authzed · vroldanbet · Jul 18, 2023 · Jul 18, 2023 · ecordell · Jul 18, 2023
@@ -6,4 +6,5 @@ var Aliases = map[string]interface{}{
 	"test":     Test.Unit,
 	"generate": Gen.All,
 	"lint":     Lint.All,
+	"scan":     Lint.Scan,
 }
@@ -9,13 +9,13 @@ import (
 
 type Build mg.Namespace
 
-// Build the wasm bundle
+// Wasm Build the wasm bundle
 func (Build) Wasm() error {
 	return sh.RunWithV(map[string]string{"GOOS": "js", "GOARCH": "wasm"},
 		"go", "build", "-o", "dist/development.wasm", "./pkg/development/wasm/...")
 }
 
-// Build the spicedb image for tests
+// Testimage Build the spicedb image for tests
 func (Build) Testimage() error {
 	mg.Deps(checkDocker)
 	return sh.RunWithV(map[string]string{"DOCKER_BUILDKIT": "1"}, "docker",

@@ -10,7 +10,7 @@ var goModules = []string{
 
 type Deps mg.Namespace
 
-// go mod tidy all go modules
+// Tidy go mod tidy all go modules
 func (Deps) Tidy() error {
 	for _, mod := range goModules {
 		if err := runDirV(mod, "go", "mod", "tidy"); err != nil {
@@ -21,7 +21,7 @@ func (Deps) Tidy() error {
 	return nil
 }
 
-// go get -u all go dependencies
+// Update go get -u all go dependencies
 func (Deps) Update() error {
 	for _, mod := range goModules {
 		if err := runDirV(mod, "go", "get", "-u", "-t", "-tags", "ci,tools", "./..."); err != nil {

@@ -11,19 +11,19 @@ import (
 
 type Gen mg.Namespace
 
-// Run all generators in parallel
+// All Run all generators in parallel
 func (g Gen) All() error {
 	mg.Deps(g.Go, g.Proto)
 	return nil
 }
 
-// Run go codegen
+// Go Run go codegen
 func (Gen) Go() error {
 	fmt.Println("generating go")
 	return sh.RunV("go", "generate", "./...")
 }
 
-// Run proto codegen
+// Proto Run proto codegen
 func (Gen) Proto() error {
 	fmt.Println("generating buf")
 	return sh.RunV("go", "run", "github.com/bufbuild/buf/cmd/buf",

@@ -12,19 +12,25 @@ import (
 
 type Lint mg.Namespace
 
-// Run all linters
+// All Run all linters
 func (l Lint) All() error {
 	mg.Deps(l.Go, l.Extra)
 	return nil
 }
 
-// Lint everything that's not code
+// Scan Run all security scanning tools
+func (l Lint) Scan() error {
+	mg.Deps(l.Vulncheck, l.Trivy)
+	return nil
+}
+
+// Extra Lint everything that's not code
 func (l Lint) Extra() error {
 	mg.Deps(l.Markdown, l.Yaml)
 	return nil
 }
 
-// Lint yaml
+// Yaml Lint yaml
 func (Lint) Yaml() error {
 	mg.Deps(checkDocker)
 	cwd, err := os.Getwd()
@@ -36,7 +42,7 @@ func (Lint) Yaml() error {
 		"cytopia/yamllint:1", "-c", "/src/.yamllint", "/src")
 }
 
-// Lint markdown
+// Markdown Lint markdown
 func (Lint) Markdown() error {
 	mg.Deps(checkDocker)
 	cwd, err := os.Getwd()
@@ -48,7 +54,7 @@ func (Lint) Markdown() error {
 		"ghcr.io/igorshubovych/markdownlint-cli:v0.34.0", "--config", "/src/.markdownlint.yaml", "/src")
 }
 
-// Run all go linters
+// Go Run all go linters
 func (l Lint) Go() error {
 	err := Gen{}.All()
 	if err != nil {
@@ -58,19 +64,19 @@ func (l Lint) Go() error {
 	return nil
 }
 
-// Run gofumpt
+// Gofumpt Run gofumpt
 func (Lint) Gofumpt() error {
 	fmt.Println("formatting go")
 	return sh.RunV("go", "run", "mvdan.cc/gofumpt", "-l", "-w", ".")
 }
 
-// Run golangci-lint
+// Golangcilint Run golangci-lint
 func (Lint) Golangcilint() error {
 	fmt.Println("running golangci-lint")
 	return sh.RunV("go", "run", "github.com/golangci/golangci-lint/cmd/golangci-lint", "run", "--fix")
 }
 
