checkov.yaml

package:
  name: checkov
  version: 3.0.34
  epoch: 0
  description: "static code and composition analysis tool for IaC"
  copyright:
    - license: MIT
  dependencies:
    runtime:
      - python-3.11

environment:
  contents:
    packages:
      - build-base
      - ca-certificates-bundle
      - glibc
      - linux-headers
      - posix-libc-utils
      - python-3.11
      - wolfi-base
      - wolfi-baselayout

pipeline:
  - uses: git-checkout
    with:
      repository: https://github.com/bridgecrewio/checkov
      tag: ${{package.version}}
      expected-commit: 5796faf8523acbe4fb5f5fb340c682a27b7851d8
      destination: checkov

  - runs: |
      mkdir -p "${{targets.destdir}}"/usr/share/app/checkov && mkdir -p "${{targets.destdir}}"/usr/bin
      mv checkov/* "${{targets.destdir}}"/usr/share/app/checkov
      cd "${{targets.destdir}}"/usr/share/app/checkov
      python3.11 -m venv .venv
      .venv/bin/python3.11 -m pip install --upgrade pip
      .venv/bin/pip install .
      .venv/bin/pip install --upgrade --force-reinstall setuptools
      CHECKOV_PYTHON_PATH="#!/usr/share/app/checkov/.venv/bin/python3.11"
      sed -i "1s,.*,$CHECKOV_PYTHON_PATH," checkov/main.py
      rm -rf tests *_tests setup.py
      ln -s /usr/share/app/checkov/checkov/main.py "${{targets.destdir}}"/usr/bin/checkov

  - uses: strip

update:
  enabled: false