From bb4884ab4c9afec2318d00a5065a118323fab44f Mon Sep 17 00:00:00 2001
From: jberkhahn <jaberkha@us.ibm.com>
Date: Thu, 26 Jan 2023 16:07:07 -0800
Subject: [PATCH] change kustomize install templating to avoid tripping
 security alerts

Signed-off-by: jberkhahn <jaberkha@us.ibm.com>
---
 BUILD.bazel                                                    | 0
 CONTRIBUTING.md                                                | 0
 DESIGN.md                                                      | 0
 LICENSE                                                        | 0
 Makefile                                                       | 0
 OWNERS                                                         | 0
 OWNERS_ALIASES                                                 | 0
 README.md                                                      | 0
 RELEASE.md                                                     | 0
 SECURITY_CONTACTS                                              | 0
 VERSIONING.md                                                  | 0
 code-of-conduct.md                                             | 0
 doc.go                                                         | 0
 go.mod                                                         | 0
 go.sum                                                         | 0
 netlify.toml                                                   | 0
 pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go | 2 +-
 testdata/project-v4-config/Makefile                            | 2 +-
 testdata/project-v4-declarative-v1/Makefile                    | 2 +-
 testdata/project-v4-multigroup/Makefile                        | 2 +-
 testdata/project-v4-with-deploy-image/Makefile                 | 2 +-
 testdata/project-v4/Makefile                                   | 2 +-
 22 files changed, 6 insertions(+), 6 deletions(-)
 mode change 100644 => 100755 BUILD.bazel
 mode change 100644 => 100755 CONTRIBUTING.md
 mode change 100644 => 100755 DESIGN.md
 mode change 100644 => 100755 LICENSE
 mode change 100644 => 100755 Makefile
 mode change 100644 => 100755 OWNERS
 mode change 100644 => 100755 OWNERS_ALIASES
 mode change 100644 => 100755 README.md
 mode change 100644 => 100755 RELEASE.md
 mode change 100644 => 100755 SECURITY_CONTACTS
 mode change 100644 => 100755 VERSIONING.md
 mode change 100644 => 100755 code-of-conduct.md
 mode change 100644 => 100755 doc.go
 mode change 100644 => 100755 go.mod
 mode change 100644 => 100755 go.sum
 mode change 100644 => 100755 netlify.toml

diff --git a/BUILD.bazel b/BUILD.bazel
old mode 100644
new mode 100755
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
old mode 100644
new mode 100755
diff --git a/DESIGN.md b/DESIGN.md
old mode 100644
new mode 100755
diff --git a/LICENSE b/LICENSE
old mode 100644
new mode 100755
diff --git a/Makefile b/Makefile
old mode 100644
new mode 100755
diff --git a/OWNERS b/OWNERS
old mode 100644
new mode 100755
diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES
old mode 100644
new mode 100755
diff --git a/README.md b/README.md
old mode 100644
new mode 100755
diff --git a/RELEASE.md b/RELEASE.md
old mode 100644
new mode 100755
diff --git a/SECURITY_CONTACTS b/SECURITY_CONTACTS
old mode 100644
new mode 100755
diff --git a/VERSIONING.md b/VERSIONING.md
old mode 100644
new mode 100755
diff --git a/code-of-conduct.md b/code-of-conduct.md
old mode 100644
new mode 100755
diff --git a/doc.go b/doc.go
old mode 100644
new mode 100755
diff --git a/go.mod b/go.mod
old mode 100644
new mode 100755
diff --git a/go.sum b/go.sum
old mode 100644
new mode 100755
diff --git a/netlify.toml b/netlify.toml
old mode 100644
new mode 100755
diff --git a/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go b/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go
index ceded0c26d6..ea685f299c0 100644
--- a/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go
+++ b/pkg/plugins/golang/v4/scaffolds/internal/templates/makefile.go
@@ -203,7 +203,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
diff --git a/testdata/project-v4-config/Makefile b/testdata/project-v4-config/Makefile
index 971bfb70e69..8159e4f2664 100644
--- a/testdata/project-v4-config/Makefile
+++ b/testdata/project-v4-config/Makefile
@@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
diff --git a/testdata/project-v4-declarative-v1/Makefile b/testdata/project-v4-declarative-v1/Makefile
index 971bfb70e69..8159e4f2664 100644
--- a/testdata/project-v4-declarative-v1/Makefile
+++ b/testdata/project-v4-declarative-v1/Makefile
@@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
diff --git a/testdata/project-v4-multigroup/Makefile b/testdata/project-v4-multigroup/Makefile
index 971bfb70e69..8159e4f2664 100644
--- a/testdata/project-v4-multigroup/Makefile
+++ b/testdata/project-v4-multigroup/Makefile
@@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
diff --git a/testdata/project-v4-with-deploy-image/Makefile b/testdata/project-v4-with-deploy-image/Makefile
index 971bfb70e69..8159e4f2664 100644
--- a/testdata/project-v4-with-deploy-image/Makefile
+++ b/testdata/project-v4-with-deploy-image/Makefile
@@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
diff --git a/testdata/project-v4/Makefile b/testdata/project-v4/Makefile
index 971bfb70e69..8159e4f2664 100644
--- a/testdata/project-v4/Makefile
+++ b/testdata/project-v4/Makefile
@@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN)
 		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
 		rm -rf $(LOCALBIN)/kustomize; \
 	fi
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; }
 
 .PHONY: controller-gen
 controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.