Update atom to include php packages (#106)

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
AppThreat · Jan 6, 2024 · 1102f51 · 1102f51
1 parent feafaff
commit 1102f51
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 14 deletions.
diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml
@@ -27,7 +27,7 @@ jobs:
         uses: actions/setup-java@v3
         with:
           distribution: 'zulu'
-          java-version: '21'      
+          java-version: '21'
       - name: Use Node.js
         uses: actions/setup-node@v3
         with:
@@ -74,7 +74,7 @@ jobs:
         with:
           file: ci/Dockerfile
           context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/README.md b/README.md
@@ -148,6 +148,20 @@ To also compute and include data-dependency graph (DDG) information in the expor
 atom -o app.atom -l java --export-atom --export-dir <export dir> --with-data-deps <path to application>
 ```
 
+## container usage
+
+```shell
+docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom --help
+# podman run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom --help
+```
+
+Example for java project.
+
+```shell
+docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom -l java -o /app/app.atom /app
+# podman run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom -l java -o /app/app.atom /app
+```
+
 ## Languages supported
 
 - C/C++ (Requires Java 17 or above)

diff --git a/ci/Dockerfile b/ci/Dockerfile
@@ -1,17 +1,17 @@
-FROM almalinux:9.2-minimal
+FROM almalinux:9.3-minimal
 
 LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <cloud@appthreat.com>" \
       org.opencontainers.image.source="https://github.com/appthreat/chen" \
       org.opencontainers.image.url="https://github.com/appthreat/atom" \
-      org.opencontainers.image.version="1.7.x" \
+      org.opencontainers.image.version="1.8.x" \
       org.opencontainers.image.vendor="appthreat" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.title="atom" \
       org.opencontainers.image.description="Container image for AppThreat atom" \
-      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom atom"
+      org.opencontainers.docker.cmd="docker run --rm -v /tmp:/tmp -v $HOME:$HOME -v $(pwd):/app:rw -it ghcr.io/appthreat/atom"
 
-ARG MAVEN_VERSION=3.9.5
+ARG MAVEN_VERSION=3.9.6
 ARG JAVA_VERSION=21.0.1-graalce
 
 ENV JAVA_VERSION=$JAVA_VERSION \
@@ -20,9 +20,11 @@ ENV JAVA_VERSION=$JAVA_VERSION \
     MAVEN_HOME="/opt/maven/${MAVEN_VERSION}" \
     JAVA_OPTS="-XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1" \
     ANDROID_HOME=/opt/android-sdk-linux \
-    JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8"
+    JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \
+    PHP_PARSER_BIN=/opt/vendor/bin/php-parse \
+    COMPOSER_ALLOW_SUPERUSER=1
 
-ENV PATH=${PATH}:/opt/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:
+ENV PATH=${PATH}:/opt/bin:/opt/vendor/bin:${JAVA_HOME}/bin:${MAVEN_HOME}/bin:/usr/local/bin/:/root/.local/bin:${ANDROID_HOME}/cmdline-tools/latest/bin:${ANDROID_HOME}/tools:${ANDROID_HOME}/tools/bin:${ANDROID_HOME}/platform-tools:
 
 WORKDIR /opt
 
@@ -38,8 +40,9 @@ RUN set -e; \
             ;; \
         *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \
     esac; \
-    echo -e "[nodejs]\nname=nodejs\nstream=21\nprofiles=\nstate=enabled\n" > /etc/dnf/modules.d/nodejs.module \
-    && microdnf install -y gcc git-core wget bash glibc-common glibc-all-langpacks \
+    echo -e "[nodejs]\nname=nodejs\nstream=20\nprofiles=\nstate=enabled\n" > /etc/dnf/modules.d/nodejs.module \
+    && microdnf install -y gcc git-core php php-cli php-curl php-zip php-bcmath php-json php-pear php-mbstring php-devel make \
+        wget bash glibc-common glibc-all-langpacks \
         pcre2 findutils which tar gzip zip unzip sudo nodejs \
     && curl -s "https://get.sdkman.io" | bash \
     && source "$HOME/.sdkman/bin/sdkman-init.sh" \
@@ -58,16 +61,21 @@ RUN set -e; \
     && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platform-tools' --sdk_root=/opt/android-sdk-linux \
     && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'platforms;android-34' --sdk_root=/opt/android-sdk-linux \
     && /opt/android-sdk-linux/cmdline-tools/latest/bin/sdkmanager 'build-tools;34.0.0' --sdk_root=/opt/android-sdk-linux \
-    && sudo npm install -g @cyclonedx/cdxgen --omit=optional
+    && sudo npm install -g @cyclonedx/cdxgen --omit=optional \
+    && php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && php composer-setup.php \
+    && mv composer.phar /usr/local/bin/composer \
+    && curl -LO https://raw.githubusercontent.com/AppThreat/chen/main/platform/frontends/php2atom/composer.lock \
+    && curl -LO https://raw.githubusercontent.com/AppThreat/chen/main/platform/frontends/php2atom/composer.json
 
 ENV LC_ALL=en_US.UTF-8 \
     LANG=en_US.UTF-8 \
     LANGUAGE=en_US.UTF-8
 COPY ./target/atom.zip .
-COPY ./wrapper .    
+COPY ./wrapper .
 RUN unzip -q atom.zip \
+    && composer update --no-progress --prefer-dist --ignore-platform-reqs \
     && sudo npm install -g /opt/nodejs \
-    && rm -rf atom.zip nodejs \
+    && rm -rf atom.zip nodejs composer.json composer.lock composer-setup.php \
     && microdnf clean all
 
-CMD ["atom"]
+ENTRYPOINT ["/opt/bin/atom"]