2023-06-25 13:56:41 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eo pipefail
|
|
|
|
|
|
|
|
KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
|
2023-06-25 13:59:01 +00:00
|
|
|
KUSTOMIZE_CONFIG="**/overlays/**/kustomization.yaml"
|
2023-06-25 13:56:41 +00:00
|
|
|
|
|
|
|
FLUX_PATH="${1:-.}"
|
2023-06-25 14:26:54 +00:00
|
|
|
|
|
|
|
# shellcheck disable=SC2128
|
|
|
|
IFS=', ' read -r -a POLARIS_EXCLUDE_PATHS <<<"$POLARIS_EXCLUDE_PATHS"
|
|
|
|
|
|
|
|
echo "${POLARIS_EXCLUDE_PATHS[@]}"
|
2023-06-25 13:56:41 +00:00
|
|
|
|
|
|
|
if [ -z "$POLARIS_CONFIG" ]; then
|
|
|
|
POLARIS_CONFIG=(
|
|
|
|
"--format=pretty"
|
|
|
|
"--set-exit-code-on-danger"
|
|
|
|
"--set-exit-code-below-score=80"
|
|
|
|
"--only-show-failed-tests=true"
|
|
|
|
"--audit-path=-"
|
|
|
|
)
|
|
|
|
else
|
|
|
|
# shellcheck disable=SC2128
|
|
|
|
IFS=', ' read -r -a POLARIS_CONFIG <<<"$POLARIS_CONFIG"
|
|
|
|
fi
|
|
|
|
|
|
|
|
printf "\nINFO - Auditing kustomize overlays\n"
|
2023-06-25 14:26:54 +00:00
|
|
|
find "${FLUX_PATH%/}" -type f -iwholename "$KUSTOMIZE_CONFIG" -print0 | while IFS= read -r -d $'\0' file; do
|
|
|
|
KUSTOMIZE_BASENAME=$(basename "$KUSTOMIZE_CONFIG")
|
|
|
|
KUSTOMIZE_BUILD="${file/%$KUSTOMIZE_BASENAME/}"
|
|
|
|
|
2023-06-25 13:56:41 +00:00
|
|
|
for EXCLUDE in "${POLARIS_EXCLUDE_PATHS[@]}"; do
|
2023-06-25 14:26:54 +00:00
|
|
|
if [ "$EXCLUDE" == "$KUSTOMIZE_BUILD" ]; then
|
|
|
|
printf "INFO - Skipping kustomization %s\n" "$KUSTOMIZE_BUILD"
|
2023-06-25 13:56:41 +00:00
|
|
|
continue 2
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
2023-06-25 14:26:54 +00:00
|
|
|
printf "INFO - Auditing kustomization %s\n" "$KUSTOMIZE_BUILD"
|
|
|
|
kustomize build "$KUSTOMIZE_BUILD" "${KUSTOMIZE_FLAGS[@]}" |
|
2023-06-25 13:56:41 +00:00
|
|
|
polaris audit "${POLARIS_CONFIG[@]}"
|
|
|
|
echo
|
|
|
|
if [[ ${PIPESTATUS[0]} != 0 ]]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
done
|