blob: 3791d351b1f317b0fd31450eb5212f61ad3d90ec (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
PORTNAME= secrets
DISTVERSIONPREFIX= v
DISTVERSION= 7.20.1
PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= https://gitlab.com/api/v4/projects/60960406/packages/generic/secret-detection-rules/${SECRET_DETECTION_RULES_VERSION}/:rules \
https://gitlab.com/gitlab-org/security-products/post-analyzers/scripts/-/raw/v${POST_ANALYZER_SCRIPTS_VERSION}/:script
PKGNAMEPREFIX= gitlab-analyzers-
DISTFILES= secret-detection-rules-${SECRET_DETECTION_RULES_VERSION}.zip:rules \
start.sh:script
EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX}
MAINTAINER= mfechner@FreeBSD.org
COMMENT= Secret detection scanner for Gitlab
WWW= https://gitlab.com/gitlab-org/security-products/analyzers/secrets
LICENSE= MIT
LICENSE_FILE= ${WRKSRC}/LICENSE
EXTRACT_DEPENDS= ${UNZIP_CMD}:archivers/unzip
RUN_DEPENDS= gitleaks:devel/gitleaks \
git>=0:devel/git
USES= go:modules tar:bzip2
USE_GITLAB= yes
GL_ACCOUNT= gitlab-org/security-products/analyzers
GO_MOD_DIST= gitlab
GO_MODULE= gitlab.com/gitlab-org/security-products/analyzers/secrets/v6
GO_TARGET= ${PORTNAME}:analyzer-binary
GO_BUILDFLAGS= -ldflags="-X '${GO_MODULE}/metadata.AnalyzerVersion=${DISTVERSIONFULL}'"
DATADIR= ${PREFIX}/share/${PKGNAMEPREFIX}${PORTNAME}
# Versions
# These version can be found in https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/Dockerfile
SECRET_DETECTION_RULES_VERSION= v0.20.1
POST_ANALYZER_SCRIPTS_VERSION= 0.3.0
# Define where the rules should be extracted
RULES_DIR= ${WRKDIR}/rules
POSTSCRIPT_DIR= ${WRKDIR}/script
post-extract:
# Create rules directory and extract the zip file there
${MKDIR} ${RULES_DIR}
${UNZIP_CMD} -q -d ${RULES_DIR} ${DISTDIR}/${DIST_SUBDIR}/secret-detection-rules-${SECRET_DETECTION_RULES_VERSION}.zip
# Gitlab pipeline integration script
${MKDIR} ${POSTSCRIPT_DIR}
${CP} ${DISTDIR}/${DIST_SUBDIR}/start.sh ${POSTSCRIPT_DIR}/analyzer
# the binary that is executed is locate in /usr/local/bin, replace this
${REINPLACE_CMD} -e 's|SCRIPT_BASE_DIR="\$${SCRIPT_BASE_DIR:=/}"|SCRIPT_BASE_DIR="\$${SCRIPT_BASE_DIR:=${PREFIX}/bin}"|' \
${POSTSCRIPT_DIR}/analyzer
post-install:
${MKDIR} ${STAGEDIR}${DATADIR}
${INSTALL_DATA} ${WRKDIR}/rules/dist/all_rules.toml ${STAGEDIR}${DATADIR}/gitleaks.toml
${INSTALL} -m 0555 ${POSTSCRIPT_DIR}/analyzer ${STAGEDIR}${PREFIX}/bin
PLIST_FILES= bin/analyzer \
bin/analyzer-binary \
${DATADIR}/gitleaks.toml
.include <bsd.port.mk>
|
