chore: SDA-1635: add snyk to builds (#839)

* SDA-1635: add support for running snyk tests on builds

* SDA-1635: remove command checks for windows scripts

* SDA-1635: fix windows batch scripts

* SDA-1635: remove windows node version check

package-lock.json

@@ -13065,8 +13065,8 @@
       "optional": true
     },
     "screen-snippet": {
-      "version": "1.0.0",
-      "resolved": "git+https://github.com/symphonyoss/ScreenSnippet2.git#4bd0f9b76d3d99f341b344ef4d9264a0a6bc62a8",
+      "version": "1.0.1",
+      "resolved": "git+https://github.com/symphonyoss/ScreenSnippet2.git#b018f7b00ed4a63e77afea9db647c21510ed722a",
       "optional": true
     },
     "semver": {

scripts/build-linux.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 NODE_REQUIRED_VERSION=v12.13.1
+SNYK_API_TOKEN=885953dc-9469-443c-984d-524352d54116
 
 if ! [ -x "$(command -v git)" ]; then
   echo 'GIT does not exist! Please set it up before running this script!' >&2
@@ -34,8 +35,14 @@ if ! [ -x "$(command -v npm)" ]; then
 fi
 
 if ! [ -x "$(command -v gulp)" ]; then
-  echo 'Gulp does not exist! Install it for setting expiry!' >&2
-  exit 1
+  echo 'Gulp does not exist! Installing it!' >&2
+  npm install -g gulp
+fi
+
+if ! [ -x "$(command -v snyk)" ]; then
+  echo 'Snyk does not exist! Installing and setting it up' >&2
+  npm install -g snyk
+  snyk config set api=$SNYK_API_TOKEN
 fi
 
 if [ -z "$PARENT_BUILD_VERSION" ]; then
@@ -55,8 +62,13 @@ fi
 PKG_VERSION=$(node -e "console.log(require('./package.json').version);")
 
 # Install app dependencies
+echo "Installing dependencies"
 npm install
 
+# Run Snyk Security Tests
+echo "Running snyk security tests"
+snyk test --file=package.json
+
 # replace url in config
 echo "Setting default pod url to https://corporate.symphony.com"
 sed -i -e 's/\"url\"[[:space:]]*\:[[:space:]]*\".*\"/\"url\":\"https:\/\/corporate.symphony.com\"/g' config/Symphony.config

scripts/build-mac.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 NODE_REQUIRED_VERSION=v12.13.1
+SNYK_API_TOKEN=885953dc-9469-443c-984d-524352d54116
 
 # Check basic dependencies
 if ! [ -x "$(command -v git)" ]; then
@@ -35,8 +36,14 @@ if ! [ -x "$(command -v npm)" ]; then
 fi
 
 if ! [ -x "$(command -v gulp)" ]; then
-  echo 'Gulp does not exist! Install it for setting expiry!' >&2
-  exit 1
+  echo 'Gulp does not exist! Installing it!' >&2
+  npm install -g gulp
+fi
+
+if ! [ -x "$(command -v snyk)" ]; then
+  echo 'Snyk does not exist! Installing and setting it up' >&2
+  npm install -g snyk
+  snyk config set api=$SNYK_API_TOKEN
 fi
 
 if ! [ -x "$(command -v /usr/local/bin/packagesbuild)" ]; then
@@ -63,8 +70,13 @@ fi
 PKG_VERSION=$(node -e "console.log(require('./package.json').version);")
 
 # Install app dependencies
+echo "Installing dependencies"
 npm install
 
+# Run Snyk Security Tests
+echo "Running snyk security tests"
+snyk test --file=package.json
+
 # Replace url in config
 echo "Setting default pod url to https://corporate.symphony.com"
 sed -i -e 's/\"url\"[[:space:]]*\:[[:space:]]*\".*\"/\"url\":\"https:\/\/corporate.symphony.com\"/g' config/Symphony.config

scripts/build-win32.bat

@@ -6,6 +6,7 @@ echo %PATH%
 
 set DISABLE_REBUILD=true
 set NODE_REQUIRED_VERSION=12.13.1
+set SNYK_API_TOKEN=885953dc-9469-443c-984d-524352d54116
 
 set PATH=%PATH%;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
 echo %PATH%
@@ -25,24 +26,22 @@ if %ERRORLEVEL% NEQ 0 (
   EXIT /B 1
 )
 