-// Run all analyzers
+// Analyzers Run all analyzers
 func (Lint) Analyzers() error {
 	fmt.Println("running analyzers")
 	return runDirV("tools/analyzers", "go", "run", "./cmd/analyzers/main.go",
@@ -88,8 +94,15 @@ func (Lint) Analyzers() error {
 	)
 }
 
-// Run vulncheck
+// Vulncheck Run vulncheck
 func (Lint) Vulncheck() error {
 	fmt.Println("running vulncheck")
 	return sh.RunV("go", "run", "golang.org/x/vuln/cmd/govulncheck", "./...")
 }
+
+// Trivy Run Trivy
+func (l Lint) Trivy() error {
+	mg.Deps(Build{}.Testimage)
+	fmt.Println("running Trivy container scan")
+	return sh.RunV("docker", "run", "-v", "/var/run/docker.sock:/var/run/docker.sock", "aquasec/trivy:latest", "image", "--format", "table", "--exit-code", "1", "--ignore-unfixed", "--vuln-type", "os,library", "--no-progress", "--severity", "CRITICAL,HIGH,MEDIUM", "authzed/spicedb:ci")
+}
@@ -12,7 +12,7 @@ import (
 
 type Test mg.Namespace
 
-// Runs all test suites
+// All Runs all test suites
 func (t Test) All() error {
 	ds := Testds{}
 	c := Testcons{}
@@ -22,30 +22,30 @@ func (t Test) All() error {
 	return nil
 }
 
-// Runs the unit tests
+// Unit Runs the unit tests
 func (Test) Unit() error {
 	fmt.Println("running unit tests")
 	return goTest("./...", "-tags", "ci,skipintegrationtests", "-timeout", "10m")
 }
 
-// Run tests that run the built image
+// Image Run tests that run the built image
 func (Test) Image() error {
 	mg.Deps(Build{}.Testimage)
 	return goDirTest("./cmd/spicedb", "./...", "-tags", "docker,image")
 }
 
-// Run integration tests
+// Integration Run integration tests
 func (Test) Integration() error {
 	mg.Deps(checkDocker)
 	return goTest("./internal/services/integrationtesting/...", "-tags", "ci,docker", "-timeout", "15m")
 }
 
-// Run the analyzer unit tests
+// Analyzers Run the analyzer unit tests
 func (Test) Analyzers() error {
 	return goDirTest("./tools/analyzers", "./...")
 }
 
-// Run wasm browser tests
+// Wasm Run wasm browser tests
 func (Test) Wasm() error {
 	// build the test binary
 	if err := sh.RunWithV(map[string]string{"GOOS": "js", "GOARCH": "wasm"}, goCmdForTests(),
@@ -60,22 +60,22 @@ func (Test) Wasm() error {
 
 type Testds mg.Namespace
 
-// Run datastore tests for crdb
+// Crdb Run datastore tests for crdb
 func (Testds) Crdb() error {
 	return datastoreTest("crdb")
 }
 
-// Run datastore tests for spanner
+// Spanner Run datastore tests for spanner
 func (Testds) Spanner() error {
 	return datastoreTest("spanner")
 }
 
-// Run datastore tests for postgres
+// Postgres Run datastore tests for postgres
 func (Testds) Postgres() error {
 	return datastoreTest("postgres")
 }
 
-// Run datastore tests for mysql
+// Mysql Run datastore tests for mysql
 func (Testds) Mysql() error {
 	return datastoreTest("mysql")
 }
@@ -87,22 +87,22 @@ func datastoreTest(datastore string) error {
 
 type Testcons mg.Namespace
 
-// Run consistency tests for crdb
+// Crdb Run consistency tests for crdb
 func (Testcons) Crdb() error {
 	return consistencyTest("cockroachdb")
 }
 
-// Run consistency tests for spanner
+// Spanner Run consistency tests for spanner
 func (Testcons) Spanner() error {
 	return consistencyTest("spanner")
 }
 
-// Run consistency tests for postgres
+// Postgres Run consistency tests for postgres
 func (Testcons) Postgres() error {
 	return consistencyTest("postgres")
 }
 
-// Run consistency tests for mysql
+// Mysql Run consistency tests for mysql
 func (Testcons) Mysql() error {
 	return consistencyTest("mysql")
 }