
- type NixPackage
- type NixShellCandidate
- type NixStoreCandidate
- type PathDiscoveryRule
- type PathDiscoveryRuleLookup
- type PreferVersion
- type RunParameters
Constants ¶
View Source
const AnyVersionConstraint = ">= 0.0.0"
Variables ¶
View Source
var DefaultDiscoverContainerOptions = DiscoverContainerOptions{ Packages: []ContainerPackage{ { Binary: []string{"kubectl"}, Image: "ghcr.io/cidverse/kubectl", }, { Binary: []string{"mockery"}, Image: "ghcr.io/cidverse/mockery", }, { Binary: []string{"twitch"}, Image: "ghcr.io/cidverse/twitch-cli", }, { Binary: []string{"syft"}, Image: "ghcr.io/cidverse/syft", }, { Binary: []string{"wrangler"}, Image: "ghcr.io/cidverse/wrangler", }, { Binary: []string{"shellcheck"}, Image: "ghcr.io/cidverse/shellcheck", }, { Binary: []string{"flake8"}, Image: "ghcr.io/cidverse/flake8", }, { Binary: []string{"renovate"}, Image: "ghcr.io/cidverse/renovate", }, { Binary: []string{"oc"}, Image: "ghcr.io/cidverse/openshift", }, { Binary: []string{"poetry"}, Image: "ghcr.io/cidverse/poetry", }, { Binary: []string{"pipenv"}, Image: "ghcr.io/cidverse/pipenv", }, { Binary: []string{"aws"}, Image: "ghcr.io/cidverse/aws", }, { Binary: []string{"gosec"}, Image: "ghcr.io/cidverse/gosec", }, { Binary: []string{"ansible"}, Image: "ghcr.io/cidverse/ansible", }, { Binary: []string{"ansible-lint"}, Image: "ghcr.io/cidverse/ansible-lint", }, { Binary: []string{"osv-scanner"}, Image: "ghcr.io/cidverse/osv-scanner", }, { Binary: []string{"upx"}, Image: "ghcr.io/cidverse/upx", }, { Binary: []string{"gh"}, Image: "ghcr.io/cidverse/gh", }, { Binary: []string{"gitleaks"}, Image: "ghcr.io/cidverse/gitleaks", }, { Binary: []string{"glab"}, Image: "ghcr.io/cidverse/glab", }, { Binary: []string{"oras"}, Image: "ghcr.io/cidverse/oras", }, { Binary: []string{"slsa-verifier"}, Image: "ghcr.io/cidverse/slsa-verifier", }, { Binary: []string{"kubeseal"}, Image: "ghcr.io/cidverse/kubeseal", }, { Binary: []string{"semgrep"}, Image: "ghcr.io/cidverse/semgrep", }, { Binary: []string{"scorecard"}, Image: "ghcr.io/cidverse/scorecard", }, { Binary: []string{"hugo"}, Image: "ghcr.io/cidverse/hugo", }, { Binary: []string{"grype"}, Image: "ghcr.io/cidverse/grype", }, { Binary: []string{"ggshield"}, Image: "ghcr.io/cidverse/ggshield", }, { Binary: []string{"runpodctl"}, Image: "ghcr.io/cidverse/runpodctl", }, { Binary: []string{"cue"}, Image: "ghcr.io/cidverse/cue", }, { Binary: []string{"hadolint"}, Image: "ghcr.io/cidverse/hadolint", }, { Binary: []string{"liquibase"}, Image: "ghcr.io/cidverse/liquibase", }, { Binary: []string{"cosign"}, Image: "ghcr.io/cidverse/cosign", }, { Binary: []string{"rekor-cli"}, Image: "ghcr.io/cidverse/rekor-cli", }, { Binary: []string{"buildah"}, Image: "ghcr.io/cidverse/buildah", }, { Binary: []string{"helmfile"}, Image: "ghcr.io/cidverse/helmfile", }, { Binary: []string{"mc"}, Image: "ghcr.io/cidverse/minio-client", }, { Binary: []string{"rundeck-cli"}, Image: "ghcr.io/cidverse/rundeck-cli", }, { Binary: []string{"appinspector"}, Image: "ghcr.io/cidverse/appinspector", }, { Binary: []string{"codecov"}, Image: "ghcr.io/cidverse/codecov-cli", }, { Binary: []string{"sonar-scanner"}, Image: "ghcr.io/cidverse/sonarscanner-cli", }, { Binary: []string{"helm"}, Image: "ghcr.io/cidverse/helm", }, { Binary: []string{"fossa-cli"}, Image: "ghcr.io/cidverse/fossa-cli", }, { Binary: []string{"sarifrs"}, Image: "ghcr.io/cidverse/sarifrs", }, { Binary: []string{"skopeo"}, Image: "ghcr.io/cidverse/skopeo", }, { Binary: []string{"zizmor"}, Image: "ghcr.io/cidverse/zizmor", }, }, }
View Source
