Skip to content

Commit

Permalink
✨ Add Terrascan + 🧹 Installation housekeeping (#54)
Browse files Browse the repository at this point in the history
Signed-off-by: Jacob Woffenden <jacob.woffenden@digital.justice.gov.uk>
  • Loading branch information
Jacob Woffenden authored Apr 5, 2024
1 parent 28d1317 commit 6b4487e
Show file tree
Hide file tree
Showing 18 changed files with 92 additions and 12 deletions.
6 changes: 6 additions & 0 deletions features/src/cloud-platform/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.4] - 2024-04-05

## Changed

- Tidied files from install

## [0.0.3] - 2024-02-01

### Changed
Expand Down
2 changes: 1 addition & 1 deletion features/src/cloud-platform/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "cloud-platform",
"version": "0.0.3",
"version": "0.0.4",
"name": "Cloud Platform",
"description": "Installs the Cloud Platform CLI",
"options": {
Expand Down
2 changes: 1 addition & 1 deletion features/src/cloud-platform/install-cloud-platform-cli.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,4 @@ if [[ "${INSTALL_CLOUD_PLATFORM_PROMPT}" == "true" ]]; then
install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/promptrc.d/cloud-platform.sh /home/vscode/.devcontainer/promptrc.d/cloud-platform.sh
fi

rm --recursive --force LICENSE README.md completions "cloud-platform-cli_${VERSION}_linux_${ARCHITECTURE}.tar.gz"
rm --recursive --force cloud-platform LICENSE README.md completions "cloud-platform-cli_${VERSION}_linux_${ARCHITECTURE}.tar.gz"
6 changes: 6 additions & 0 deletions features/src/container-structure-test/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.2] - 2024-04-05

## Changed

- Tidied files from install

## [0.0.1] - 2024-04-04

### Added
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "container-structure-test",
"version": "0.0.1",
"version": "0.0.2",
"name": "Container Structure Test",
"description": "Installs Container Structure Test",
"options": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,5 @@ curl --fail-with-body --location "https://github.com/${GITHUB_REPOSITORY}/releas
--output "container-structure-test"

install --owner=vscode --group=vscode --mode=775 container-structure-test /usr/local/bin/container-structure-test

rm --force container-structure-test
6 changes: 6 additions & 0 deletions features/src/kubernetes/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.4] - 2024-04-05

## Changed

- Tidied files from install

## [0.0.3] - 2024-02-01

### Added
Expand Down
2 changes: 1 addition & 1 deletion features/src/kubernetes/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "kubernetes",
"version": "0.0.3",
"version": "0.0.4",
"name": "Kubernetes",
"description": "Installs the Kubernetes CLI",
"options": {
Expand Down
2 changes: 2 additions & 0 deletions features/src/kubernetes/install-kubernetes-cli.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,5 @@ install --owner=vscode --group=vscode --mode=775 kubectl /usr/local/bin/kubectl
install --directory --owner=vscode --group=vscode /home/vscode/.kube

install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/kubectl.sh /home/vscode/.devcontainer/featurerc.d/kubectl.sh

rm --force kubectl
10 changes: 10 additions & 0 deletions features/src/static-analysis/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.2] - 2024-04-05

## Added

- Added [Terrascan](https://github.com/tenable/terrascan)

## Changed

- Tidied files from install

## [0.0.1] - 2024-02-12

### Added
Expand Down
9 changes: 7 additions & 2 deletions features/src/static-analysis/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,14 +1,19 @@
{
"id": "static-analysis",
"version": "0.0.1",
"version": "0.0.2",
"name": "Static Analysis",
"description": "Installs Checkov and Trivy",
"description": "Installs Checkov, Terrascan and Trivy",
"options": {
"checkovVersion": {
"type": "string",
"description": "Version of Checkov CLI to install",
"default": "latest"
},
"terrascanVersion": {
"type": "string",
"description": "Version of Terrascan CLI to install",
"default": "latest"
},
"trivyVersion": {
"type": "string",
"description": "Version of Trivy CLI to install",
Expand Down
33 changes: 33 additions & 0 deletions features/src/static-analysis/install-terrascan-cli.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/usr/bin/env bash

set -e

# shellcheck source=/dev/null
# file not accessible until being built
source /usr/local/bin/devcontainer-utils

get_system_architecture

GITHUB_REPOSITORY="tenable/terrascan"
VERSION="${TRIVYCLIVERSION:-"latest"}"

if [[ "${VERSION}" == "latest" ]]; then
get_github_latest_tag "${GITHUB_REPOSITORY}"
VERSION="${GITHUB_LATEST_TAG}"
VERSION_STRIP_V="${GITHUB_LATEST_TAG_STRIP_V}"
else
# shellcheck disable=SC2034
VERSION_STRIP_V="${VERSION#v}"
fi

