fixing logic for file find (#1049)

* fixing logic

* fix warn error

* fix files

* maybe?

* fix test name

* fix test
This commit is contained in:
Lukas Gravley 2020-12-03 16:17:55 -06:00 committed by GitHub
parent cf0e6a9704
commit 6f1a131b14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 50 additions and 26 deletions

View file

@ -4,6 +4,9 @@ resource "aws_instance" "good" {
associate_public_ip_address = false associate_public_ip_address = false
vpc_security_group_ids = ["sg-12345678901234567"] vpc_security_group_ids = ["sg-12345678901234567"]
metadata_options {
http_endpoint = "disabled"
}
ebs_block_device { ebs_block_device {
encrypted = true encrypted = true

View file

@ -1,7 +1,9 @@
resource "aws_instance" "instanceWithNoVpc" { resource "aws_instance" "instanceWithNoVpc" {
ami = "some-id" ami = "some-id"
instance_type = "t2.micro" instance_type = "t2.micro"
metadata_options {
http_endpoint = "disabled"
}
tags = { tags = {
Name = "HelloWorld" Name = "HelloWorld"
} }

View file

@ -4,7 +4,9 @@ resource "aws_instance" "instanceWithVpc" {
vpc_security_group_ids = ["sg-12345678901234567"] vpc_security_group_ids = ["sg-12345678901234567"]
subnet_id = "subnet-12345678901234567" subnet_id = "subnet-12345678901234567"
metadata_options {
http_endpoint = "disabled"
}
tags = { tags = {
Name = "HelloWorld" Name = "HelloWorld"
} }

View file

@ -1,7 +1,7 @@
TAP version 13 TAP version 13
1..2 1..2
not ok 1 - terraform_bad_1.tf not ok 1 - terraform-terrascan_bad_1.tf
--- ---
message: results \n violations \n - rule_name instanceWithNoVpc\n description Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.\n rule_id AWS.Instance.NetworkSecurity.Medium.0506\n severity MEDIUM\n category Network Security\n resource_name instanceWithNoVpc\n resource_type aws_instance\n file terraform_bad_1.tf\n line 1\n count \n low 0\n medium 1\n high 0\n total 1\n message: results \n violations \n - rule_name instanceWithNoVpc\n description Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.\n rule_id AWS.Instance.NetworkSecurity.Medium.0506\n severity MEDIUM\n category Network Security\n resource_name instanceWithNoVpc\n resource_type aws_instance\n file terraform-terrascan_bad_1.tf\n line 1\n count \n low 0\n medium 1\n high 0\n total 1\n
... ...
ok 2 - terraform_good_1.tf ok 2 - terraform-terrascan_good_1.tf

View file

@ -43,28 +43,27 @@ jobs:
# Run Deploy script for Dockerhub # # Run Deploy script for Dockerhub #
################################### ###################################
- name: Deploy Release image to Dockerhub - name: Deploy Release image to Dockerhub
env: uses: whoan/docker-build-with-cache-action@v5
# Set the Env Vars with:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} username: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} password: ${{ secrets.DOCKER_PASSWORD }}
IMAGE_REPO: github/super-linter image_name: github/super-linter
IMAGE_VERSION: ${{ github.event.release.tag_name }} image_tag: ${{ github.event.release.tag_name }}
DOCKERFILE_PATH: Dockerfile dockerfile: Dockerfile
REGISTRY: Docker build_extra_args: "--build-arg=BUILD_DATE=${BUILD_DATE} --build-arg=BUILD_REVISION=${GITHUB_SHA} --build-arg=BUILD_VERSION=${GITHUB_SHA}"
shell: bash push_image_and_stages: true
run: .automation/upload-docker.sh
################################################### ###################################################
# Run Deploy script for GitHub Container Registry # # Run Deploy script for GitHub Container Registry #
################################################### ###################################################
- name: Deploy Release image to GitHub Container Registry - name: Deploy Release image to GitHub Container Registry
env: uses: whoan/docker-build-with-cache-action@v5
# Set the Env Vars with:
GCR_USERNAME: ${{ secrets.GCR_USERNAME }} username: ${{ secrets.GCR_USERNAME }}
GCR_TOKEN: ${{ secrets.GCR_TOKEN }} password: ${{ secrets.GCR_PASSWORD }}
IMAGE_REPO: github/super-linter repository: ghcr.io
IMAGE_VERSION: ${{ github.event.release.tag_name }} image_name: github/super-linter
DOCKERFILE_PATH: Dockerfile image_tag: ${{ github.event.release.tag_name }}
REGISTRY: GCR dockerfile: Dockerfile
shell: bash build_extra_args: "--build-arg=BUILD_DATE=${BUILD_DATE} --build-arg=BUILD_REVISION=${GITHUB_SHA} --build-arg=BUILD_VERSION=${GITHUB_SHA}"
run: .automation/upload-docker.sh push_image_and_stages: true

View file

@ -61,12 +61,30 @@ function BuildFileList() {
# print header # # print header #
################ ################
debug "----------------------------------------------" debug "----------------------------------------------"
debug "Generating Diff with:[git diff-tree --no-commit-id --name-only -r \"${GITHUB_SHA}]\"" debug "Generating Diff with:[git diff-tree --no-commit-id --name-only -r \"${GITHUB_SHA}\"]"
################################################# #################################################
# Get the Array of files changed in the commits # # Get the Array of files changed in the commits #
################################################# #################################################
mapfile -t RAW_FILE_ARRAY < <(git diff-tree --no-commit-id --name-only -r "${GITHUB_SHA}" 2>&1) mapfile -t RAW_FILE_ARRAY < <(git diff-tree --no-commit-id --name-only -r "${GITHUB_SHA}" 2>&1)
###############################################################
# Need to see if the array is empty, if so, try the other way #
###############################################################
if [ ${#RAW_FILE_ARRAY[@]} -eq 0 ]; then
# Empty array, going to try to pull from main branch differences
################
# print header #
################
debug "----------------------------------------------"
debug "WARN: Generation of File array with diff-tree produced [0] items, trying with git diff..."
debug "Generating Diff with:[git diff --name-only '${DEFAULT_BRANCH}...${GITHUB_SHA}' --diff-filter=d]"
#################################################
# Get the Array of files changed in the commits #
#################################################
mapfile -t RAW_FILE_ARRAY < <(git -C "${GITHUB_WORKSPACE}" diff --name-only "${DEFAULT_BRANCH}...${GITHUB_SHA}" --diff-filter=d 2>&1)
fi
else else
################ ################
# PR event # # PR event #