From 0f287db5d30aced70dbc7f7d6bb5c8b919114b4c Mon Sep 17 00:00:00 2001
From: Calin Marina <calin.marina@gmail.com>
Date: Thu, 4 Apr 2024 00:26:17 +0100
Subject: [PATCH] feat(image): add `--docker-host` option for GH Action users
 (#267)

* add option to update docker-host via cli parameter

* chore: update test results

---------

Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com>
---
 action.yaml    | 4 ++++
 entrypoint.sh  | 8 +++++++-
 test/test.bats | 8 ++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/action.yaml b/action.yaml
index 02bcd34..9b49414 100644
--- a/action.yaml
+++ b/action.yaml
@@ -94,6 +94,9 @@ inputs:
   limit-severities-for-sarif:
     description: 'limit severities for SARIF format'
     required: false
+  docker-host:
+    description: 'unix domain socket path to use for docker scanning'
+    required: false
 
 runs:
   using: 'docker'
@@ -123,3 +126,4 @@ runs:
     - '-v ${{ inputs.trivy-config }}'
     - '-x ${{ inputs.tf-vars }}'
     - '-z ${{ inputs.limit-severities-for-sarif }}'
+    - '-y ${{ inputs.docker-host }}'
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
index 0b6f46c..6e8f71f 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do
+while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:y:z:" o; do
    case "${o}" in
        a)
          export scanType=${OPTARG}
@@ -71,6 +71,9 @@ while getopts "a:b:c:d:e:f:g:h:i:j:k:l:m:n:o:p:q:r:s:t:u:v:x:z:" o; do
        x)
          export tfVars=${OPTARG}
        ;;
+       y)
+         export dockerHost=${OPTARG}
+       ;;
        z)
          export limitSeveritiesForSARIF=${OPTARG}
        ;;
@@ -165,6 +168,9 @@ if [ "$hideProgress" == "true" ];then
   ARGS="$ARGS --quiet"
   SARIF_ARGS="$SARIF_ARGS --quiet"
 fi
+if [ "$dockerHost" == "true" ];then
+  ARGS="$ARGS --docker-host $dockerHost"
+fi
 
 listAllPkgs=$(echo $listAllPkgs | tr -d '\r')
 if [ "$listAllPkgs" == "true" ];then
diff --git a/test/test.bats b/test/test.bats
index 5301eab..0d10781 100644
--- a/test/test.bats
+++ b/test/test.bats
@@ -82,6 +82,14 @@ bats_load_library bats-file
   assert_files_equal yamlconfig.test ./test/data/yamlconfig.test
 }
 
+@test "trivy image with custom docker-host" {
+  # trivy image --docker-host unix:///var/run/docker.sock --severity CRITICAL --output image.test knqyf263/vuln-image:1.2.3
+  run ./entrypoint.sh '-y unix:///var/run/docker.sock' '-a image' '-i knqyf263/vuln-image:1.2.3' '-h image.test' '-g CRITICAL'
+  run diff image.test ./test/data/image.test
+  echo "$output"
+  assert_files_equal image.test ./test/data/image.test
+}
+
 @test "trivy config with terraform variables" {
   # trivy config --format json --severity  MEDIUM --output  tfvars.test --tf-vars  ./test/data/dev.tfvars ./test/data  
   run ./entrypoint.sh "-a config"  "-j ./test/data" "-h tfvars.test" "-g MEDIUM" "-x dev.tfvars" "-b json"