mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-25 07:31:05 -05:00
chore: simplify updateSSL (#5130)
Run command directly instead of checking their exit code afterwards.
This commit is contained in:
parent
05009f2816
commit
9bab4a90e8
4 changed files with 63 additions and 71 deletions
14
Makefile
14
Makefile
|
@ -4,7 +4,7 @@
|
||||||
all: info docker test ## Run all targets.
|
all: info docker test ## Run all targets.
|
||||||
|
|
||||||
.PHONY: test
|
.PHONY: test
|
||||||
test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-non-default-workdir test-git-flags test-linters ## Run the test suite
|
test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-linters ## Run the test suite
|
||||||
|
|
||||||
# if this session isn't interactive, then we don't want to allocate a
|
# if this session isn't interactive, then we don't want to allocate a
|
||||||
# TTY, which would fail, but if it is interactive, we do want to attach
|
# TTY, which would fail, but if it is interactive, we do want to attach
|
||||||
|
@ -259,6 +259,18 @@ test-default-config-files: ## Test default configuration files loading
|
||||||
-v "$(CURDIR)/docs":/tmp/lint \
|
-v "$(CURDIR)/docs":/tmp/lint \
|
||||||
$(SUPER_LINTER_TEST_CONTAINER_URL)
|
$(SUPER_LINTER_TEST_CONTAINER_URL)
|
||||||
|
|
||||||
|
.phony: test-custom-ssl-cert
|
||||||
|
test-custom-ssl-cert: ## Test the configuration of a custom SSL/TLS certificate
|
||||||
|
docker run \
|
||||||
|
-e RUN_LOCAL=true \
|
||||||
|
-e ACTIONS_RUNNER_DEBUG=true \
|
||||||
|
-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
|
||||||
|
-e DEFAULT_BRANCH=main \
|
||||||
|
-e USE_FIND_ALGORITHM=true \
|
||||||
|
-e SSL_CERT_SECRET="$(shell cat test/data/ssl-certificate/rootCA-test.crt)" \
|
||||||
|
-v "$(CURDIR)/docs":/tmp/lint \
|
||||||
|
$(SUPER_LINTER_TEST_CONTAINER_URL)
|
||||||
|
|
||||||
.phony: test-linters
|
.phony: test-linters
|
||||||
test-linters: ## Run the linters test suite
|
test-linters: ## Run the linters test suite
|
||||||
docker run \
|
docker run \
|
||||||
|
|
|
@ -1,14 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
########### Super-Linter linting Functions #####################################
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
########################## FUNCTION CALLS BELOW ################################
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
#### Function SetupSshAgent ####################################################
|
|
||||||
function SetupSshAgent() {
|
function SetupSshAgent() {
|
||||||
# Check to see if a SSH_KEY_SECRET was passed
|
# Check to see if a SSH_KEY_SECRET was passed
|
||||||
if [ -n "${SSH_KEY}" ]; then
|
if [ -n "${SSH_KEY}" ]; then
|
||||||
|
@ -19,8 +10,7 @@ function SetupSshAgent() {
|
||||||
ssh-add - <<<"${SSH_KEY}" 2>/dev/null
|
ssh-add - <<<"${SSH_KEY}" 2>/dev/null
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
################################################################################
|
|
||||||
#### Function SetupGithubComSshKeys ############################################
|
|
||||||
function SetupGithubComSshKeys() {
|
function SetupGithubComSshKeys() {
|
||||||
if [[ -n "${SSH_KEY}" || "${SSH_SETUP_GITHUB}" == "true" ]]; then
|
if [[ -n "${SSH_KEY}" || "${SSH_SETUP_GITHUB}" == "true" ]]; then
|
||||||
info "Adding github.com SSH keys"
|
info "Adding github.com SSH keys"
|
||||||
|
@ -41,4 +31,3 @@ function SetupGithubComSshKeys() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
################################################################################
|
|
||||||
|
|
|
@ -1,79 +1,39 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
########### Super-Linter linting Functions @admiralawkbar ######################
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
########################## FUNCTION CALLS BELOW ################################
|
|
||||||
################################################################################
|
|
||||||
################################################################################
|
|
||||||
#### Function CheckSSLCert #####################################################
|
|
||||||
function CheckSSLCert() {
|
function CheckSSLCert() {
|
||||||
if [ -z "${SSL_CERT_SECRET}" ]; then
|
if [ -z "${SSL_CERT_SECRET}" ]; then
|
||||||
# No cert was passed
|
# No cert was passed
|
||||||
debug "User did not provide a SSL secret, moving on..."