ARCHITECTURE=$(uname --machine)
export ARCHITECTURE

curl --fail-with-body --location "https://github.com/${GITHUB_REPOSITORY}/releases/download/${VERSION}/terrascan_${VERSION_STRIP_V}_Linux_${ARCHITECTURE}.tar.gz" \
--output "terrascan_${VERSION_STRIP_V}_Linux_${ARCHITECTURE}.tar.gz"

tar --extract --file "terrascan_${VERSION_STRIP_V}_Linux_${ARCHITECTURE}.tar.gz"

install --owner=vscode --group=vscode --mode=775 terrascan /usr/local/bin/terrascan

rm --recursive --force rm -rf terrascan LICENSE README.md CHANGELOG.md "terrascan_${VERSION_STRIP_V}_Linux_${ARCHITECTURE}.tar.gz"
2 changes: 1 addition & 1 deletion features/src/static-analysis/install-trivy-cli.sh
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,4 @@ tar --extract --file "trivy_${VERSION_STRIP_V}_Linux-${ARCHITECTURE}.tar.gz"

install --owner=vscode --group=vscode --mode=775 trivy /usr/local/bin/trivy

rm --recursive --force rm -rf LICENSE README.md contrib "trivy_${VERSION_STRIP_V}_Linux-${ARCHITECTURE}.tar.gz"
rm --recursive --force rm -rf trivy LICENSE README.md contrib "trivy_${VERSION_STRIP_V}_Linux-${ARCHITECTURE}.tar.gz"
7 changes: 5 additions & 2 deletions features/src/static-analysis/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@
# file not accessible until being built
source /usr/local/bin/devcontainer-utils

logger "info" "Installing Checkov CLI (version: ${CHECKOVCLIVERSION})"
logger "info" "Installing Checkov CLI (version: ${CHECKOVVERSION})"
bash "$(dirname "${0}")"/install-checkov-cli.sh

logger "info" "Installing Trivy CLI (version: ${TRIVYCLIVERSION})"
logger "info" "Installing Terrascan CLI (version: ${TERRASCANVERSION})"
bash "$(dirname "${0}")"/install-terrascan-cli.sh

logger "info" "Installing Trivy CLI (version: ${TRIVYVERSION})"
bash "$(dirname "${0}")"/install-trivy-cli.sh
6 changes: 6 additions & 0 deletions features/src/terraform/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

## [0.0.5] - 2024-04-05

## Changed

- Tidied files from install

## [0.0.4] - 2024-03-25

### Added
Expand Down
2 changes: 1 addition & 1 deletion features/src/terraform/devcontainer-feature.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"id": "terraform",
"version": "0.0.4",
"version": "0.0.5",
"name": "Terraform",
"description": "Installs the Terraform CLI",
"options": {
Expand Down
4 changes: 2 additions & 2 deletions features/src/terraform/install-terraform-cli.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,6 @@ unzip "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip"

install --owner=vscode --group=vscode --mode=775 terraform /usr/local/bin/terraform

rm --recursive --force terraform "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip"

install --owner=vscode --group=vscode --mode=775 "$(dirname "${0}")"/src/home/vscode/.devcontainer/featurerc.d/terraform.sh /home/vscode/.devcontainer/featurerc.d/terraform.sh

rm --recursive --force terraform "terraform_${VERSION_STRIP_V}_linux_${ARCHITECTURE}.zip"
1 change: 1 addition & 0 deletions features/test/static-analysis/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ source dev-container-features-test-lib

check "checkov version" checkov --version
check "trivy version" trivy --version
check "terrascan version" terrascan version

reportResults

0 comments on commit 6b4487e

Please sign in to comment.