jan
/
concourse-dsa-resource
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity
Concourse Resource Type for Debian Security Announcements
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
2 Tags
4.3 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Go to file
Jan Dittberner 63b77842cf
Update README 		10 months ago
cmd/debian-dsa Initial release 11 months ago
internal/resource/dsa Use correct long description from DSA long RDF 10 months ago
.gitignore Initial release 11 months ago
COPYING Initial release 11 months ago
Dockerfile Use correct long description from DSA long RDF 10 months ago
Makefile Initial release 11 months ago
README.md Update README 10 months ago
debian-dsa Initial release 11 months ago
go.mod Use correct long description from DSA long RDF 10 months ago
go.sum Use correct long description from DSA long RDF 10 months ago

README.md

Concourse Resource Type for Debian Security Announcements

This Concourse CI resource type checks the Debian Security Announcements and reports the latest security announcements this can be used to trigger registry-image or docker-image builds when security updates are released.

The source code for the resource type is available at https://git.dittberner.info/jan/concourse-dsa-resource

License

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

Usage

To use the resource type in your own Concourse pipeline you will have to define the resource type and a resource:

---
resource_types:
- name: debian-dsa
  type: registry-image
  source:
    repository: jandd/concourse-dsa-resource
    tag: latest

resources:
- name: debian-dsa-version
  type: debian-dsa
  source: {}

jobs:
- name: security-update
  plan:
  - get: debian-dsa-version
    trigger: true

The resource type supports the check and in operations.

check operation

The check operations returns a list of versions consisting of an ISO date and the title of the available update. A shortened and pretty-printed example output looks like this:

  • Input

    {}

  • Output

    [
  {
    "date": "2023-01-18",
    "title": "DSA-5322"
  },
  {
    "date": "2023-01-19",
    "title": "DSA-5323"
  }
]

in operation

The in operation takes a version as described in Concourse's resource type implementation documentation and returns metadata. If the version exists. The following input example returns the output below:

  • Input

    {
  "source": {},
  "params": {},
  "version": {
    "date": "2023-01-18",
    "title": "DSA-5322"
  }
}

  • Output

    {
  "version": {
    "date": "2023-01-18",
    "dsa": "DSA-5322"
  },
  "metadata": {
    "link": "https://www.debian.org/security/2023/dsa-5322",
    "package": "firefox-esr",
    "description": "Multiple security issues have been found in the Mozilla Firefox web\nbrowser, which could potentially result in the execution of arbitrary\ncode, information disclosure or spoofing."
  }
}