build: install dotnet and powershell from images (#5245)

Install the .NET SDK and PowerShell from their container images so that
we avoid spending time running their installers, and we can control
their updates automatically.

Close #5243

Dockerfile

@@ -25,6 +25,8 @@ FROM zricethezav/gitleaks:v8.18.2 as gitleaks
 FROM yoheimuta/protolint:0.47.5 as protolint
 FROM ghcr.io/clj-kondo/clj-kondo:2023.12.15-alpine as clj-kondo
 FROM dart:3.2.6-sdk as dart
+FROM mcr.microsoft.com/dotnet/sdk:8.0.101-alpine3.19 as dotnet-sdk
+FROM mcr.microsoft.com/powershell:7.3-alpine-3.17 as powershell
 
 FROM python:3.12.1-alpine3.19 as clang-format
 
@@ -106,6 +108,12 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 COPY scripts/install-lintr.sh scripts/install-r-package-or-fail.R /
 RUN /install-lintr.sh && rm -rf /install-lintr.sh /install-r-package-or-fail.R
 
+FROM powershell as powershell-installer
+
+# Copy the value of the PowerShell install directory to a file so we can reuse it
+# when copying PowerShell stuff in the main image
+RUN echo "${PS_INSTALL_FOLDER}" > /tmp/PS_INSTALL_FOLDER
+
 FROM python:3.12.1-alpine3.19 as base_image
 
 LABEL com.github.actions.name="Super-Linter" \
@@ -432,9 +440,6 @@ FROM base_image as standard
 
 # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
 ARG TARGETARCH
-ARG PWSH_VERSION='latest'
-ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
-ARG PSSA_VERSION='1.21.0'
 
 ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1"
 ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet"
@@ -455,14 +460,24 @@ COPY --from=dotenv-linter /dotenv-linter /usr/bin/
 ###################################
 # Install DotNet and Dependencies #
 ###################################
-COPY scripts/install-dotnet.sh /
+COPY --from=dotnet-sdk /usr/share/dotnet /usr/share/dotnet
-RUN /install-dotnet.sh && rm -rf /install-dotnet.sh
+# Trigger first run experience by running arbitrary cmd
+RUN dotnet help
 
 #########################################
 # Install Powershell + PSScriptAnalyzer #
 #########################################
-COPY scripts/install-pwsh.sh /
+COPY --from=powershell-installer /tmp/PS_INSTALL_FOLDER /tmp/PS_INSTALL_FOLDER
-RUN --mount=type=secret,id=GITHUB_TOKEN /install-pwsh.sh && rm -rf /install-pwsh.sh
+COPY --from=powershell /opt/microsoft/powershell /opt/microsoft/powershell
+# Disable Powershell telemetry
+ENV POWERSHELL_TELEMETRY_OPTOUT=1
+ARG PSSA_VERSION='1.21.0'
+RUN PS_INSTALL_FOLDER="$(cat /tmp/PS_INSTALL_FOLDER)" \
+    && echo "PS_INSTALL_FOLDER: ${PS_INSTALL_FOLDER}" \
+    && ln -s "${PS_INSTALL_FOLDER}/pwsh" /usr/bin/pwsh \
+    && chmod a+x,o-w "${PS_INSTALL_FOLDER}/pwsh" \
+    && pwsh -c "Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force" \
+    && rm -rf /tmp/PS_INSTALL_FOLDER
 
 #############################################################
 # Install Azure Resource Manager Template Toolkit (arm-ttk) #

scripts/install-dotnet.sh

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-curl --retry 5 --retry-delay 5 -sLO https://dot.net/v1/dotnet-install.sh
-chmod +x dotnet-install.sh
-./dotnet-install.sh --install-dir /usr/share/dotnet -channel LTS -version latest
-rm -rfv ./dotnet-install.sh

scripts/install-pwsh.sh

@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# Reference: https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux?view=powershell-7
-# Slightly modified to always retrieve latest stable Powershell version
-# If changing PWSH_VERSION='latest' to a specific version, use format PWSH_VERSION='tags/v7.0.2'
-
-case $TARGETARCH in
-amd64)
-  target=x64
-  ;;
-*)
-  echo "$TARGETARCH is not supported"
-  exit 1
-  ;;
-esac
-
-mkdir -p "${PWSH_DIRECTORY}"
-url=$(
-  set -euo pipefail
-  curl -s \
-    -H "Accept: application/vnd.github+json" \
-    -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
-    "https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" |
-    jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url'
-)
-curl --retry 5 --retry-delay 5 -sL \
-  -H "Accept: application/octet-stream" \
-  -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
-  "${url}" | tar -xz -C "${PWSH_DIRECTORY}"
-chmod +x "${PWSH_DIRECTORY}/pwsh"
-ln -sf "${PWSH_DIRECTORY}/pwsh" /usr/bin/pwsh
-pwsh -c "Install-Module -Name PSScriptAnalyzer -RequiredVersion ${PSSA_VERSION} -Scope AllUsers -Force"

test/inspec/super-linter/controls/super_linter.rb

@@ -6,6 +6,9 @@ image = ENV["IMAGE"]
 version_file_path = "/action/linterVersions.txt"
 
 control "super-linter-environment-variables" do
+  impact 1
+  title "Super-Linter environment variables check"
+  desc "Check that environment variables that Super-Linter needs are defined."
 
   describe os_env("VERSION_FILE") do
     its("content") { should eq version_file_path }
@@ -14,6 +17,12 @@ control "super-linter-environment-variables" do
   describe os_env("IMAGE") do
     its("content") { should match(/^(standard|slim)$/) }
   end
+
+  if (image == "standard")
+    describe os_env("POWERSHELL_TELEMETRY_OPTOUT") do
+      its("content") { should eq "1" }
+    end
+  end
 end
 
 ##################################################