diff --git a/Dockerfile b/Dockerfile index 4d207ae7..d62dddef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,6 +25,8 @@ FROM zricethezav/gitleaks:v8.18.2 as gitleaks FROM yoheimuta/protolint:0.47.5 as protolint FROM ghcr.io/clj-kondo/clj-kondo:2023.12.15-alpine as clj-kondo FROM dart:3.2.6-sdk as dart +FROM mcr.microsoft.com/dotnet/sdk:8.0.101-alpine3.19 as dotnet-sdk +FROM mcr.microsoft.com/powershell:7.3-alpine-3.17 as powershell FROM python:3.12.1-alpine3.19 as clang-format @@ -106,6 +108,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"] COPY scripts/install-lintr.sh scripts/install-r-package-or-fail.R / RUN /install-lintr.sh && rm -rf /install-lintr.sh /install-r-package-or-fail.R +FROM powershell as powershell-installer + +# Copy the value of the PowerShell install directory to a file so we can reuse it +# when copying PowerShell stuff in the main image +RUN echo "${PS_INSTALL_FOLDER}" > /tmp/PS_INSTALL_FOLDER + FROM python:3.12.1-alpine3.19 as base_image LABEL com.github.actions.name="Super-Linter" \ @@ -432,9 +440,6 @@ FROM base_image as standard # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope ARG TARGETARCH -ARG PWSH_VERSION='latest' -ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell' -ARG PSSA_VERSION='1.21.0' ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1" ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet" @@ -455,14 +460,24 @@ COPY --from=dotenv-linter /dotenv-linter /usr/bin/ ################################### # Install DotNet and Dependencies # ################################### -COPY scripts/install-dotnet.sh / -RUN /install-dotnet.sh && rm -rf /install-dotnet.sh +COPY --from=dotnet-sdk /usr/share/dotnet /usr/share/dotnet +# Trigger first run experience by running arbitrary cmd +RUN dotnet help ######################################### # Install Powershell + PSScriptAnalyzer # ######################################### -COPY scripts/install-pwsh.sh / -RUN --mount=type=secret,id=GITHUB_TOKEN /install-pwsh.sh && rm -rf /install-pwsh.sh +COPY --from=powershell-installer /tmp/PS_INSTALL_FOLDER /tmp/PS_INSTALL_FOLDER +COPY --from=powershell /opt/microsoft/powershell /opt/microsoft/powershell +# Disable Powershell telemetry +ENV POWERSHELL_TELEMETRY_OPTOUT=1 +ARG PSSA_VERSION='1.21.0' +RUN PS_INSTALL_FOLDER="$(cat /tmp/PS_INSTALL_FOLDER)" \ + && echo "PS_INSTALL_FOLDER: ${PS_INSTALL_FOLDER}" \ + && ln -s "${PS_INSTALL_FOLDER}/pwsh" /usr/bin/pwsh \ + && chmod a+x,o-w "${PS_INSTALL_FOLDER}/pwsh" \ + && pwsh -c "Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force" \ + && rm -rf /tmp/PS_INSTALL_FOLDER ############################################################# # Install Azure Resource Manager Template Toolkit (arm-ttk) # diff --git a/scripts/install-dotnet.sh b/scripts/install-dotnet.sh deleted file mode 100755 index 8fbe6a75..00000000 --- a/scripts/install-dotnet.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -curl --retry 5 --retry-delay 5 -sLO https://dot.net/v1/dotnet-install.sh -chmod +x dotnet-install.sh -./dotnet-install.sh --install-dir /usr/share/dotnet -channel LTS -version latest -rm -rfv ./dotnet-install.sh diff --git a/scripts/install-pwsh.sh b/scripts/install-pwsh.sh deleted file mode 100755 index 29627b6f..00000000 --- a/scripts/install-pwsh.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -# Reference: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7 -# Slightly modified to always retrieve latest stable Powershell version -# If changing PWSH_VERSION='latest' to a specific version, use format PWSH_VERSION='tags/v7.0.2' - -case $TARGETARCH in -amd64) - target=x64 - ;; -*) - echo "$TARGETARCH is not supported" - exit 1 - ;; -esac - -mkdir -p "${PWSH_DIRECTORY}" -url=$( - set -euo pipefail - curl -s \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ - "https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" | - jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url' -) -curl --retry 5 --retry-delay 5 -sL \ - -H "Accept: application/octet-stream" \ - -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ - "${url}" | tar -xz -C "${PWSH_DIRECTORY}" -chmod +x "${PWSH_DIRECTORY}/pwsh" -ln -sf "${PWSH_DIRECTORY}/pwsh" /usr/bin/pwsh -pwsh -c "Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force" diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb index c30101a6..0551a166 100644 --- a/test/inspec/super-linter/controls/super_linter.rb +++ b/test/inspec/super-linter/controls/super_linter.rb @@ -6,6 +6,9 @@ image = ENV["IMAGE"] version_file_path = "/action/linterVersions.txt" control "super-linter-environment-variables" do + impact 1 + title "Super-Linter environment variables check" + desc "Check that environment variables that Super-Linter needs are defined." describe os_env("VERSION_FILE") do its("content") { should eq version_file_path } @@ -14,6 +17,12 @@ control "super-linter-environment-variables" do describe os_env("IMAGE") do its("content") { should match(/^(standard|slim)$/) } end + + if (image == "standard") + describe os_env("POWERSHELL_TELEMETRY_OPTOUT") do + its("content") { should eq "1" } + end + end end ##################################################