diff --git a/.automation/test/terraform/good/terraform_good_1.tf b/.automation/test/terraform/good/terraform_good_1.tf index 330a28bf..48b98e43 100644 --- a/.automation/test/terraform/good/terraform_good_1.tf +++ b/.automation/test/terraform/good/terraform_good_1.tf @@ -4,6 +4,9 @@ resource "aws_instance" "good" { associate_public_ip_address = false vpc_security_group_ids = ["sg-12345678901234567"] + metadata_options { + http_endpoint = "disabled" + } ebs_block_device { encrypted = true diff --git a/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf b/.automation/test/terraform_terrascan/bad/terraform-terrascan_bad_1.tf similarity index 72% rename from .automation/test/terraform_terrascan/bad/terraform_bad_1.tf rename to .automation/test/terraform_terrascan/bad/terraform-terrascan_bad_1.tf index 2b2788b1..a924b48c 100644 --- a/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf +++ b/.automation/test/terraform_terrascan/bad/terraform-terrascan_bad_1.tf @@ -1,7 +1,9 @@ resource "aws_instance" "instanceWithNoVpc" { ami = "some-id" instance_type = "t2.micro" - + metadata_options { + http_endpoint = "disabled" + } tags = { Name = "HelloWorld" } diff --git a/.automation/test/terraform_terrascan/good/terraform_good_1.tf b/.automation/test/terraform_terrascan/good/terraform-terrascan_good_1.tf similarity index 80% rename from .automation/test/terraform_terrascan/good/terraform_good_1.tf rename to .automation/test/terraform_terrascan/good/terraform-terrascan_good_1.tf index 7d4e8853..f4e87e01 100644 --- a/.automation/test/terraform_terrascan/good/terraform_good_1.tf +++ b/.automation/test/terraform_terrascan/good/terraform-terrascan_good_1.tf @@ -4,7 +4,9 @@ resource "aws_instance" "instanceWithVpc" { vpc_security_group_ids = ["sg-12345678901234567"] subnet_id = "subnet-12345678901234567" - + metadata_options { + http_endpoint = "disabled" + } tags = { Name = "HelloWorld" } diff --git a/.automation/test/terraform_terrascan/reports/expected-TERRAFORM_TERRASCAN.tap b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM_TERRASCAN.tap index 3e0c1bd6..474750f7 100644 --- a/.automation/test/terraform_terrascan/reports/expected-TERRAFORM_TERRASCAN.tap +++ b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM_TERRASCAN.tap @@ -1,7 +1,7 @@ TAP version 13 1..2 -not ok 1 - terraform_bad_1.tf +not ok 1 - terraform-terrascan_bad_1.tf --- - message: results \n violations \n - rule_name instanceWithNoVpc\n description Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.\n rule_id AWS.Instance.NetworkSecurity.Medium.0506\n severity MEDIUM\n category Network Security\n resource_name instanceWithNoVpc\n resource_type aws_instance\n file terraform_bad_1.tf\n line 1\n count \n low 0\n medium 1\n high 0\n total 1\n + message: results \n violations \n - rule_name instanceWithNoVpc\n description Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.\n rule_id AWS.Instance.NetworkSecurity.Medium.0506\n severity MEDIUM\n category Network Security\n resource_name instanceWithNoVpc\n resource_type aws_instance\n file terraform-terrascan_bad_1.tf\n line 1\n count \n low 0\n medium 1\n high 0\n total 1\n ... -ok 2 - terraform_good_1.tf +ok 2 - terraform-terrascan_good_1.tf diff --git a/.github/workflows/deploy-RELEASE.yml b/.github/workflows/deploy-RELEASE.yml index 5fa3dc08..62f114bb 100644 --- a/.github/workflows/deploy-RELEASE.yml +++ b/.github/workflows/deploy-RELEASE.yml @@ -43,28 +43,27 @@ jobs: # Run Deploy script for Dockerhub # ################################### - name: Deploy Release image to Dockerhub - env: - # Set the Env Vars - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - IMAGE_REPO: github/super-linter - IMAGE_VERSION: ${{ github.event.release.tag_name }} - DOCKERFILE_PATH: Dockerfile - REGISTRY: Docker - shell: bash - run: .automation/upload-docker.sh + uses: whoan/docker-build-with-cache-action@v5 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + image_name: github/super-linter + image_tag: ${{ github.event.release.tag_name }} + dockerfile: Dockerfile + build_extra_args: "--build-arg=BUILD_DATE=${BUILD_DATE} --build-arg=BUILD_REVISION=${GITHUB_SHA} --build-arg=BUILD_VERSION=${GITHUB_SHA}" + push_image_and_stages: true ################################################### # Run Deploy script for GitHub Container Registry # ################################################### - name: Deploy Release image to GitHub Container Registry - env: - # Set the Env Vars - GCR_USERNAME: ${{ secrets.GCR_USERNAME }} - GCR_TOKEN: ${{ secrets.GCR_TOKEN }} - IMAGE_REPO: github/super-linter - IMAGE_VERSION: ${{ github.event.release.tag_name }} - DOCKERFILE_PATH: Dockerfile - REGISTRY: GCR - shell: bash - run: .automation/upload-docker.sh + uses: whoan/docker-build-with-cache-action@v5 + with: + username: ${{ secrets.GCR_USERNAME }} + password: ${{ secrets.GCR_PASSWORD }} + repository: ghcr.io + image_name: github/super-linter + image_tag: ${{ github.event.release.tag_name }} + dockerfile: Dockerfile + build_extra_args: "--build-arg=BUILD_DATE=${BUILD_DATE} --build-arg=BUILD_REVISION=${GITHUB_SHA} --build-arg=BUILD_VERSION=${GITHUB_SHA}" + push_image_and_stages: true diff --git a/lib/functions/buildFileList.sh b/lib/functions/buildFileList.sh index 1d364bd4..2279e1e6 100755 --- a/lib/functions/buildFileList.sh +++ b/lib/functions/buildFileList.sh @@ -61,12 +61,30 @@ function BuildFileList() { # print header # ################ debug "----------------------------------------------" - debug "Generating Diff with:[git diff-tree --no-commit-id --name-only -r \"${GITHUB_SHA}]\"" + debug "Generating Diff with:[git diff-tree --no-commit-id --name-only -r \"${GITHUB_SHA}\"]" ################################################# # Get the Array of files changed in the commits # ################################################# mapfile -t RAW_FILE_ARRAY < <(git diff-tree --no-commit-id --name-only -r "${GITHUB_SHA}" 2>&1) + + ############################################################### + # Need to see if the array is empty, if so, try the other way # + ############################################################### + if [ ${#RAW_FILE_ARRAY[@]} -eq 0 ]; then + # Empty array, going to try to pull from main branch differences + ################ + # print header # + ################ + debug "----------------------------------------------" + debug "WARN: Generation of File array with diff-tree produced [0] items, trying with git diff..." + debug "Generating Diff with:[git diff --name-only '${DEFAULT_BRANCH}...${GITHUB_SHA}' --diff-filter=d]" + + ################################################# + # Get the Array of files changed in the commits # + ################################################# + mapfile -t RAW_FILE_ARRAY < <(git -C "${GITHUB_WORKSPACE}" diff --name-only "${DEFAULT_BRANCH}...${GITHUB_SHA}" --diff-filter=d 2>&1) + fi else ################ # PR event #