var DefaultDiscoverNixOptions = DiscoverNixOptions{ Packages: []NixPackage{ { Name: "openjdk", Expression: `([a-z0-9]{32})-(openjdk)-(\d+\.\d+\.\d+.+)`, }, { Name: "go", Expression: `([a-z0-9]{32})-(go)-(\d+\.\d+\.\d+)`, Env: map[string]string{ "GOPATH": "$HOME/go", "GOMODCACHE": "$HOME/go/pkg/mod", "GOCACHE": "$HOME/.cache/go-build", }, }, { Name: "zig", Expression: `([a-z0-9]{32})-(zig)-(\d+\.\d+\.\d+)`, }, { Name: "helm", Expression: `([a-z0-9]{32})-(kubernetes-helm)-(\d+\.\d+\.\d+)`, }, { Name: "helmfile", Expression: `([a-z0-9]{32})-(helmfile)-(\d+\.\d+\.\d+)`, }, { Name: "kubectl", Expression: `([a-z0-9]{32})-(kubectl)-(\d+\.\d+\.\d+)`, }, { Name: "openshift", Expression: `([a-z0-9]{32})-(openshift)-(\d+\.\d+\.\d+)`, }, { Name: "ansible", Expression: `([a-z0-9]{32})-(ansible)-(\d+\.\d+\.\d+)`, }, { Name: "minio-client", Expression: `([a-z0-9]{32})-(minio-client)-(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}Z)`, }, }, VersionLookupCommand: true, }
View Source
var DefaultDiscoverPathOptions = DiscoverPathOptions{ LookupRules: []PathDiscoveryRule{ { Binary: []string{"podman"}, Lookup: []PathDiscoveryRuleLookup{ { Key: "PATH", Version: "0.0.0", VersionCommand: "-v", VersionRegex: `(?m)podman version (\d+\.\d+\.\d+)`, }, }, }, { Binary: []string{"java"}, Lookup: []PathDiscoveryRuleLookup{ { Key: "PATH", Version: "0.0.0", VersionCommand: "--version", VersionRegex: `(?m)openjdk (\d+\.\d+\.\d+)`, }, { Key: "JAVA_HOME_8", KeyAliases: []string{"JAVA_HOME_8_X64", "JAVA_HOME_8_X86"}, Directory: "bin", Version: "8.0.0", VersionCommand: "--version", VersionRegex: `(?m)openjdk (\d+\.\d+\.\d+)`, }, { Key: "JAVA_HOME_11", KeyAliases: []string{"JAVA_HOME_11_X64", "JAVA_HOME_11_X86"}, Directory: "bin", Version: "11.0.0", VersionCommand: "--version", VersionRegex: `(?m)openjdk (\d+\.\d+\.\d+)`, }, { Key: "JAVA_HOME_17", KeyAliases: []string{"JAVA_HOME_17_X64", "JAVA_HOME_17_X86"}, Directory: "bin", Version: "17.0.0", VersionCommand: "--version", VersionRegex: `(?m)openjdk (\d+\.\d+\.\d+)`, }, { Key: "JAVA_HOME_21", KeyAliases: []string{"JAVA_HOME_21_X64", "JAVA_HOME_21_X86"}, Directory: "bin", Version: "21.0.0", VersionCommand: "--version", VersionRegex: `(?m)openjdk (\d+\.\d+\.\d+)`, }, }, }, { Binary: []string{"go"}, Lookup: []PathDiscoveryRuleLookup{ { Key: "PATH", Version: "0.0.0", VersionCommand: "version", VersionRegex: `(?m)go(\d+\.\d+\.\d+)`, }, { Key: "GOROOT_1_21", KeyAliases: []string{"GOROOT_1_21_X64"}, Version: "1.21.0", VersionCommand: "version", VersionRegex: `(?m)go(\d+\.\d+\.\d+)`, }, { Key: "GOROOT_1_22", KeyAliases: []string{"GOROOT_1_22_X64"}, Version: "1.22.0", VersionCommand: "version", VersionRegex: `(?m)go(\d+\.\d+\.\d+)`, }, { Key: "GOROOT_1_23", KeyAliases: []string{"GOROOT_1_23_X64"}, Version: "1.23.0", VersionCommand: "version", VersionRegex: `(?m)go(\d+\.\d+\.\d+)`, }, }, Env: map[string]string{ "GOPATH": "$HOME/go", "GOMODCACHE": "$HOME/go/pkg/mod", "GOCACHE": "$HOME/.cache/go-build", }, }, }, VersionLookupCommand: true, }
Functions ¶
func ReplaceCommandPlaceholders ¶
ReplaceCommandPlaceholders replaces env placeholders in a command
func ResetExecutableCache ¶
func ResetExecutableCache()
ResetExecutableCache clears the candidate cache
func UpdateExecutableCache ¶
UpdateExecutableCache persists the candidates into a file
Types ¶
type BaseCandidate ¶
type BaseCandidate struct {
Name string `yaml:"name,required"`
Version string `yaml:"version,required"`
Type CandidateType `yaml:"type,required"`
}
func (BaseCandidate) GetName ¶
func (c BaseCandidate) GetName() string
func (BaseCandidate) GetType ¶
func (c BaseCandidate) GetType() CandidateType
func (BaseCandidate) GetUri ¶
func (c BaseCandidate) GetUri() string
func (BaseCandidate) GetVersion ¶
func (c BaseCandidate) GetVersion() string
func (BaseCandidate) Run ¶
func (c BaseCandidate) Run(opts RunParameters) (string, string, error)
type Candidate ¶
type Candidate interface {
GetName() string
GetVersion() string
GetType() CandidateType
GetUri() string // GetUri returns the URI of the candidate, for auditing purposes
