working version that uses a downloaded snyk cli

needs to be able to dowload correct binary based on host platform, currently its hard-coded to macos

repositories.bzl

@@ -1,4 +1,4 @@
-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive", "http_file")
 
 def rules_snyk_repos():
     # python support for depgraph processing
@@ -22,3 +22,8 @@ def rules_snyk_repos():
     #    strip_prefix = "rules_python-0.14.0",
     #    url = "https://github.com/bazelbuild/rules_python/archive/refs/tags/0.14.0.tar.gz",
     #)
+    http_file(
+        name = "snyk_cli",
+        url = "https://github.com/snyk/cli/releases/download/v1.1256.0/snyk-macos-arm64",
+        sha256 = "346a52114f682f176536740e9e972758e2bfd678c7e8da30bb99058e19afb276",
+    )

snyk/gomod/BUILD

@@ -1 +1,2 @@
-package(default_visibility = ["//visibility:public"])
+package(default_visibility = ["//visibility:public"])
+exports_files(["snyk_cli_gomod.sh"])

snyk/gomod/rules.bzl

@@ -1,54 +1,33 @@
-load(":aspect.bzl", "gomod_deps_aspect")
-load(":depgraph.bzl", _depgraph = "snyk_gomod_depgraph")
-load("//snyk:rules.bzl", _monitor = "snyk_depgraph_monitor_deps", _test = "snyk_depgraph_test_deps")
-
 def snyk_gomod(
         name,
         target,
         snyk_project_name = "",
         snyk_organization_id = "",
         version = "bazel",
-        json = False,
-        #nocolor = False
+        json = False
     ):
 
-    package_source = "gomod"
-    depgraph_rule_name = name + "_depgraph"
-
-    _test(
-        name = name + "_test",
-        package_source = package_source,
-        org_id = snyk_organization_id,
-        depgraph = depgraph_rule_name,
-        json = json,
-        #nocolor = nocolor,
-    )
-
-    _monitor(
-        name = name + "_monitor",
-        package_source = package_source,
-        org_id = snyk_organization_id,
-        depgraph = depgraph_rule_name,
-        json = json,
-        # nocolor = nocolor,
+    # print("gomod rules.bzl hello!")
+    # print("gomod rules.bzl target: " + str(dir(target)))
+
+    native.sh_binary(
+        name = "snyk_test",
+        args = ["test", "$(location @snyk_cli//file)", "$(location @go_sdk//:bin/go)", "$(location " + target + ")"],
+        srcs = ["@rules_snyk//snyk/gomod:snyk_cli_gomod.sh"],
+        data = [
+            target,
+            "@snyk_cli//file",
+            "@go_sdk//:bin/go",
+        ],
     )
 
-    _depgraph(
-        name = depgraph_rule_name,
-        target = target,
-        package_source = package_source,
-        # project_name = snyk_project_name,
-        org_id = snyk_organization_id,
-        version = version,
+    native.sh_binary(
+        name = "snyk_monitor",
+        args = ["monitor", "$(location @snyk_cli//file)", "$(location @go_sdk//:bin/go)", "$(location " + target + ")"],
+        srcs = ["@rules_snyk//snyk/gomod:snyk_cli_gomod.sh"],
+        data = [
+            target,
+            "@snyk_cli//file",
+            "@go_sdk//:bin/go",
+        ],
     )
-
-def _snyk_scan_gomod_impl(ctx):
-    # collection and processing of transitives for gomod goes here
-    print('_snyk_scan_gomod_impl | handling of gomod transitives here')
-    print('_snyk_scan_impl | name=' + str(ctx.attr.name))
-    print("_snyk_scan_impl | oss_type=" + str(ctx.attr.oss_type))
-    print("_snyk_scan_impl | target=" + str(ctx.attr.target.label))
-
-
-def snyk_gomod_coordinates(gomod_target):
-    print("snyk_gomod_coordinates | hello")

