feat: support selecting distribution channel (#192)

---------

Co-authored-by: Jason Luong <[email protected]>

Author: thisislawatts

CONTRIBUTING.md

@@ -11,9 +11,9 @@ To run the code, a GitHub PR against `develop` should be raised with the committ
 
 ### Local debugging
 
-A number of environment variable are required for debugging, here's an example launch config for `VSCode` that sets mandatory parameters such as `AGENT_TEMPDIRECTORY`, `INPUT_failOnIssues` and `INPUT_authToken`
+A number of environment variable are required for debugging, here's an example launch config for `Visual Studio Code` that sets mandatory parameters such as `AGENT_TEMPDIRECTORY`, `INPUT_failOnIssues` and `INPUT_authToken`
 
-```
+```json
 {
     "version": "0.2.0",
     "configurations": [

README.md

@@ -36,6 +36,7 @@ This extension requires that Node.js and npm be installed on the build agent. Th
 | testDirectory             | Alternate working directory. For example, if you want to test a manifest file in a directory other than the root of your repo, you would put in relative path to that directory.                                                                                                                                                                                                                                                                                                            | no                           | none     | string                                                                            |
 | ignoreUnknownCA           | Use to ignore unknown or self-signed certificates. This might be useful in for self-hosted build agents with unusual network configurations or for Snyk on-prem installs configured with a self-signed certificate.                                                                                                                                                                                                                                                                         | no                           | false    | boolean                                                                           |
 | additionalArguments       | Additional Snyk CLI arguments to be passed in. Refer to the Snyk CLI help page for information on additional arguments.                                                                                                                                                                                                                                                                                                                                                                     | no                           | none     | string                                                                            |
+| distributionChannel       | Select distribution channel for Snyk binaries. 'Stable' is for stable releases, whilst 'Preview' is for access to the latest features.                                                                                                                                                                                                                                                                                                                                                      | no                           | Stable   | string                                                                            |
 
 ## Usage Examples
 

snykTask/src/__tests__/install/index.test.ts

@@ -23,7 +23,7 @@ describe('getSnykDownloadInfo', () => {
     expect(dlInfo).toEqual({
       snyk: {
         filename: 'snyk-linux',
-        downloadUrl: 'https://static.snyk.io/cli/latest/snyk-linux',
+        downloadUrl: 'https://static.snyk.io/cli/stable/snyk-linux',
       },
       snykToHtml: {
         filename: 'snyk-to-html-linux',
@@ -38,7 +38,7 @@ describe('getSnykDownloadInfo', () => {
     expect(dlInfo).toEqual({
       snyk: {
         filename: 'snyk-win.exe',
-        downloadUrl: 'https://static.snyk.io/cli/latest/snyk-win.exe',
+        downloadUrl: 'https://static.snyk.io/cli/stable/snyk-win.exe',
       },
       snykToHtml: {
         filename: 'snyk-to-html-win.exe',
@@ -53,7 +53,40 @@ describe('getSnykDownloadInfo', () => {
     expect(dlInfo).toEqual({
       snyk: {
         filename: 'snyk-macos',
-        downloadUrl: 'https://static.snyk.io/cli/latest/snyk-macos',
+        downloadUrl: 'https://static.snyk.io/cli/stable/snyk-macos',
+      },
+      snykToHtml: {
+        filename: 'snyk-to-html-macos',
+        downloadUrl:
+          'https://static.snyk.io/snyk-to-html/latest/snyk-to-html-macos',
+      },
+    });
+  });
+
+  it('retrieves the correct download info a preview release', () => {
+    const dlInfo = getSnykDownloadInfo(Platform.MacOS, 'preview');
+    expect(dlInfo).toEqual({
+      snyk: {
+        filename: 'snyk-macos',
+        downloadUrl: 'https://static.snyk.io/cli/preview/snyk-macos',
+      },
+      snykToHtml: {
+        filename: 'snyk-to-html-macos',
+        downloadUrl:
+          'https://static.snyk.io/snyk-to-html/latest/snyk-to-html-macos',
+      },
+    });
+  });
+
+  it('ignores invalid distribution channels', () => {
+    const dlInfo = getSnykDownloadInfo(
+      Platform.MacOS,
+      'invalid-channel' as any,
+    );
+    expect(dlInfo).toEqual({
+      snyk: {
+        filename: 'snyk-macos',
+        downloadUrl: 'https://static.snyk.io/cli/stable/snyk-macos',
       },
       snykToHtml: {
         filename: 'snyk-to-html-macos',