Run(opts RunParameters) (string, string, error)
}
func DiscoverContainerCandidates ¶
func DiscoverContainerCandidates(opts *DiscoverContainerOptions) []Candidate
func DiscoverExecutables ¶
func DiscoverNixStoreCandidates ¶
func DiscoverNixStoreCandidates(opts *DiscoverNixOptions) []Candidate
func DiscoverPathCandidates ¶
func DiscoverPathCandidates(opts *DiscoverPathOptions) []Candidate
func LoadCachedExecutables ¶
LoadCachedExecutables loads the candidates from the cache
func LoadExecutables ¶
func SelectCandidate ¶
func SelectCandidate(candidates []Candidate, options CandidateFilter) *Candidate
SelectCandidate selects the first candidate that matches the given requirements
type CandidateFilter ¶
type CandidateFilter struct {
Types []CandidateType
Executable string
VersionPreference PreferVersion
VersionConstraint string
}
type CandidateType ¶
type CandidateType string
const ( ExecutionExec CandidateType = "exec" ExecutionContainer CandidateType = "container" ExecutionNixStore CandidateType = "nix-store" )
func ToCandidateTypes ¶
func ToCandidateTypes(types []string) []CandidateType
type ContainerCache ¶
type ContainerCandidate ¶
type ContainerCandidate struct {
BaseCandidate
Image string `yaml:"package,omitempty"`
ImageCache []ContainerCache
Mounts []ContainerMount
Security ContainerSecurity
Entrypoint *string
Certs []ContainerCerts `yaml:"certs,omitempty"`
}
ContainerCandidate is used for the execution using container images
func (ContainerCandidate) GetUri ¶
func (c ContainerCandidate) GetUri() string
func (ContainerCandidate) Run ¶
func (c ContainerCandidate) Run(opts RunParameters) (string, string, error)
type ContainerCerts ¶
type ContainerMount ¶
type ContainerPackage ¶
type ContainerSecurity ¶
type DiscoverContainerOptions ¶
type DiscoverContainerOptions struct {
Packages []ContainerPackage
}
type DiscoverNixOptions ¶
type DiscoverNixOptions struct {
Packages []NixPackage
VersionLookupCommand bool
}
type DiscoverPathOptions ¶
type DiscoverPathOptions struct {
LookupRules []PathDiscoveryRule
VersionLookupCommand bool
}
type ExecCandidate ¶
type ExecCandidate struct {
BaseCandidate
AbsolutePath string `json:"absolute-path,omitempty"`
Env map[string]string `json:"env,omitempty"`
}
ExecCandidate is used for the execution using locally installed binaries
func (ExecCandidate) Run ¶
func (c ExecCandidate) Run(opts RunParameters) (string, string, error)
type NixShellCandidate ¶
type NixShellCandidate struct {
BaseCandidate
Package string `yaml:"package,omitempty"`
PackageVersion string `yaml:"package-version,omitempty"`
AdditionalPackages []string `yaml:"additional-packages,omitempty"`
Channel string `yaml:"channel,omitempty"`
}
NixShellCandidate is used for the execution using nix-shell
func (NixShellCandidate) Run ¶
func (c NixShellCandidate) Run(opts RunParameters) (string, string, error)
type NixStoreCandidate ¶
type NixStoreCandidate struct {
BaseCandidate
AbsolutePath string `json:"absolute-path,omitempty"`
Package string `json:"package,omitempty"`
PackageVersion string `json:"package-version,omitempty"`
Env map[string]string `json:"env,omitempty"`
}
NixStoreCandidate is used for the execution using binaries in the nix store
func (NixStoreCandidate) GetUri ¶
func (c NixStoreCandidate) GetUri() string
func (NixStoreCandidate) Run ¶
func (c NixStoreCandidate) Run(opts RunParameters) (string, string, error)
type PathDiscoveryRule ¶
type PathDiscoveryRule struct {
Binary []string
Lookup []PathDiscoveryRuleLookup
Env map[string]string
}
type PathDiscoveryRuleLookup ¶
type PreferVersion ¶
type PreferVersion string
const ( PreferHighest PreferVersion = "highest" PreferLowest PreferVersion = "lowest" )
Source Files
Click to show internal directories.
Click to hide internal directories.