Adding fossa anaylze/test drone step

Signed-off-by: Luther Monson <luther.monson@gmail.com>

.drone.yml

@@ -22,6 +22,28 @@ steps:
   - name: docker
     path: /var/run/docker.sock
 
+- name: fossa
+  image: rancher/dapper:v0.5.4
+  failure: ignore
+  environment:
+    FOSSA_API_KEY:
+      from_secret: FOSSA_API_KEY
+  commands:
+    - dapper fossa
+  volumes:
+    - name: docker
+      path: /var/run/docker.sock
+  when:
+    instance:
+      - drone-publish.k3s.io
+    ref:
+      include:
+        - "refs/heads/master"
+        - "refs/heads/release-*"
+    event:
+      - push
+      - tag
+
 - name: github_binary_release
   image: ibuildthecloud/github-release:v0.0.1
   settings:

Dockerfile.dapper

@@ -31,6 +31,7 @@ RUN rm -rf /go/src /go/pkg
 
 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \
     curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.41.1; \
+    curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/spectrometer/master/install.sh | sh; \
     fi
 
 ENV YQ_URL=https://github.com/mikefarah/yq/releases/download/v4.6.2/yq_linux
@@ -41,7 +42,7 @@ ENV SELINUX $SELINUX
 
 ENV GO111MODULE off
 ENV DAPPER_RUN_ARGS --privileged -v k3s-cache:/go/src/github.com/rancher/k3s/.cache -v trivy-cache:/root/.cache/trivy
-ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG
+ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE GCLOUD_AUTH GITHUB_TOKEN GOLANG FOSSA_API_KEY
 ENV DAPPER_SOURCE /go/src/github.com/rancher/k3s/
 ENV DAPPER_OUTPUT ./bin ./dist ./build/out
 ENV DAPPER_DOCKER_SOCKET true

scripts/fossa.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+fossa analyze
+fossa test