-nvm install %NODE_REQUIRED_VERSION%
-nvm use %NODE_REQUIRED_VERSION%
+call nvm install %NODE_REQUIRED_VERSION%
+call nvm use %NODE_REQUIRED_VERSION%
 
-WHERE node
+WHERE gulp
 if %ERRORLEVEL% NEQ 0 (
-  echo "NODE does not exist. Please set it up before running this script."
-  EXIT /B 1
+  echo "GULP does not exist. Installing it."
+  call npm i gulp -g
 )
 
-WHERE npm
+WHERE snyk
 if %ERRORLEVEL% NEQ 0 (
-  echo "NPM does not exist. Please set it up before running this script."
-  EXIT /B 1
+  echo "Snyk does not exist! Installing and setting it up"
+  call npm i snyk -g
+  call snyk config set api=%SNYK_API_TOKEN%
 )
 
-echo "Node version is: "
-call node --version
-
 :: Below command replaces buildVersion with the appropriate build number from jenkins
 sed -i -e "s/\"buildNumber\"[[:space:]]*\:[[:space:]]*\".*\"/\"buildNumber\":\"%PARENT_BUILD_VERSION%\"/g" package.json
 
@@ -50,9 +49,13 @@ sed -i -e "s/\"buildNumber\"[[:space:]]*\:[[:space:]]*\".*\"/\"buildNumber\":\"%
 echo "Copying search libraries"
 echo D | xcopy /y "C:\jenkins\workspace\tronlibraries\library" "library"
 
-echo "Running npm install..."
+echo "Installing dependencies..."
 call npm install
 
+# Run Snyk Security Tests
+echo "Running snyk security tests"
+call snyk test --file=package.json
+
 :: Set expiry if required
 IF "%EXPIRY_PERIOD%"=="" (
     echo "Not setting expiry for the build!"

scripts/build-win64.bat

@@ -6,6 +6,7 @@ echo %PATH%
 
 set DISABLE_REBUILD=true
 set NODE_REQUIRED_VERSION=12.13.1
+set SNYK_API_TOKEN=885953dc-9469-443c-984d-524352d54116
 
 set PATH=%PATH%;C:\Program Files\nodejs\;C:\Program Files\Git\cmd
 echo %PATH%
@@ -13,36 +14,22 @@ echo %PATH%
 set PATH=%PATH%;C:\Program Files (x86)\GnuWin32\bin
 echo %PATH%
 
-WHERE git
+call nvm install %NODE_REQUIRED_VERSION%
+call nvm use %NODE_REQUIRED_VERSION%
+
+WHERE gulp
 if %ERRORLEVEL% NEQ 0 (
-  echo "GIT does not exist. Please set it up before running this script."
-  EXIT /B 1
+  echo "GULP does not exist. Installing it."
+  call npm i gulp -g
 )
 
-WHERE nvm
+WHERE snyk
 if %ERRORLEVEL% NEQ 0 (
-  echo "NVM does not exist. Please set it up before running this script."
-  EXIT /B 1
+  echo "Snyk does not exist! Installing and setting it up"
+  call npm i snyk -g
+  call snyk config set api=%SNYK_API_TOKEN%
 )
 
-nvm install %NODE_REQUIRED_VERSION%
-nvm use %NODE_REQUIRED_VERSION%
-
-WHERE node
-if %ERRORLEVEL% NEQ 0 (
-  echo "NODE does not exist. Please set it up before running this script."
-  EXIT /B 1
-)
-
-WHERE npm
-if %ERRORLEVEL% NEQ 0 (
-  echo "NPM does not exist. Please set it up before running this script."
-  EXIT /B 1
-)
-
-echo "Node version is: "
-call node --version
-
 :: Below command replaces buildVersion with the appropriate build number from jenkins
 sed -i -e "s/\"buildNumber\"[[:space:]]*\:[[:space:]]*\".*\"/\"buildNumber\":\"%PARENT_BUILD_VERSION%\"/g" package.json
 
@@ -50,9 +37,13 @@ sed -i -e "s/\"buildNumber\"[[:space:]]*\:[[:space:]]*\".*\"/\"buildNumber\":\"%
 echo "Copying search libraries"
 echo D | xcopy /y "C:\jenkins\workspace\tronlibraries\library" "library"
 
-echo "Running npm install..."
+echo "Installing dependencies..."
 call npm install
 
+# Run Snyk Security Tests
+echo "Running snyk security tests"
+call snyk test --file=package.json
+
 :: Set expiry if required
 IF "%EXPIRY_PERIOD%"=="" (
     echo "Not setting expiry for the build!"