From 36319d6ac373e7596cd2ace8f67b569b5470164a Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Tue, 25 Oct 2022 15:14:26 -0500 Subject: [PATCH 1/8] Update entrypoint.sh --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 06f3b75..db75532 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -16,8 +16,8 @@ if [ -n "${INPUT_TFSEC_VERSION}" && "$INPUT_TFSEC_VERSION" != "latest" ]; then fi # Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash -wget -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 -wget -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums +wget --inet4-only -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 +wget --inet4-only -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums # pipe out the checksum and validate grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum From 6422ab17939de86a68aac5eea89f57b3f5385dc6 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Tue, 25 Oct 2022 15:26:57 -0500 Subject: [PATCH 2/8] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5e23d0..c0e63cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.15.2 +FROM alpine:3.16.2 -RUN apk --no-cache --update add bash +RUN apk --no-cache --update add bash wget SHELL ["/bin/bash", "-eo", "pipefail", "-c"] From 2873c4cf2b287164084d363bf7607f1de116c8bc Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Tue, 25 Oct 2022 15:31:55 -0500 Subject: [PATCH 3/8] Update entrypoint.sh --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index db75532..facb7c5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -16,8 +16,8 @@ if [ -n "${INPUT_TFSEC_VERSION}" && "$INPUT_TFSEC_VERSION" != "latest" ]; then fi # Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash -wget --inet4-only -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 -wget --inet4-only -O - -q "$(wget -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums +wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 +wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums # pipe out the checksum and validate grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum From 052736f3dc18e43362dfa79c7a5021b5a23404f7 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Tue, 25 Oct 2022 15:33:57 -0500 Subject: [PATCH 4/8] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c0e63cc..f3479fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.16.2 -RUN apk --no-cache --update add bash wget +RUN apk --no-cache --update add bash SHELL ["/bin/bash", "-eo", "pipefail", "-c"] From c0091b06f5187a458a4653d583c5c9e0914b14b6 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Tue, 25 Oct 2022 15:54:37 -0500 Subject: [PATCH 5/8] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f3479fd..c0e63cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.16.2 -RUN apk --no-cache --update add bash +RUN apk --no-cache --update add bash wget SHELL ["/bin/bash", "-eo", "pipefail", "-c"] From 3a4d547a62faf976d58271dcf2468fba71c92a04 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Wed, 2 Nov 2022 13:26:52 -0500 Subject: [PATCH 6/8] Update entrypoint.sh --- entrypoint.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index facb7c5..0f8121c 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -15,14 +15,14 @@ if [ -n "${INPUT_TFSEC_VERSION}" && "$INPUT_TFSEC_VERSION" != "latest" ]; then TFSEC_VERSION="tags/${INPUT_TFSEC_VERSION}" fi -# Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash -wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 -wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums - -# pipe out the checksum and validate -grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum -sha256sum -c tfsec-linux-amd64.checksum -install tfsec-linux-amd64 /usr/local/bin/tfsec +# # Pull https://api.github.com/repos/aquasecurity/tfsec/releases for the full list of releases. NOTE no trailing slash +# wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec-linux-amd64" | head -n1)" > tfsec-linux-amd64 +# wget --inet4-only -O - -q "$(wget --inet4-only -q https://api.github.com/repos/aquasecurity/tfsec/releases/${TFSEC_VERSION} -O - | grep -m 1 -o -E "https://.+?tfsec_checksums.txt" | head -n1)" > tfsec.checksums + +# # pipe out the checksum and validate +# grep tfsec-linux-amd64 tfsec.checksums > tfsec-linux-amd64.checksum +# sha256sum -c tfsec-linux-amd64.checksum +# install tfsec-linux-amd64 /usr/local/bin/tfsec # if input vars file then add to arguments if [ -n "${INPUT_TFVARS_FILE}" ]; then From ecd80dd556f9f0b4625eb6f668da30a339cef386 Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Wed, 2 Nov 2022 13:26:56 -0500 Subject: [PATCH 7/8] Update Dockerfile --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index c0e63cc..e0452df 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,5 +5,7 @@ RUN apk --no-cache --update add bash wget SHELL ["/bin/bash", "-eo", "pipefail", "-c"] COPY entrypoint.sh /entrypoint.sh +ADD --checksum=sha256:17c1bd99ebe13be77ac775651bc61f44b2b4409b4578485f1168eab8c3e97507 https://github.com/aquasecurity/tfsec/releases/download/v1.28.1/tfsec-linux-amd64 . +RUN install tfsec-linux-amd64 /usr/local/bin/tfsec ENTRYPOINT ["/entrypoint.sh"] From 1e3e4f9eaf5b51a82e2518046e87cf0469efac4e Mon Sep 17 00:00:00 2001 From: Jason Anderson Date: Wed, 2 Nov 2022 13:28:16 -0500 Subject: [PATCH 8/8] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e0452df..80fdf13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ RUN apk --no-cache --update add bash wget SHELL ["/bin/bash", "-eo", "pipefail", "-c"] COPY entrypoint.sh /entrypoint.sh -ADD --checksum=sha256:17c1bd99ebe13be77ac775651bc61f44b2b4409b4578485f1168eab8c3e97507 https://github.com/aquasecurity/tfsec/releases/download/v1.28.1/tfsec-linux-amd64 . +ADD https://github.com/aquasecurity/tfsec/releases/download/v1.28.1/tfsec-linux-amd64 . RUN install tfsec-linux-amd64 /usr/local/bin/tfsec ENTRYPOINT ["/entrypoint.sh"]