package tech.orla;

import java.util.ArrayList;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import tech.orla.api.GithubTrivyRelease;

@Mojo(name = "trivy-scan")
/* loaded from: input_file:tech/orla/TrivyScanMojo.class */
public class TrivyScanMojo extends AbstractMojo {

    @Parameter(defaultValue = "${project}", readonly = true)
    private MavenProject project;

    @Parameter(required = false)
    private String dockerFilePath;

    @Parameter(required = false, name = "vulnType")
    private String vulnType;

    @Parameter(required = false)
    private String severity;

    @Parameter(required = false, defaultValue = "false")
    private Boolean ignoreUnfixed;

    @Parameter(required = false, defaultValue = "v0.49.1")
    private String trivyVersion;

    public void execute() throws MojoExecutionException {
        DockerProcess dockerProcess = new DockerProcess();
        if (!dockerProcess.isDockerInstalled().booleanValue()) {
            throw new MojoExecutionException("docker engine not found");
        }
        dockerProcess.buildDockerImage(this.dockerFilePath != null ? this.dockerFilePath : this.project.getBasedir().getAbsolutePath().concat("/Dockerfile"), this.project.getArtifactId());
        try {
            if (new TrivyProcess(new GithubTrivyRelease()).scanImage("app/".concat(this.project.getArtifactId()), buildTrivyParams(), this.trivyVersion).intValue() == 1) {
                throw new MojoExecutionException("your app have some vulnerabilities");
            }
        } catch (Exception e) {
            throw new MojoExecutionException("error when execute trivy scan, error: ".concat(e.getMessage()));
        }
    }

    public String buildTrivyParams() {
        ArrayList arrayList = new ArrayList();
        if (this.vulnType != null && !this.vulnType.isEmpty()) {
            arrayList.add("--vuln-type ".concat(this.vulnType));
        }
        if (this.severity != null && !this.severity.isEmpty()) {
            arrayList.add("-s ".concat(this.severity));
        }
        if (this.ignoreUnfixed.booleanValue()) {
            arrayList.add("--ignore-unfixed");
        }
        return String.join(" ", arrayList);
    }
}
