From 1c8d77a4464794d47200c8513f331be43323ccc1 Mon Sep 17 00:00:00 2001
From: wangyan <wangyan@vmware.com>
Date: Sun, 5 Aug 2018 22:56:22 -0700
Subject: [PATCH] Add secure go result into CI pipeline

---
 Makefile             | 10 ++++++++++
 tests/integration.sh | 12 +++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 006fac70d..c51caf1fd 100644
--- a/Makefile
+++ b/Makefile
@@ -413,6 +413,16 @@ run_clarity_ut:
 	@echo "run clarity ut ..."
 	@$(DOCKERCMD) run --rm -v $(UINGPATH):$(CLARITYSEEDPATH) -v $(BUILDPATH)/tests:$(CLARITYSEEDPATH)/tests $(CLARITYIMAGE) $(SHELL) $(CLARITYSEEDPATH)/tests/run-clarity-ut.sh
 
+gosec:
+	#go get github.com/securego/gosec/cmd/gosec
+	#go get github.com/dghubble/sling
+	@echo "run secure go scan ..."
+	@if [ "$(GOSECRESULTS)" != "" ] ; then \
+		$(GOPATH)/bin/gosec -fmt=json -out=$(GOSECRESULTS) -quiet ./... | true ; \
+	else \
+		$(GOPATH)/bin/gosec -fmt=json -out=harbor_gas_output.json -quiet ./... | true ; \
+	fi
+
 pushimage:
 	@echo "pushing harbor images ..."
 	@$(DOCKERTAG) $(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG) $(REGISTRYSERVER)$(DOCKERIMAGENAME_ADMINSERVER):$(VERSIONTAG)
diff --git a/tests/integration.sh b/tests/integration.sh
index 23853c43e..c35af9247 100755
--- a/tests/integration.sh
+++ b/tests/integration.sh
@@ -211,7 +211,17 @@ if [ $upload_latest_build == true ] && [ $upload_bundle_success == true ] && [ $
     uploader $latest_build_file $harbor_target_bucket  
 fi
 
-## ------------------------------------------------ Tear Down ---------------------------------------------------
+## --------------------------------------------- Upload securego results ------------------------------------------
+if [ $DRONE_BUILD_EVENT == "push" ] && [ $rc -eq 0 ]; then
+    go get github.com/securego/gosec/cmd/gosec
+    go get github.com/dghubble/sling
+    make gosec -e GOSECRESULTS=harbor-gosec-results-latest.json
+    echo $git_commit > ./harbor-gosec-results-latest-version
+    uploader harbor-gosec-results-latest.json $harbor_target_bucket
+    uploader harbor-gosec-results-latest-version $harbor_target_bucket
+fi
+
+## ------------------------------------------------ Tear Down -----------------------------------------------------
 if [ -f "$keyfile" ]; then
   rm -f $keyfile
 fi