From 4ec71b360cf0ff00742f88ccc7d4091c5b0f2707 Mon Sep 17 00:00:00 2001
From: Luther Monson <luther.monson@gmail.com>
Date: Fri, 17 Sep 2021 18:08:11 -0700
Subject: [PATCH] Adding fossa anaylze/test drone step

Signed-off-by: Luther Monson <luther.monson@gmail.com>
---
 .drone.yml        | 22 ++++++++++++++++++++++
 Dockerfile.dapper |  3 ++-
 scripts/fossa.sh  |  5 +++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100755 scripts/fossa.sh

diff --git a/.drone.yml b/.drone.yml
index 0cf57792336..922e9bda183 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -22,6 +22,28 @@ steps:
   - name: docker
     path: /var/run/docker.sock
 
+- name: fossa
+  image: rancher/dapper:v0.5.4
+  failure: ignore
+  environment:
+    FOSSA_API_KEY:
+      from_secret: FOSSA_API_KEY
+  commands:
+    - dapper fossa
+  volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  when:
+    instance:
+      - drone-publish.k3s.io
+    ref:
+      include:
+        - "refs/heads/master"
+        - "refs/heads/release-*"
+    event:
+      - push
+      - tag
+
 - name: github_binary_release
   image: ibuildthecloud/github-release:v0.0.1
   settings:
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
index e2347c09f9e..e29505ab7f2 100644
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -31,6 +31,7 @@ RUN rm -rf /go/src /go/pkg
 
 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \
     curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.41.1; \
+    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/spectrometer/master/install.sh | sh; \
     fi
 
 ENV YQ_URL=https://github.com/mikefarah/yq/releases/download/v4.6.2/yq_linux
@@ -41,7 +42,7 @@ ENV SELINUX $SELINUX
 
 ENV GO111MODULE off
 ENV DAPPER_RUN_ARGS --privileged -v k3s-cache:/go/src/github.com/rancher/k3s/.cache -v trivy-cache:/root/.cache/trivy
-ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG
+ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG FOSSA_API_KEY
 ENV DAPPER_SOURCE /go/src/github.com/rancher/k3s/
 ENV DAPPER_OUTPUT ./bin ./dist ./build/out
 ENV DAPPER_DOCKER_SOCKET true
diff --git a/scripts/fossa.sh b/scripts/fossa.sh
new file mode 100755
index 00000000000..9b8a22e5f9c
--- /dev/null
+++ b/scripts/fossa.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+fossa analyze
+fossa test