Merge pull request #9 from buildkite-plugins/sup-2065-refactor-hooks

Refactor Plugin Hooks
buildkite-plugins · May 13, 2024 · c1bf7dc · c1bf7dc
2 parents b5c990b + 0bc6d7e
commit c1bf7dc
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -42,6 +42,7 @@ Here are a few examples of using the plugin to scan within your Buildkite pipeli
 ```yaml
 steps:
   - label: "🔎 Scanning with Snyk"
+    command: "test.sh"
     plugins:
       - snyk#v0.1.0:
           scan: 'oss'
@@ -54,6 +55,7 @@ steps:
 ```yaml
 steps:
   - label: "🔎 Scanning code with Snyk"
+    command: "test.sh"
     plugins:
       - snyk#v0.1.0:
           scan: 'code'
@@ -66,6 +68,7 @@ Scanning a docker container image by image name and tag:
 ```yaml
 steps:
   - label: "🔎 Scanning container image with Snyk"
+    command: "build.sh"
     plugins:
       - snyk#v0.1.0:
           scan: 'container'
@@ -79,6 +82,7 @@ Block a build when a vulnerability is detected:
 ```yaml
 steps:
   - label: "🔎 Blocking snyk scan"
+    command: "test.sh"
     plugins:
       - snyk#v0.1.0:
           scan: 'oss'

diff --git a/hooks/post-command b/hooks/post-command
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -euo pipefail
+
+DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd)"
+
+# shellcheck source=lib/snyk.sh
+. "$DIR/../lib/snyk.sh"
+
+# set up the environment
+configure_plugin
+
+#run the scan
+snyk_scan
+
diff --git a/lib/auth.sh b/lib/auth.sh
diff --git a/tests/snyk.bats b/tests/snyk.bats
@@ -25,7 +25,7 @@ setup() {
   unset BUILDKITE_PLUGIN_SNYK_TOKEN_ENV
   unset SNYK_TOKEN
 
-  run "$PWD"/hooks/command
+  run "$PWD"/hooks/post-command
 
   assert_failure
   assert_output --partial 'No token set'
@@ -50,7 +50,7 @@ setup() {
   "artifact upload ${BUILDKITE_PIPELINE_SLUG}-${BUILDKITE_BUILD_NUMBER}-oss.html : exit 0" \
   "annotate \* \* \* \* \* : exit 0"
 
-  run "$PWD"/hooks/command
+  run "$PWD"/hooks/post-command
 
   assert_success
   assert_output --partial 'Scanning OSS'
@@ -66,7 +66,7 @@ setup() {
   stub snyk \
    "code test --json-file-output=${BUILDKITE_PIPELINE_SLUG}-${BUILDKITE_BUILD_NUMBER}-snyk-code.json : echo 'Scanning Code'"
 
-  run "$PWD"/hooks/command
+  run "$PWD"/hooks/post-command
 
   assert_success
   assert_output --partial 'Scanning Code'
@@ -87,7 +87,7 @@ setup() {
   "artifact upload ${BUILDKITE_PIPELINE_SLUG}-${BUILDKITE_BUILD_NUMBER}-container.html : exit 0" \
   "annotate \* \* \* \* \* : exit 0"
 
-  run "$PWD"/hooks/command
+  run "$PWD"/hooks/post-command
 
   assert_success
   assert_output --partial 'Scanning Container llama'