From 8019886f8d2580cb3b80fb3490d2167ce8a116e2 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Thu, 3 Nov 2022 04:29:53 -0500 Subject: [PATCH] Forcing wget to use IPv4 (#37) * Update entrypoint.sh * Update Dockerfile * Update entrypoint.sh * Update Dockerfile * Update Dockerfile * Update entrypoint.sh * Update Dockerfile * Update Dockerfile --- Dockerfile | 6 ++++-- entrypoint.sh | 16 ++++++++-------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5e23d0..80fdf13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,11 @@ -FROM alpine:3.15.2 +FROM alpine:3.16.2 -RUN apk --no-cache --update add bash +RUN apk --no-cache --update add bash wget SHELL ["/bin/bash", "-eo", "pipefail", "-c"] COPY entrypoint.sh /entrypoint.sh +ADD https://github.com/aquasecurity/tfsec/releases/download/v1.28.1/tfsec-linux-amd64 . +RUN install tfsec-linux-amd64 /usr/local/bin/tfsec ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh index a0ef47f..91da5d2 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -15,14 +15,14 @@ if [[ -n "${INPUT_TFSEC_VERSION}" && "$INPUT_TFSEC_VERSION" != "latest" ]]; then TFSEC_VERSION="tags/${INPUT_TFSEC_VERSION}" fi -# Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash -wget -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 -wget -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums - -# pipe out the checksum and validate -grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum -sha256sum -c tfsec-linux-amd64.checksum -install tfsec-linux-amd64 /usr/local/bin/tfsec +# # Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash +# wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 +# wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums + +# # pipe out the checksum and validate +# grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum +# sha256sum -c tfsec-linux-amd64.checksum +# install tfsec-linux-amd64 /usr/local/bin/tfsec # if input vars file then add to arguments if [ -n "${INPUT_TFVARS_FILE}" ]; then