Support multifile (#11)

fabasoad · Dec 8, 2021 · dc9f448 · dc9f448
1 parent 7010ada
commit dc9f448
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 20 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .DS_Store
+.gitleaks.toml
 .vscode/*
 !.vscode/settings.json
 .envrc

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -13,7 +13,7 @@ repos:
     hooks:
       - id: detect-secrets
   - repo: https://github.com/zricethezav/gitleaks
-    rev: v7.6.1
+    rev: v8.1.2
     hooks:
       - id: gitleaks
   # Markdown

diff --git a/README.md b/README.md
@@ -1,14 +1,28 @@
 # Snyk pre-commit hooks
 
-1. [snyk-iac](#snyk-iac)
-2. [snyk-test](#snyk-test)
+1. [snyk-container](#snyk-container)
+2. [snyk-iac](#snyk-iac)
+3. [snyk-test](#snyk-test)
 
 ## Documentation
 
 <!-- markdownlint-disable-next-line MD013 -->
 > `<rev>` is the latest revision tag from [fabasoad/pre-commit-snyk](https://github.com/fabasoad/pre-commit-snyk/releases)
 > repo.
 
+### snyk-container
+
+```yaml
+repos:
+  - repo: https://github.com/fabasoad/pre-commit-snyk
+    rev: <rev>
+    hooks:
+      - id: snyk-container
+        args: ["--exclude-base-image-vulns"]
+```
+
+> `args` is optional. In this example you can skip base image vulnerabilities.
+
 ### snyk-iac
 
 ```yaml

diff --git a/hooks/snyk-container.sh b/hooks/snyk-container.sh
@@ -3,21 +3,22 @@ set -eu
 SCRIPT_DIR="$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)"
 bash "${SCRIPT_DIR}"/_check-installation.sh
 
-for i in "$@"; do
-  case $i in
-    -i=*|--image=*)
-      image="${i#*=}"
-      ;;
-    *)
-      # unknown option
-      ;;
-  esac
-done
-
-if [ -z "${image:-}" ]
-then
-  image="snyk-container-test:$(date +%s)"
-  docker build -t "${image}" .
-fi
+prefix="[pre-commit-snyk]"
 
-snyk container test "${image}" "$@"
+tag=$(date +%s)
+i=1
+# shellcheck disable=SC2044
+for file_path in $(find . -type f -name "Dockerfile"); do
+  image="pre-commit-snyk:$tag-$i"
+  if [[ $i -gt 1 ]]
+  then
+    echo ""
+  fi
+  printf "%s Building %s from %s\n\n" "$prefix" "$image" "$file_path"
+  docker build -t "$image" "$(echo "$file_path" | rev | cut -d'/' -f2- | rev)"
+  printf "\n%s Testing %s\n\n" "$prefix" "$image"
+  snyk container test "$image" "--file=$file_path" "$@"
+  printf "\n%s Removing %s\n\n" "$prefix" "$image"
+  docker rmi "$(docker images "$image" -q)" || printf "\n%s Unable to remove %s" "$prefix" "$image"
+  i=$((i + 1))
+done