feat: implement new commands code-test and container-test + new c…

[cp-andrew-lindesay]

• Ready for review
• Follows CONTRIBUTING rules
• Reviewed by Snyk internal team

Note that I have NOT agreed to the contributor agreement (on behalf of an organisation) using the indicated tool owing to security concerns with it. I have contacted a Snyk staff member who I have asked to get in touch to confirm this.

What does this PR do?

• Documentation has been added to provide guidance around env-vars required for local development on the module.
• Documentation has been added to support the new features introduced in this PR.
• There appears to be an issue in the test test-multi-module-child which has been resolved.
• The name of the test project in the test test-with-specific-cli-version appears to be incorrect and this ha been resolved
• There is support for a new goal configuration parameter failOnActionNeeded which can control if an "action needed" situation should fail the build or not.
• The Snyk tool commands code test and container test are now supported

Where should the reviewer start?

Review the documentation updates and then see the new commands implemented in Command.java, CommandLine.java, SnykCodeTestMojo.java and SnykContainerTestMojo.java. The logic for the failOnActionNeeded is to be found in SnykMojoExecutor.java.

How should this be manually tested?

Create a Java Maven project that builds to a container image. The project should intentionally exhibit a dependency vulnerability, a code-based vulnerability and a container image vulnerability. Implement Snyk Maven plugin executions so that code-test and container-test goals are run as required. By default the issues in the project will not trigger a build failure. Now configure the Maven plugin with failOnActionNeeded set to true and observe that a vulnerability in the project yields a build failure.

Any background context you want to provide?

N/A

What are the relevant tickets?

N/A

Screenshots

N/A

Additional questions

N/A

[CLAassistant]

All committers have signed the CLA.

[michelkaporin]

Hi, thank you a lot for you contribution! Please have a look at minor comments left. It would be also good to fix the test-without-dependency test. 🙏

[cp-andrew-lindesay]

Hello @michelkaporin - thank you for the review and your comments. I have made those changes that you have requested. Please have another look over those. I have re-run the tests and they are all passing successfully for me. Specifically the test-without-dependency is working;

[INFO] Building: test-update-policy-always/pom.xml
[INFO] run pre-build script setup.groovy
[INFO] run post-build script verify.groovy
[INFO]           test-without-dependency/pom.xml .................. SUCCESS (21.0 s)

Could you please provide a trace with the issue that you are seeing after these changes have been applied?

[michelkaporin]

@cp-andrew-lindesay test-without-dependency seem to fail due to isBlank method not available in JDK 1.8 our CI is running. Perhaps worth replacing it with isEmpty, that is available in the old version. I do not suggest updating JDK in our CI at the moment.

[INFO]   groovy.lang.MissingMethodException: No signature of method: java.lang.String.isBlank() is applicable for argument types: () values: []
Possible solutions: isLong(), isFloat(), isCase(java.lang.Object), isCase(java.lang.Object), intern(), isEmpty()
[INFO]           test-without-dependency/pom.xml .................. FAILED (6.9 s)

Are PR checks visible to you? https://github.com/snyk/snyk-maven-plugin/actions/runs/3460241672/jobs/5776570286.

Also test-container-test doesn't pass on Windows and Mac, due to the old image version. I've run it locally on Mac and it failed with Invalid manifest schema version 1 error. I suggest updating image version to the newer one and changing the test accordingly.

[cp-andrew-lindesay]

Hello @michelkaporin ; Yes I can see those test run outputs thanks. I have updated isBlank --> isEmpty and have updated the image for the test-container-test together with the corresponding assertions. Can you please run the test suite on the different platforms again?

[michelkaporin]

@cp-andrew-lindesay thank you! The PR looks good to me.

snyk container test fails in GitHub actions on Windows runner, unfortunately. I've extracted the actual reason here. Since it works on normal Windows, I will check internally what can be done to tackle this, and will get back to you as soon as possible. Once resolved, we can merge the PR and release the plugin :)

[michelkaporin]

@cp-andrew-lindesay I've chatted internally and the issue is that Windows runner targets windows/amd64 for container scanning. Since we don't support Windows containers, the workflow was failing.

You can add <arg>--platform=linux/amd64</arg> as another CLI param to the test-container-test pom.xml to tackle this. This should fix the problem and we can merge the PR then.

[cp-andrew-lindesay]

@michelkaporin ; thanks for that -- I have added the additional argument as specified above. Hopefully this will resolve the build issue.

[michelkaporin]

Thank you for your contribution! ⭐

[cp-andrew-lindesay]

@michelkaporin thank your for your collaboration on this. Is it possible to find out if you will be releasing a new version carrying this logic in the near future?

[michelkaporin]

@cp-andrew-lindesay Sure, we will release this PR in the 2.2.0 version today.

[michelkaporin]

@cp-andrew-lindesay it should be released now 🎉

[cp-andrew-lindesay]

Thank you again @michelkaporin .