Concourse-CI
Integrating FOSSA with Concourse-CI
This guide is for you to set up a FOSSA project with a Concourse-CI workflow.
Getting started
Integrating FOSSA with your Concourse-CI pipeline uses fossa-cli
our open source dependency analysis client, to be installed on your CI machine. The client supports all 3 major operating systems (Unix, Darwin/OSX and Windows).
While we do not need to locally download the fossa-cli
client in configuring FOSSA for Concourse-CI, you may want to for testing purposes. To test the CLI, you can install it in your local environment using the command below or download it directly from our Github Releases page in order to test your API key and get a better understanding of the FOSSA build, test and analyze process.
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
# view `fossa` help text
fossa --help
Get your FOSSA API key
First, grab a FOSSA API Key from your FOSSA account under your Integration Settings.
Keep this FOSSA API key handy as you will need to add it as an environment variable to your CI machine.
Set up your Concourse-CI environment
Once the environment variable is ready, it's time to edit your CI configuration file.
In this example we take an existing build and test example of a node app and add a job that will chain after the build and test and run the fossa-cli
---
resources:
- name: nodejs.org-git
type: git
icon: github-circle
source:
uri: https://github.com/nodejs/nodejs.org.git
jobs:
- name: build_and_test
public: true
plan:
- get: nodejs.org-git
trigger: true
- task: run-tests
config:
platform: linux
image_resource:
type: registry-image
source: {repository: node, tag: "8"}
inputs:
- name: nodejs.org-git
run:
path: /bin/sh
args:
- -c
- |
cd nodejs.org-git
npm install
npm test
Add FOSSA steps to your Concourse-CI configuration file
Next, add a second job to to run the fossa
command order to upload dependency data from your build.
We recommend inserting the following in your configuration file under the first job that builds your code so that fossa
will still have access to a freshly-built environment before any tests run:
- name: fossa_run
public: true
plan:
- get: nodejs.org-git
passed: [build_and_test]
trigger: true
- task: run-fossa
config:
platform: linux
image_resource:
type: registry-image
source: {repository: node, tag: "8"}
inputs:
- name: nodejs.org-git
run:
path: /bin/sh
args:
- -c
- |
echo "Node Version: $(node --version)"
echo "NPM Version: $(npm --version)"
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
cd nodejs.org-git
fossa analyze
fossa test
params:
FOSSA_API_KEY: ((fossa_api_key))
You will now want to configure the pipeline using the fly
command. e.g. fly -t tutorial set-pipeline -p fossa-example-pipeline -c pipeline.yml
Once this is done you will then need to add the parameter. e.g. fly -t tutorial sp -c pipeline.yaml -p fossa-example-pipeline -v fossa_api_key=agreatbigapikey
Now with every CI build, you will be uploading a dependency report back to your hosted FOSSA instance.
Example pipeline.yml
configuration
pipeline.yml
configurationThe full pipeline.yml
configuration is included below.
---
resources:
- name: nodejs.org-git
type: git
icon: github-circle
source:
uri: https://github.com/nodejs/nodejs.org.git
jobs:
- name: build_and_test
public: true
plan:
- get: nodejs.org-git
trigger: true
- task: run-tests
config:
platform: linux
image_resource:
type: registry-image
source: {repository: node, tag: "8"}
inputs:
- name: nodejs.org-git
run:
path: /bin/sh
args:
- -c
- |
echo "Node Version: $(node --version)"
echo "NPM Version: $(npm --version)"
cd nodejs.org-git
npm install
npm test
- name: fossa_run
public: true
plan:
- get: nodejs.org-git
passed: [build_and_test]
trigger: true
- task: run-fossa
config:
platform: linux
image_resource:
type: registry-image
source: {repository: node, tag: "8"}
inputs:
- name: nodejs.org-git
run:
path: /bin/sh
args:
- -c
- |
echo "Node Version: $(node --version)"
echo "NPM Version: $(npm --version)"
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
cd nodejs.org-git
fossa analyze
fossa test
params:
FOSSA_API_KEY: ((fossa_api_key))
Customizing with
.fossa.yml
To customize your
fossa
task behavior, add a.fossa.yml
file to the root of your VCS.View the .fossa.yml reference on GitHub.
Updated 12 months ago