|
debug "User did not provide a SSL_CERT_SECRET"
|
||||||
else
|
else
|
||||||
# User has provided a cert file to upload
|
# User has provided a cert file to upload
|
||||||
debug "User passed SSL secret:[${SSL_CERT_SECRET}]"
|
debug "User configured a SSL_CERT_SECRET"
|
||||||
InstallSSLCert
|
InstallSSLCert
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
################################################################################
|
|
||||||
#### Function InstallSSLCert ###################################################
|
|
||||||
function InstallSSLCert() {
|
function InstallSSLCert() {
|
||||||
#############
|
local CERT_FILE
|
||||||
# Base Vars #
|
|
||||||
#############
|
|
||||||
CERT_FILE='/tmp/cert.crt'
|
CERT_FILE='/tmp/cert.crt'
|
||||||
|
local CERT_ROOT
|
||||||
CERT_ROOT='/usr/local/share/ca-certificates'
|
CERT_ROOT='/usr/local/share/ca-certificates'
|
||||||
|
local FILE_NAME
|
||||||
FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
|
FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
|
||||||
|
|
||||||
#########################
|
|
||||||
# Echo secret into file #
|
|
||||||
#########################
|
|
||||||
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
|
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
|
||||||
|
|
||||||
########################################
|
local CERT_DESTINATION
|
||||||
# Put the cert in the correct location #
|
CERT_DESTINATION="${CERT_ROOT}/${FILE_NAME}"
|
||||||
########################################
|
info "Moving certificate to ${CERT_DESTINATION}"
|
||||||
COPY_CMD=$(mv "${CERT_FILE}" "${CERT_ROOT}/${FILE_NAME}" 2>&1)
|
local COPY_CMD
|
||||||
|
if ! COPY_CMD=$(mv -v "${CERT_FILE}" "${CERT_DESTINATION}" 2>&1); then
|
||||||
#######################
|
fatal "Failed to move cert to ${CERT_DESTINATION}. Output: ${COPY_CMD}"
|
||||||
# Load the error code #
|
|
||||||
#######################
|
|
||||||
ERROR_CODE=$?
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# Check the shell for errors #
|
|
||||||
##############################
|
|
||||||
if [ "${ERROR_CODE}" -ne 0 ]; then
|
|
||||||
error "ERROR! Failed to move cert into location!"
|
|
||||||
fatal "ERROR:[${COPY_CMD}]"
|
|
||||||
else
|
|
||||||
info "Moved cert into location, adding to trust store..."
|
|
||||||
fi
|
fi
|
||||||
|
debug "Move certificate output: ${COPY_CMD}"
|
||||||
|
|
||||||
##############################################
|
info "Update cert store to consider the new certificate"
|
||||||
# Update ca-certificates to pull in the cert #
|
local UPDATE_CMD
|
||||||
##############################################
|
if ! UPDATE_CMD=$(update-ca-certificates 2>&1); then
|
||||||
UPDATE_CMD=$(update-ca-certificates 2>&1)
|
fatal "Failed to add the certificate to the trust store. Output: ${UPDATE_CMD}"
|
||||||
|
|
||||||
#######################
|
|
||||||
# Load the error code #
|
|
||||||
#######################
|
|
||||||
ERROR_CODE=$?
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# Check the shell for errors #
|
|
||||||
##############################
|
|
||||||
if [ "${ERROR_CODE}" -ne 0 ]; then
|
|
||||||
# ERROR
|
|
||||||
error "ERROR! Failed to add cert to trust store!"