snykTask/src/__tests__/test-auth-token-retrieved.ts

@@ -31,7 +31,7 @@ test('test auth token pulled from service connection', () => {
   jest.doMock('azure-pipelines-task-lib/task', () => {
     return {
       // getInput: jest.fn((name: string, required?: boolean) => "mockValue")
-      getInput: jest.fn((name: string, required?: boolean) => {
+      getInput: jest.fn((name: string) => {
         if (name === 'serviceConnectionEndpoint') {
           return 'some-serviceConnectionEndpoint';
         } else if (name === 'authToken') {
@@ -65,7 +65,7 @@ test('test auth token pulled from serviceConnectionEndpoint if both authToken an
   jest.doMock('azure-pipelines-task-lib/task', () => {
     return {
       // getInput: jest.fn((name: string, required?: boolean) => "mockValue")
-      getInput: jest.fn((name: string, required?: boolean) => {
+      getInput: jest.fn((name: string) => {
         if (name === 'serviceConnectionEndpoint') {
           return 'some-serviceConnectionEndpoint';
         } else if (name === 'authToken') {
@@ -99,7 +99,7 @@ test('test auth token pulled from authToken if both authToken set and serviceCon
   jest.doMock('azure-pipelines-task-lib/task', () => {
     return {
       // getInput: jest.fn((name: string, required?: boolean) => "mockValue")
-      getInput: jest.fn((name: string, required?: boolean) => {
+      getInput: jest.fn((name: string) => {
         if (name === 'serviceConnectionEndpoint') {
           return null;
         } else if (name === 'authToken') {
@@ -133,7 +133,7 @@ test('test auth token returns empty string if both authToken set and serviceConn
   jest.doMock('azure-pipelines-task-lib/task', () => {
     return {
       // getInput: jest.fn((name: string, required?: boolean) => "mockValue")
-      getInput: jest.fn((name: string, required?: boolean) => {
+      getInput: jest.fn((name: string) => {
         if (name === 'serviceConnectionEndpoint') {
           return null;
         } else if (name === 'authToken') {

snykTask/src/__tests__/test-task-args.ts

@@ -122,6 +122,11 @@ test('ensure that ignoreUnknownCA is false by default', () => {
   expect(args.ignoreUnknownCA).toBe(false);
 });
 
+test('ensure that distributionChannel is stable by default', () => {
+  const args = defaultTaskArgs();
+  expect(args.getDistributionChannel()).toBe('stable');
+});
+
 describe('TaskArgs.setMonitorWhen', () => {
   const args = defaultTaskArgs();
 

snykTask/src/index.ts

@@ -35,6 +35,7 @@ import {
 import * as fs from 'fs';
 import * as path from 'path';
 import { getSnykDownloadInfo, downloadExecutable } from './install';
+import { CliDistributionChannel } from './types';
 
 class SnykError extends Error {
   constructor(message?: string) {
@@ -96,6 +97,8 @@ function parseInputArgs(): TaskArgs {
   taskArgs.failOnThreshold =
     tl.getInput('failOnThreshold', false) || Severity.LOW;
   taskArgs.ignoreUnknownCA = tl.getBoolInput('ignoreUnknownCA', false);
+  taskArgs.distributionChannel = (tl.getInput('distributionChannel', false) ||
+    'stable') as CliDistributionChannel;
 
   if (isDebugMode()) {
     logAllTaskArgs(taskArgs);
@@ -403,6 +406,7 @@ async function run() {
     }
 
     const taskArgs: TaskArgs = parseInputArgs();
+    const distributionChannel = taskArgs.getDistributionChannel();
     const snykToken = getAuthToken();
     if (!snykToken) {
       const errorMsg =
@@ -411,9 +415,15 @@ async function run() {
     }
 
     const platform: tl.Platform = tl.getPlatform();
-    if (isDebugMode()) console.log(`platform: ${platform}`);
+    if (isDebugMode()) {
+      console.log(`platform: ${platform}`);
+      console.log(`distributionChannel: ${distributionChannel}`);
+    }
 
