mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-21 21:50:59 -05:00
Certs (#1470)
* adding cert * update readme * typo * make exec * spaces * adding better way * adding example * make shell happy * fix space * adding notes * bad var * duh
This commit is contained in:
parent
b94bec19c9
commit
e0e4a67f3a
4 changed files with 113 additions and 9 deletions
|
@ -337,6 +337,7 @@ RUN wget --tries=5 -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sger
|
||||||
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
||||||
&& apk add --no-cache \
|
&& apk add --no-cache \
|
||||||
bash \
|
bash \
|
||||||
|
ca-certificates \
|
||||||
glibc-${GLIBC_VERSION}.apk \
|
glibc-${GLIBC_VERSION}.apk \
|
||||||
gnupg \
|
gnupg \
|
||||||
php7 php7-phar php7-json php7-mbstring php-xmlwriter \
|
php7 php7-phar php7-json php7-mbstring php-xmlwriter \
|
||||||
|
|
15
README.md
15
README.md
|
@ -245,6 +245,7 @@ But if you wish to select or exclude specific linters, we give you full control
|
||||||
| **RUBY_CONFIG_FILE** | `.ruby-lint.yml` | Filename for [rubocop configuration](https://docs.rubocop.org/rubocop/configuration.html) (ex: `.ruby-lint.yml`, `.rubocop.yml`) |
|
| **RUBY_CONFIG_FILE** | `.ruby-lint.yml` | Filename for [rubocop configuration](https://docs.rubocop.org/rubocop/configuration.html) (ex: `.ruby-lint.yml`, `.rubocop.yml`) |
|
||||||
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
|
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
|
||||||
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
|
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
|
||||||
|
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
|
||||||
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
|
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
|
||||||
| **TYPESCRIPT_ES_CONFIG_FILE** | `.eslintrc.yml` | Filename for [eslint configuration](https://eslint.org/docs/user-guide/configuring#configuration-file-formats) (ex: `.eslintrc.yml`, `.eslintrc.json`) |
|
| **TYPESCRIPT_ES_CONFIG_FILE** | `.eslintrc.yml` | Filename for [eslint configuration](https://eslint.org/docs/user-guide/configuring#configuration-file-formats) (ex: `.eslintrc.yml`, `.eslintrc.json`) |
|
||||||
| **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. |
|
| **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. |
|
||||||
|
@ -367,6 +368,20 @@ You can checkout this repository using [Container Remote Development](https://co
|
||||||
|
|
||||||
We will also support [GitHub Codespaces](https://github.com/features/codespaces/) once it becomes available
|
We will also support [GitHub Codespaces](https://github.com/features/codespaces/) once it becomes available
|
||||||
|
|
||||||
|
### SSL Certs
|
||||||
|
|
||||||
|
If you need to inject a SSL cert into the trust store, you will need to first copy the cert to **GitHub Secrets**
|
||||||
|
Once you have copied the plain text certificate into **GitHub Secrets**, you can use the variable `SSL_CERT_SECRET` to point the **Super-Linter** to the files contents.
|
||||||
|
Once found, it will load the certificate contents to a file, and to the trust store.
|
||||||
|
- Example workflow:
|
||||||
|
```yml
|
||||||
|
- name: Lint Code Base
|
||||||
|
uses: github/super-linter@v3
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}
|
||||||
|
```
|
||||||
|
|
||||||
## Limitations
|
## Limitations
|
||||||
|
|
||||||
Below are a list of the known limitations for the **GitHub Super-Linter**:
|
Below are a list of the known limitations for the **GitHub Super-Linter**:
|
||||||
|
|
79
lib/functions/updateSSL.sh
Executable file
79
lib/functions/updateSSL.sh
Executable file
|
@ -0,0 +1,79 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
################################################################################
|
||||||
|
########### Super-Linter linting Functions @admiralawkbar ######################
|
||||||
|
################################################################################
|
||||||
|
################################################################################
|
||||||
|
########################## FUNCTION CALLS BELOW ################################
|
||||||
|
################################################################################
|
||||||
|
################################################################################
|
||||||
|
#### Function CheckSSLCert #####################################################
|
||||||
|
function CheckSSLCert() {
|
||||||
|
if [ -z "${SSL_CERT_SECRET}" ]; then
|
||||||
|
# No cert was passed
|
||||||
|
debug "User did not provide a SSL secret, moving on..."
|
||||||
|
else
|
||||||
|
# User has provided a cert file to upload
|
||||||
|
debug "User passed SSL secret:[${SSL_CERT_SECRET}]"
|
||||||
|
InstallSSLCert
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
################################################################################
|
||||||
|
#### Function InstallSSLCert ###################################################
|
||||||
|
function InstallSSLCert() {
|
||||||
|
#############
|
||||||
|
# Base Vars #
|
||||||
|
#############
|
||||||
|
CERT_FILE='/tmp/cert.crt'
|
||||||
|
CERT_ROOT='/usr/local/share/ca-certificates'
|
||||||
|
FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
|
||||||
|
|
||||||
|
#########################
|
||||||
|
# Echo secret into file #
|
||||||
|
#########################
|
||||||
|
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
|
||||||
|
|
||||||
|
########################################
|
||||||
|
# Put the cert in the correct location #
|
||||||
|
########################################
|
||||||
|
COPY_CMD=$(mv "${CERT_FILE}" "${CERT_ROOT}/${FILE_NAME}" 2>&1)
|
||||||
|
|
||||||
|
#######################
|
||||||
|
# Load the error code #
|
||||||
|
#######################
|
||||||
|
ERROR_CODE=$?
