diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f7620a1..1a1d435 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -48,16 +48,27 @@ jobs: - name: Install Snyk CLI (Windows) if: ${{ matrix.os == 'windows' }} - run: npm install -g snyk + run: | + npm install -g snyk + snyk -v + where snyk - - name: Run Acceptance Tests (Ubuntu/macOS) - if: ${{ matrix.os != 'windows' }} + - name: Run Acceptance Tests (Ubuntu) + if: ${{ matrix.os == 'ubuntu' }} run: mvn -B invoker:install invoker:run env: SNYK_TEST_TOKEN: ${{secrets.SNYK_TEST_TOKEN}} SNYK_CLI_EXECUTABLE: /usr/local/bin/snyk SNYK_DOWNLOAD_DESTINATION: "downloads/snyk" + - name: Run Acceptance Tests (macOS) + if: ${{ matrix.os != 'macos' }} + run: mvn -B invoker:install invoker:run + env: + SNYK_TEST_TOKEN: ${{secrets.SNYK_TEST_TOKEN}} + SNYK_CLI_EXECUTABLE: /opt/homebrew/bin/snyk + SNYK_DOWNLOAD_DESTINATION: "downloads/snyk" + - name: Run Acceptance Tests (Windows) if: ${{ matrix.os == 'windows' }} run: mvn -B invoker:install invoker:run diff --git a/snyk-macos b/snyk-macos new file mode 100755 index 0000000..95d09f2 --- /dev/null +++ b/snyk-macos @@ -0,0 +1 @@ +hello world \ No newline at end of file diff --git a/snyk-macos.sha256 b/snyk-macos.sha256 new file mode 100644 index 0000000..c3932f0 --- /dev/null +++ b/snyk-macos.sha256 @@ -0,0 +1 @@ +b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9 snyk-macos \ No newline at end of file diff --git a/src/it/monitor-with-default-phase/verify.groovy b/src/it/monitor-with-default-phase/verify.groovy index 4de536f..d9a3691 100644 --- a/src/it/monitor-with-default-phase/verify.groovy +++ b/src/it/monitor-with-default-phase/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("Explore this snapshot at")) { - throw new Exception("Snapshot link not found."); + throw new Exception("Snapshot link not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/monitor-with-dependency/verify.groovy b/src/it/monitor-with-dependency/verify.groovy index 4de536f..d9a3691 100644 --- a/src/it/monitor-with-dependency/verify.groovy +++ b/src/it/monitor-with-dependency/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("Explore this snapshot at")) { - throw new Exception("Snapshot link not found."); + throw new Exception("Snapshot link not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-and-monitor/verify.groovy b/src/it/test-and-monitor/verify.groovy index 56616ba..280963a 100644 --- a/src/it/test-and-monitor/verify.groovy +++ b/src/it/test-and-monitor/verify.groovy @@ -3,11 +3,11 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("snyk test skipped")) { - throw new Exception("skip message not found"); + throw new Exception("skip message not found Log output:\n" + log + "\n"); } if (!log.contains("Explore this snapshot at")) { - throw new Exception("Snapshot link not found."); + throw new Exception("Snapshot link not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-cli-exists-but-sha-doesnt-exist/verify.groovy b/src/it/test-cli-exists-but-sha-doesnt-exist/verify.groovy index a5eaa6b..f7d5ffb 100644 --- a/src/it/test-cli-exists-but-sha-doesnt-exist/verify.groovy +++ b/src/it/test-cli-exists-but-sha-doesnt-exist/verify.groovy @@ -5,13 +5,13 @@ String shaOfCliFile = ITUtils.computeShaOfCLIFile(basedir); String shaFromShaFile = ITUtils.getShaFromShaFile(basedir); if (!shaOfCliFile.equals(shaFromShaFile)) { - throw new Exception("sha256 of CLI file does not match the one in the `.sha256` file"); + throw new Exception("sha256 of CLI file does not match the one in the `.sha256` file. Log output:\n" + log + "\n"); } String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed."); + throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-cli-exists-but-sha-doesnt-match/verify.groovy b/src/it/test-cli-exists-but-sha-doesnt-match/verify.groovy index a5eaa6b..f7d5ffb 100644 --- a/src/it/test-cli-exists-but-sha-doesnt-match/verify.groovy +++ b/src/it/test-cli-exists-but-sha-doesnt-match/verify.groovy @@ -5,13 +5,13 @@ String shaOfCliFile = ITUtils.computeShaOfCLIFile(basedir); String shaFromShaFile = ITUtils.getShaFromShaFile(basedir); if (!shaOfCliFile.equals(shaFromShaFile)) { - throw new Exception("sha256 of CLI file does not match the one in the `.sha256` file"); + throw new Exception("sha256 of CLI file does not