-    const snykToolDownloads = getSnykDownloadInfo(platform);
+    const snykToolDownloads = getSnykDownloadInfo(
+      platform,
+      distributionChannel,
+    );
     await downloadExecutable(agentTempDirectory, snykToolDownloads.snyk);
     await downloadExecutable(agentTempDirectory, snykToolDownloads.snykToHtml);
     const snykPath = path.resolve(

snykTask/src/install/index.ts

@@ -18,6 +18,7 @@ import { Platform } from 'azure-pipelines-task-lib/task';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as https from 'https';
+import { CliDistributionChannel } from '../types';
 
 export type Executable = {
   filename: string;
@@ -29,7 +30,10 @@ export type SnykDownloads = {
   snykToHtml: Executable;
 };
 
-export function getSnykDownloadInfo(platform: Platform): SnykDownloads {
+export function getSnykDownloadInfo(
+  platform: Platform,
+  distributionChannel: CliDistributionChannel = 'stable',
+): SnykDownloads {
   const baseUrl = 'https://static.snyk.io';
 
   const filenameSuffixes: Record<Platform, string> = {
@@ -38,10 +42,16 @@ export function getSnykDownloadInfo(platform: Platform): SnykDownloads {
     [Platform.MacOS]: 'macos',
   };
 
+  const validDistributionChannels = ['stable', 'preview'];
+
+  if (!validDistributionChannels.includes(distributionChannel)) {
+    distributionChannel = 'stable';
+  }
+
   return {
     snyk: {
       filename: `snyk-${filenameSuffixes[platform]}`,
-      downloadUrl: `${baseUrl}/cli/latest/snyk-${filenameSuffixes[platform]}`,
+      downloadUrl: `${baseUrl}/cli/${distributionChannel}/snyk-${filenameSuffixes[platform]}`,
     },
     snykToHtml: {
       filename: `snyk-to-html-${filenameSuffixes[platform]}`,

snykTask/src/task-args.ts

@@ -16,6 +16,7 @@
 
 import * as tl from 'azure-pipelines-task-lib';
 import { Severity, TestType, testTypeSeverityThreshold } from './task-lib';
+import { CliDistributionChannel } from './types';
 export type MonitorWhen = 'never' | 'noIssuesFound' | 'always';
 class TaskArgs {
   testType: string | undefined = 'app';
@@ -40,6 +41,12 @@ class TaskArgs {
 
   delayAfterReportGenerationSeconds: number = 0;
 
+  /**
+   * The distribution channel to use for the Snyk CLI.
+   * Defaults to 'stable', but can be set to 'preview' for early access to new features.
+   */
+  distributionChannel: CliDistributionChannel | undefined = 'stable';
+
   // the params here are the ones which are mandatory
   constructor(params: { failOnIssues: boolean }) {
     this.failOnIssues = params.failOnIssues;
@@ -111,6 +118,19 @@ class TaskArgs {
     return this.projectName;
   }
 
+  public getDistributionChannel(): CliDistributionChannel {
+    if (!this.distributionChannel) {
+      this.distributionChannel = 'stable';
+    }
+
+    const validDistributionChannels = ['stable', 'preview'];
+    if (!validDistributionChannels.includes(this.distributionChannel)) {
+      this.distributionChannel = 'stable';
+    }
+
+    return this.distributionChannel;
+  }
+
   // validate based on testTypeSeverityThreshold applicable thresholds
   public validate() {
     const taskTestType = this.testType || TestType.APPLICATION;

snykTask/src/types.ts

@@ -0,0 +1 @@
+export type CliDistributionChannel = 'stable' | 'preview';

snykTask/task.json

@@ -162,6 +162,19 @@
       "defaultValue": "",
       "helpMarkDown": "Additional command-line args for Snyk CLI (advanced)",
       "groupName": "advanced"
+    },
+    {
+      "name": "distributionChannel",
+      "label": "CLI Distribution channel",
+      "type": "pickList",
+      "options": {
+        "stable": "Stable",
+        "preview": "Preview"
+      },
+      "required": false,
+      "defaultValue": "stable",
+      "helpMarkDown": "Defaults to 'stable', but can be set to 'preview' for early access to new features",
+      "groupName": "advanced"
     }
   ],
   "execution": {