snyk/gomod/snyk_cli_gomod.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+set -euo pipefail
+
+SNYK_ACTION=$1 # one of [test, monitor]
+SNYK_CLI_LOCATION=$2
+GO_LOCATION=$3
+TARGET_PATH=$4
+
+ADDITIONAL_ARGS="${@:5}"
+
+TARGET_FS_DIR="${BUILD_WORKSPACE_DIRECTORY}/${TARGET_PATH%/*}"
+SNYK_DEFAULT_PROJECT_NAME="${BUILD_WORKSPACE_DIRECTORY##*/}/${TARGET_PATH%/*}"
+
+# make the snyk CLI binary exectuable on the filesystem
+readlink -f $SNYK_CLI_LOCATION | xargs chmod +x
+GO_FS_PATH=$(readlink -f $GO_LOCATION)
+
+# echo "Which GO? $(which go)"
+# echo "PATH: ${PATH}"
+# echo "GO_FS_PATH: ${GO_FS_PATH}"
+
+# make the default go the one thats being used in the Bazel workspace
+# so the Snyk CLI will use it when testing
+export PATH="${GO_FS_PATH%/*}:${PATH}"
+
+# echo "PATH: ${PATH}"
+# echo "Which GO? $(which go)"
+# echo "TARGET_FS_DIR: ${TARGET_FS_DIR}"
+# echo "CURRENT DIRECTORY: $(pwd)"
+ORIGINAL_DIR=$(pwd)
+
+# echo "Listing files for TARGET DIR"
+# ls -lrt $TARGET_FS_DIR
+
+USING_PARENT_GO_MOD=false
+GO_MOD_FILE_NAME="go.mod"
+GO_SUM_FILE_NAME="go.sum"
+GO_MOD_FILE="${TARGET_FS_DIR}/${GO_MOD_FILE_NAME}"
+GO_SUM_FILE="${TARGET_FS_DIR}/${GO_SUM_FILE_NAME}"
+PARENT_GO_MOD_FILE="${BUILD_WORKSPACE_DIRECTORY}/${GO_MOD_FILE_NAME}"
+PARENT_GO_SUM_FILE="${BUILD_WORKSPACE_DIRECTORY}/${GO_SUM_FILE_NAME}"
+
+#change directory to where the source code is
+cd ${TARGET_FS_DIR}
+
+# prep go.mod and go.sum for subsequent go list command
+if [ ! -f "${GO_MOD_FILE}" ]; then
+    if [ -f "${PARENT_GO_MOD_FILE}" ]; then
+        USING_PARENT_GO_MOD=true
+        ln -s "${PARENT_GO_MOD_FILE}" ./
+        ln -s "${PARENT_GO_SUM_FILE}" ./
+        GO_MOD_FILE="${PARENT_GO_MOD_FILE}"
+        GO_SUM_FILE="${PARENT_GO_SUM_FILE}"
+    fi
+fi
+
+# echo "Using Go Mod  -> ${GO_MOD_FILE}"
+# echo "Using Go Sum  -> ${GO_SUM_FILE}"
+
+# echo "listing directory ..."
+
+# ls -lrt
+
+SNYK_CLI_PATH="${ORIGINAL_DIR}/${SNYK_CLI_LOCATION}"
+
+# echo "calling snyk binary at ${SNYK_CLI_PATH}"
+
+eval "${SNYK_CLI_PATH} ${SNYK_ACTION} ${ADDITIONAL_ARGS} --project-name=${SNYK_DEFAULT_PROJECT_NAME}"
+
+#eval "$1 list -m all"
+
+#clean up sym link
+
+if $USING_PARENT_GO_MOD; then
+  # echo "using parent go mod is true, clean up sym link"
+  unlink $GO_MOD_FILE_NAME
+  unlink $GO_SUM_FILE_NAME
+# else 
+#   echo "using parent go mod is false"
+fi