Skip to content

install optional tfsec for terraform before hook #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

install optional tfsec for terraform before hook #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3
FROM alpine:3

RUN ["/bin/sh", "-c", "apk add --update --no-cache bash ca-certificates curl git jq openssh"]

Expand Down
3 changes: 3 additions & 0 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ branding:
icon: 'cloud'
color: 'purple'
inputs:
tfsec_actions_version:
description: 'TfSec version.'
required: flase
tf_actions_subcommand:
description: 'Terraform or Terragrunt subcommand to execute.'
required: true
Expand Down
50 changes: 49 additions & 1 deletion src/main.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,13 @@ function parseInputs {
exit 1
fi

if [ "${INPUT_TFSEC_ACTIONS_VERSION}" != "" ]; then
tfsecVersion=${INPUT_TFSEC_ACTIONS_VERSION}
else
echo "Input tfsec_version cannot be empty"
exit 1
fi

if [ "${INPUT_TG_ACTIONS_VERSION}" != "" ]; then
tgVersion=${INPUT_TG_ACTIONS_VERSION}
else
Expand Down Expand Up @@ -85,6 +92,46 @@ EOF
fi
}

function installTfsec {
if [[ "${tfsecVersion}" != "" ]]; then
if [[ "${tfsecVersion}" == "latest" ]]; then
echo "Checking the latest version of TfSec"
latestURL=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/aquasecurity/tfsec/releases/latest)
echo ${latestURL}
tfsecVersion=${latestURL##*/}

if [[ -z "${tfsecVersion}" ]]; then
echo "Failed to fetch the latest version"
exit 1
fi
fi

url="https://github.com/aquasecurity/tfsec/releases/download/${tfsecVersion}/tfsec-linux-amd64"

echo "${url}"
echo "Downloading TfSec ${tfsecVersion}"

curl -s -S -L -o /tmp/tfsec ${url}
if [ "${?}" -ne 0 ]; then
echo "Failed to download TfSec ${tfsecVersion}"
exit 1
fi

echo "Successfully downloaded TfSec ${tfsecVersion}"

echo "Moving Tfsec ${tfsecVersion} to PATH"
chmod +x /tmp/tfsec
mv /tmp/tfsec /usr/local/bin/tfsec
if [ "${?}" -ne 0 ]; then
echo "Failed to move TfSec ${tfsecVersion}"
exit 1
fi
echo "Successfully moved TfSec ${tfsecVersion}"
gr else
echo "TfSec not configured not installing"
fi
}

function installTerraform {
if [[ "${tfVersion}" == "latest" ]]; then
echo "Checking the latest version of Terraform"
Expand Down Expand Up @@ -139,7 +186,7 @@ function installTerragrunt {

echo "Moving Terragrunt ${tgVersion} to PATH"
chmod +x /tmp/terragrunt
mv /tmp/terragrunt /usr/local/bin/terragrunt
mv /tmp/terragrunt /usr/local/bin/terragrunt
if [ "${?}" -ne 0 ]; then
echo "Failed to move Terragrunt ${tgVersion}"
exit 1
Expand All @@ -162,6 +209,7 @@ function main {

parseInputs
configureCLICredentials
installTfsec
installTerraform
cd ${GITHUB_WORKSPACE}/${tfWorkingDir}

Expand Down