|
|
||||||
fatal "ERROR:[${UPDATE_CMD}]"
|
|
||||||
else
|
|
||||||
# Success
|
|
||||||
info "Successfully added cert to trust store"
|
|
||||||
fi
|
fi
|
||||||
|
debug "Cert store update output: ${UPDATE_CMD}"
|
||||||
}
|
}
|
||||||
################################################################################
|
|
||||||
|
|
31
test/data/ssl-certificate/rootCA-test.crt
Normal file
31
test/data/ssl-certificate/rootCA-test.crt
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFWTCCA0GgAwIBAgIUOC6jhUoFsZnjjBW2PprtWU42pSUwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwOzEUMBIGA1UEAwwLZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMRYwFAYDVQQH
|
||||||
|
DA1TYW4gRnJhbnNpc2NvMCAXDTI0MDExMjEzMzc0OFoYDzIxMjEwNzAyMTMzNzQ4
|
||||||
|
WjA7MRQwEgYDVQQDDAtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMxFjAUBgNVBAcM
|
||||||
|
DVNhbiBGcmFuc2lzY28wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO
|
||||||
|
dOCh1uuHtwmrdfyhn+nZo+znIOVqMc6WTEfiSMjEzyu2aoRs6g33Ri+hA3eb7FJO
|
||||||
|
yMheG6m9b/kLawoEVrww0686+nr7d383jYRbuk56odh2B3oQ0w7m2s+YmQd6zY9Q
|
||||||
|
NVUovc2KC8/QAJtc5B66WNIo9ALsRoAke0h/F3j5W4JlZRxm/5Dy+91ZDhugzy8s
|
||||||
|
HzkFc1FS15CKDUKiSISwzR1UFEhKbxSA7Q6vMOK69hCOzxfPwpU8FutKa9LDWsqL
|
||||||
|
m43arZx6pn/suyqTwXanWtMRa2YwGDWtHIt9L4anNCtpc343ZGZ0Rg3pD8o1Rf/t
|
||||||
|
ylwgRDyJeeAhB291zhuw/XH/XS7tSfYL8/M+TjuPSn5s0d+2uzoKibYAv6xecEd+
|
||||||
|
BudhyQ6R0zbutsijPa/qE5geTtuQGK0KgrUO+OSI0uMrg49NFup5QUxgxVujq9ON
|
||||||
|
3CRHLZ15zoh+6AHzGeKjT+mvYCpfN3Psy1Ew1zQRaaVvgjrTAWegmJ/ohDUUsK/C
|
||||||
|
ECWvXu8OWoYJ9Oj6T4vimY+H/ayiqAeysK9X4Xl16VXMwkEBIGEQf/C+HLoCZKlb
|
||||||
|
BmD8OFPvhJbojcsla6FKh6PFfSLVSdej6z072SP+wbAttPfp69G7GfsagFZGjkZk
|
||||||
|
4oHRfn+9/2K22HutTILLb7USg5pgI85Nmm/2v/djFwIDAQABo1MwUTAdBgNVHQ4E
|
||||||
|
FgQUG9oBvDO9pINtlc0rGG6/8OUSBRwwHwYDVR0jBBgwFoAUG9oBvDO9pINtlc0r
|
||||||
|
GG6/8OUSBRwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAwT7/
|
||||||
|
25oTM0Tx86XmfIQ4zSSWxRhJxuOqlTIIehQ/UsOOiDCsdCxFwd+MkhfWlVLtDeTC
|
||||||
|
GDYgdX8C+FbpqodUDZrd48qZa+G0Z+WFGwPghGB5bCPpfWJSmKtL3sRGTUTxma6U
|
||||||
|
A8s1E/LOdVZRoHJJTxT+ktKzjlNbcBmcKRdMdAuEJtS39GBdtpph+iqC/pIFCyvs
|
||||||
|
Zq/mwqY33O7EP7Xv3NTQQSz2svcHzNidFSJAMUXGDF0uyjv+eDHRHl7cHHJ8HwII
|
||||||
|
fyGOOshcBF+KOZOkmPjJmVqXG+SAsEQVsaawTmXYZpYzBE3Rr10ND7vtu9eieqk/
|
||||||
|
L72dxb6f0iRB5fdxC7JtqGwec3EOeka4bzlats6711f7wszNp2xWOss0wnPpgdIy
|
||||||
|
WgtGZu2D1GyUD3lbQd/HLfpPguY2SolTMtLTqoBWKk8/5KKU0bykMjABuV+CtTQw
|
||||||
|
9PVTovUurZa1lY7Ox/qZ2bMmfw8ekvlzJTPMeVyCGSkJPeXpiY5M3ACJX6ne72v8
|
||||||
|
KqfNxNKBK74XjpjsL/iUjy8XttzrtIL40qfvMcz22MriPe9Q9GDywGkGbrXgblXX
|
||||||
|
RsufAamGRmvTM9mcDpPlf4qDEKMP/c23jKqSBFqqAUepiTpzveeRKAD2KOsLNpud
|
||||||
|
wKsysjuZvP0P5740pCSeSjvh8ZnIt5bdninHRYg=
|
||||||
|
-----END CERTIFICATE-----
|
Loading…
Reference in a new issue