forked from aquasecurity/tfsec-pr-commenter-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint.sh
executable file
·76 lines (61 loc) · 2.24 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/usr/bin/env bash
set -xe
if [ -z "${INPUT_GITHUB_TOKEN}" ] ; then
echo "Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits." >&2
fi
ARCH=$(uname -m)
if [ "${ARCH}" == "x86_64" ]; then
ARCH="amd64"
fi
if [ "${ARCH}" == "aarch64" ] || [ "${ARCH}" == "arm64" ]; then
ARCH="arm64"
fi
TFSEC_VERSION=""
if [ "$INPUT_TFSEC_VERSION" != "latest" ] && [ -n "$INPUT_TFSEC_VERSION" ]; then
TFSEC_VERSION="/tags/${INPUT_TFSEC_VERSION}"
else
TFSEC_VERSION="/latest"
fi
COMMENTER_VERSION="latest"
if [ "$INPUT_COMMENTER_VERSION" != "latest" ] && [ -n "$INPUT_COMMENTER_VERSION" ]; then
COMMENTER_VERSION="/tags/${INPUT_COMMENTER_VERSION}"
else
COMMENTER_VERSION="/latest"
fi
function get_release_assets {
repo="$1"
version="$2"
args=(
-sSL
--header "Accept: application/vnd.github+json"
)
[ -n "${INPUT_GITHUB_TOKEN}" ] && args+=(--header "Authorization: Bearer ${INPUT_GITHUB_TOKEN}")
curl "${args[@]}" "https://api.github.com/repos/$repo/releases${version}" | jq '.assets[] | { name: .name, download_url: .browser_download_url }'
}
function install_release {
repo="$1"
version="$2"
binary="$3-linux-${ARCH}"
checksum="$4"
release_assets="$(get_release_assets "${repo}" "${version}")"
curl -sLo "${binary}" "$(echo "${release_assets}" | jq -r ". | select(.name == \"${binary}\") | .download_url")"
curl -sLo "$3-checksums.txt" "$(echo "${release_assets}" | jq -r ". | select(.name | contains(\"$checksum\")) | .download_url")"
grep "${binary}" "$3-checksums.txt" | sha256sum -c -
install "${binary}" "/usr/local/bin/${3}"
}
install_release aquasecurity/tfsec "${TFSEC_VERSION}" tfsec tfsec_checksums.txt
install_release compasspathways/tfsec-pr-commenter-action "${COMMENTER_VERSION}" commenter checksums.txt
if [ -n "${GITHUB_WORKSPACE}" ]; then
cd "${GITHUB_WORKSPACE}" || exit
fi
if [ -n "${INPUT_TFSEC_ARGS}" ]; then
TFSEC_ARGS_OPTION="${INPUT_TFSEC_ARGS}"
fi
TFSEC_FORMAT_OPTION="json"
TFSEC_OUT_OPTION="results.json"
if [ -n "${INPUT_TFSEC_FORMATS}" ]; then
TFSEC_FORMAT_OPTION="${TFSEC_FORMAT_OPTION},${INPUT_TFSEC_FORMATS}"
TFSEC_OUT_OPTION="${TFSEC_OUT_OPTION%.*}"
fi
tfsec --out=${TFSEC_OUT_OPTION} --format="${TFSEC_FORMAT_OPTION}" --soft-fail ${TFSEC_ARGS_OPTION} "${INPUT_WORKING_DIRECTORY}"
commenter