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# Check the shell for errors #
|
||||||
|
##############################
|
||||||
|
if [ "${ERROR_CODE}" -ne 0 ]; then
|
||||||
|
error "ERROR! Failed to move cert into location!"
|
||||||
|
fatal "ERROR:[${COPY_CMD}]"
|
||||||
|
else
|
||||||
|
info "Moved cert into location, adding to trust store..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
##############################################
|
||||||
|
# Update ca-certificates to pull in the cert #
|
||||||
|
##############################################
|
||||||
|
UPDATE_CMD=$(update-ca-certificates 2>&1)
|
||||||
|
|
||||||
|
#######################
|
||||||
|
# Load the error code #
|
||||||
|
#######################
|
||||||
|
ERROR_CODE=$?
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# Check the shell for errors #
|
||||||
|
##############################
|
||||||
|
if [ "${ERROR_CODE}" -ne 0 ]; then
|
||||||
|
# ERROR
|
||||||
|
error "ERROR! Failed to add cert to trust store!"
|
||||||
|
fatal "ERROR:[${UPDATE_CMD}]"
|
||||||
|
else
|
||||||
|
# Success
|
||||||
|
info "Successfully added cert to trust store"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
################################################################################
|
|
@ -44,21 +44,23 @@ export LOG_ERROR
|
||||||
# Source Function Files #
|
# Source Function Files #
|
||||||
#########################
|
#########################
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
|
source /action/lib/functions/buildFileList.sh # Source the function script(s)
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
source /action/lib/functions/detectFiles.sh # Source the function script(s)
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
source /action/lib/functions/linterRules.sh # Source the function script(s)
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
source /action/lib/functions/linterVersions.sh # Source the function script(s)
|
||||||
|
# shellcheck source=/dev/null
|
||||||
source /action/lib/functions/log.sh # Source the function script(s)
|
source /action/lib/functions/log.sh # Source the function script(s)
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
source /action/lib/functions/buildFileList.sh # Source the function script(s)
|
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
|
||||||
|
# shellcheck source=/dev/null
|
||||||
|
source /action/lib/functions/updateSSL.sh # Source the function script(s)
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
source /action/lib/functions/validation.sh # Source the function script(s)
|
source /action/lib/functions/validation.sh # Source the function script(s)
|
||||||
# shellcheck source=/dev/null
|
# shellcheck source=/dev/null
|
||||||
source /action/lib/functions/worker.sh # Source the function script(s)
|
source /action/lib/functions/worker.sh # Source the function script(s)
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source /action/lib/functions/linterRules.sh # Source the function script(s)
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source /action/lib/functions/detectFiles.sh # Source the function script(s)
|
|
||||||
# shellcheck source=/dev/null
|
|
||||||
source /action/lib/functions/linterVersions.sh # Source the function script(s)
|
|
||||||
|
|
||||||
###########
|
###########
|
||||||
# GLOBALS #
|
# GLOBALS #
|
||||||
|
@ -149,6 +151,8 @@ SNAKEMAKE_SNAKEFMT_FILE_NAME="${SNAKEMAKE_SNAKEFMT_CONFIG_FILE:-.snakefmt.toml}"
|
||||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||||
SUPPRESS_POSSUM="${SUPPRESS_POSSUM:-false}"
|
SUPPRESS_POSSUM="${SUPPRESS_POSSUM:-false}"
|
||||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||||
|
SSL_CERT_SECRET="${SSL_CERT_SECRET}"
|
||||||
|
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||||
SQL_FILE_NAME="${SQL_CONFIG_FILE:-.sql-config.json}"
|
SQL_FILE_NAME="${SQL_CONFIG_FILE:-.sql-config.json}"
|
||||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||||
TERRAFORM_FILE_NAME=".tflint.hcl"
|
TERRAFORM_FILE_NAME=".tflint.hcl"
|
||||||
|
@ -859,6 +863,11 @@ for i in "${!LINTER_COMMANDS_ARRAY[@]}"; do
|
||||||
done
|
done
|
||||||
debug "---------------------------------------------"
|
debug "---------------------------------------------"
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# Check for SSL cert and update #
|
||||||
|
#################################
|
||||||
|
CheckSSLCert
|
||||||
|
|
||||||
###########################################
|
###########################################
|
||||||
# Build the list of files for each linter #
|
# Build the list of files for each linter #
|
||||||
###########################################
|
###########################################
|
||||||
|
|
Loading…
Reference in a new issue