match the one in the `.sha256` file. Log output:\n" + log + "\n"); } String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed."); + throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-code-test/verify.groovy b/src/it/test-code-test/verify.groovy index 7812507..684900e 100644 --- a/src/it/test-code-test/verify.groovy +++ b/src/it/test-code-test/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")) if (!log.contains("SQL Injection")) { - throw new Exception("no sql injection issue found") + throw new Exception("no sql injection issue found. Log output:\n" + log + "\n") } return true; diff --git a/src/it/test-container-test/verify.groovy b/src/it/test-container-test/verify.groovy index a2af5d3..00dbea6 100644 --- a/src/it/test-container-test/verify.groovy +++ b/src/it/test-container-test/verify.groovy @@ -3,11 +3,11 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")) if (!log.contains("Medium severity vulnerability found in tiff/libtiff5")) { - throw new Exception("Expected medium vulnerability not found") + throw new Exception("Expected medium vulnerability not found. Log output:\n" + log + "\n") } if (!log.contains("Critical severity vulnerability found in zlib/zlib1g")) { - throw new Exception("Expected critical vulnerability not found") + throw new Exception("Expected critical vulnerability not found. Log output:\n" + log + "\n") } return true diff --git a/src/it/test-multi-module-child/verify.groovy b/src/it/test-multi-module-child/verify.groovy index af6da23..e40a5d9 100644 --- a/src/it/test-multi-module-child/verify.groovy +++ b/src/it/test-multi-module-child/verify.groovy @@ -3,19 +3,19 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("test-multi-module-child ............................ SUCCESS")) { - throw new Exception("parent should have succeeded."); + throw new Exception("parent should have succeeded. Log output:\n" + log + "\n"); } if (!log.contains("child-module-1 ..................................... SUCCESS")) { - throw new Exception("child-module-1 should have succeeded."); + throw new Exception("child-module-1 should have succeeded. Log output:\n" + log + "\n"); } if (!log.contains("child-module-2 ..................................... FAILURE")) { - throw new Exception("child-module-2 should have failed."); + throw new Exception("child-module-2 should have failed. Log output:\n" + log + "\n"); } if (!log.contains("introduced by axis:axis@1.4")) { - throw new Exception("Could not find expected vulnerability in child-module-2."); + throw new Exception("Could not find expected vulnerability in child-module-2. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-multi-module-parent/verify.groovy b/src/it/test-multi-module-parent/verify.groovy index b6677b6..78f6423 100644 --- a/src/it/test-multi-module-parent/verify.groovy +++ b/src/it/test-multi-module-parent/verify.groovy @@ -3,31 +3,31 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("Target file: pom.xml")) { - throw new Exception("parent was not scanned."); + throw new Exception("parent was not scanned. Log output:\n" + log + "\n"); } if (!log.contains("Target file: child-module-1")) { - throw new Exception("child-module-1 was not scanned."); + throw new Exception("child-module-1 was not scanned. Log output:\n" + log + "\n"); } if (!log.contains("Target file: child-module-2")) { - throw new Exception("child-module-2 was not scanned."); + throw new Exception("child-module-2 was not scanned. Log output:\n" + log + "\n"); } if (!log.contains("test-multi-module-parent ........................... FAILURE")) { - throw new Exception("parent should have failed with vulnerabilities, including from children."); + throw new Exception("parent should have failed with vulnerabilities, including from children. Log output:\n" + log + "\n"); } if (!log.contains("child-module-1 ..................................... SKIPPED")) { - throw new Exception("child-module-1 should have been skipped."); + throw new Exception("child-module-1 should have been skipped. Log output:\n" + log + "\n"); } if (!log.contains("child-module-2 ..................................... SKIPPED")) { - throw new Exception("child-module-2 should have been skipped."); + throw new Exception("child-module-2 should have been skipped. Log output:\n" + log + "\n"); } if (!log.contains("introduced by axis:axis@1.4")) { - throw new Exception("Could not find vulnerability in parent."); + throw new Exception("Could not find vulnerability in parent. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-not-fail-on-issues/verify.groovy b/src/it/test-not-fail-on-issues/verify.groovy index 3a959ca..dda9bf2 100644 --- a/src/it/test-not-fail-on-issues/verify.groovy +++ b/src/it/test-not-fail-on-issues/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")) if (!log.contains("introduced by org.postgresql:postgresql@42.3.5")) { - throw new Exception("Vulnerability in dependency not found") + throw new Exception("Vulnerability in dependency not found. Log output:\n" + log + "\n") } return true; diff --git a/src/it/test-skip-pom/verify.groovy b/src/it/test-skip-pom/verify.groovy index 7e4d3a5..593bca9 100644 --- a/src/it/test-skip-pom/verify.groovy +++ b/src/it/test-skip-pom/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("snyk test skipped")) { - throw new Exception("skip message not found"); + throw new Exception("skip message not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-skip-property/verify.groovy b/src/it/test-skip-property/verify.groovy index 7e4d3a5..593bca9 100644 --- a/src/it/test-skip-property/verify.groovy +++ b/src/it/test-skip-property/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("snyk test skipped")) { - throw new Exception("skip message not found"); + throw new Exception("skip message not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-update-policy-always/verify.groovy b/src/it/test-update-policy-always/verify.groovy index 2645026..f7cd369 100644 --- a/src/it/test-update-policy-always/verify.groovy +++ b/src/it/test-update-policy-always/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed."); + throw new Exception("Expected dummy snyk to be replaced with updated CLI and executed. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-update-policy-never/verify.groovy b/src/it/test-update-policy-never/verify.groovy index 627d777..dca0b3b 100644 --- a/src/it/test-update-policy-never/verify.groovy +++ b/src/it/test-update-policy-never/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("command execution failed")) { - throw new Exception("Expected dummy snyk to not be replaced."); + throw new Exception("Expected dummy snyk to not be replaced. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-args/verify.groovy b/src/it/test-with-args/verify.groovy index a800074..8c6cb8a 100644 --- a/src/it/test-with-args/verify.groovy +++ b/src/it/test-with-args/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("io.snyk.it:test-with-args @ 1.0-SNAPSHOT")) { - throw new Exception("`snyk test --print-deps` --print-deps output not found"); + throw new Exception("`snyk test --print-deps` --print-deps output not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-default-phase/verify.groovy b/src/it/test-with-default-phase/verify.groovy index 062ec07..9b1c909 100644 --- a/src/it/test-with-default-phase/verify.groovy +++ b/src/it/test-with-default-phase/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("`snyk test` success output not found"); + throw new Exception("`snyk test` success output not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-dependency/verify.groovy b/src/it/test-with-dependency/verify.groovy index 84641d2..fd4a5e5 100644 --- a/src/it/test-with-dependency/verify.groovy +++ b/src/it/test-with-dependency/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("introduced by axis:axis@1.4")) { - throw new Exception("Vulnerability not found."); + throw new Exception("Vulnerability not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-ignores/verify.groovy b/src/it/test-with-ignores/verify.groovy index 92b911d..6af5dfd 100644 --- a/src/it/test-with-ignores/verify.groovy +++ b/src/it/test-with-ignores/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("no vulnerable paths found")) { - throw new Exception("Expected vulnerabilities to be ignored."); + throw new Exception("Expected vulnerabilities to be ignored. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-invalid-cli-executable/verify.groovy b/src/it/test-with-invalid-cli-executable/verify.groovy index 6415538..26700e0 100644 --- a/src/it/test-with-invalid-cli-executable/verify.groovy +++ b/src/it/test-with-invalid-cli-executable/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("command execution failed")) { - throw new Exception("`snyk test` failure output not found"); + throw new Exception("`snyk test` failure output not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-with-specific-cli-version/verify.groovy b/src/it/test-with-specific-cli-version/verify.groovy index 6d5ef5e..90566f7 100644 --- a/src/it/test-with-specific-cli-version/verify.groovy +++ b/src/it/test-with-specific-cli-version/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!(log =~ /Snyk CLI Version:\s+1\.487\.0/)) { - throw new Exception("snyk version log line not found"); + throw new Exception("snyk version log line not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-without-cli-executable/verify.groovy b/src/it/test-without-cli-executable/verify.groovy index 062ec07..9b1c909 100644 --- a/src/it/test-without-cli-executable/verify.groovy +++ b/src/it/test-without-cli-executable/verify.groovy @@ -3,7 +3,7 @@ import org.codehaus.plexus.util.FileUtils; String log = FileUtils.fileRead(new File(basedir, "build.log")); if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("`snyk test` success output not found"); + throw new Exception("`snyk test` success output not found. Log output:\n" + log + "\n"); } return true; diff --git a/src/it/test-without-dependency/verify.groovy b/src/it/test-without-dependency/verify.groovy index 9f822b3..a5dc367 100644 --- a/src/it/test-without-dependency/verify.groovy +++ b/src/it/test-without-dependency/verify.groovy @@ -4,19 +4,19 @@ String log = FileUtils.fileRead(new File(basedir, "build.log")) String snykCliExecutable = System.getenv("SNYK_CLI_EXECUTABLE") if (snykCliExecutable == null || snykCliExecutable.isEmpty()) { - throw new Exception("the environment variable `SNYK_CLI_EXECUTABLE` is not defined") + throw new Exception("the environment variable `SNYK_CLI_EXECUTABLE` is not defined. Log output:\n" + log + "\n") } if (!log.contains("Snyk Executable Path: " + System.getenv("SNYK_CLI_EXECUTABLE"))) { - throw new Exception("snyk executable path log line not found.") + throw new Exception("snyk executable path log line not found. Log output:\n" + log + "\n") } if (!(log =~ /Snyk CLI Version:\s+\d+\.\d+\.\d+/)) { - throw new Exception("snyk version log line not found") + throw new Exception("snyk version log line not found. Log output:\n" + log + "\n") } if (!log.contains("for known issues, no vulnerable paths found.")) { - throw new Exception("`snyk test` success output not found") + throw new Exception("`snyk test` success output not found. Log output:\n" + log + "\n") } return true diff --git a/src/main/java/io/snyk/snyk_maven_plugin/download/ExecutableDownloader.java b/src/main/java/io/snyk/snyk_maven_plugin/download/ExecutableDownloader.java index cd663d6..454ccba 100644 --- a/src/main/java/io/snyk/snyk_maven_plugin/download/ExecutableDownloader.java +++ b/src/main/java/io/snyk/snyk_maven_plugin/download/ExecutableDownloader.java @@ -42,22 +42,20 @@ public static File ensure(URL cliDownloadURL, File cliFile, String updatePolicy, if (cliFile.exists() && checksumFile.exists()) { if (verifyChecksum(cliFile, checksumFile)) { - if (shouldUpdate( - updatePolicy, - cliFile.lastModified(), - System.currentTimeMillis() + if (!shouldUpdate( + updatePolicy, + cliFile.lastModified(), + System.currentTimeMillis() )) { - // cli exists, checksum verified, but cli is stale and needs updating - cliFile.delete(); - checksumFile.delete(); - cliFile.getParentFile().mkdirs(); - } else { - // cli exists, checksum verified, cli is not stale and does not need updating return cliFile; } } } + cliFile.delete(); + checksumFile.delete(); + cliFile.getParentFile().mkdirs(); + downloader.download(cliDownloadURL, cliFile); URL checksumUrl = new URL(cliDownloadURL.toString() + ".sha256"); @@ -95,7 +93,7 @@ public static File iterateAndEnsure(List cliDownloadURLs, File cliFile, Str return downloadedFile; } } catch (RuntimeException e) { - System.err.println("Failed to download from " + cliDownloadURL + ": " + e.getMessage()); + System.err.println("Failed to download from '" + cliDownloadURL + "': " + e.getMessage()); } } throw new RuntimeException("Failed to download from URLs");