chore: simplify updateSSL (#5130)

Run command directly instead of checking their exit code afterwards.
This commit is contained in:
Marco Ferrari 2024-01-30 09:05:47 +01:00 committed by GitHub
parent 05009f2816
commit 9bab4a90e8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 63 additions and 71 deletions

View file

@ -4,7 +4,7 @@
all: info docker test ## Run all targets. all: info docker test ## Run all targets.
.PHONY: test .PHONY: test
test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-non-default-workdir test-git-flags test-linters ## Run the test suite test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-linters ## Run the test suite
# if this session isn't interactive, then we don't want to allocate a # if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach # TTY, which would fail, but if it is interactive, we do want to attach
@ -259,6 +259,18 @@ test-default-config-files: ## Test default configuration files loading
-v "$(CURDIR)/docs":/tmp/lint \ -v "$(CURDIR)/docs":/tmp/lint \
$(SUPER_LINTER_TEST_CONTAINER_URL) $(SUPER_LINTER_TEST_CONTAINER_URL)
.phony: test-custom-ssl-cert
test-custom-ssl-cert: ## Test the configuration of a custom SSL/TLS certificate
docker run \
-e RUN_LOCAL=true \
-e ACTIONS_RUNNER_DEBUG=true \
-e ENABLE_GITHUB_ACTIONS_GROUP_TITLE=true \
-e DEFAULT_BRANCH=main \
-e USE_FIND_ALGORITHM=true \
-e SSL_CERT_SECRET="$(shell cat test/data/ssl-certificate/rootCA-test.crt)" \
-v "$(CURDIR)/docs":/tmp/lint \
$(SUPER_LINTER_TEST_CONTAINER_URL)
.phony: test-linters .phony: test-linters
test-linters: ## Run the linters test suite test-linters: ## Run the linters test suite
docker run \ docker run \

View file

@ -1,14 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
################################################################################
################################################################################
########### Super-Linter linting Functions #####################################
################################################################################
################################################################################
########################## FUNCTION CALLS BELOW ################################
################################################################################
################################################################################
#### Function SetupSshAgent ####################################################
function SetupSshAgent() { function SetupSshAgent() {
# Check to see if a SSH_KEY_SECRET was passed # Check to see if a SSH_KEY_SECRET was passed
if [ -n "${SSH_KEY}" ]; then if [ -n "${SSH_KEY}" ]; then
@ -19,8 +10,7 @@ function SetupSshAgent() {
ssh-add - <<<"${SSH_KEY}" 2>/dev/null ssh-add - <<<"${SSH_KEY}" 2>/dev/null
fi fi
} }
################################################################################
#### Function SetupGithubComSshKeys ############################################
function SetupGithubComSshKeys() { function SetupGithubComSshKeys() {
if [[ -n "${SSH_KEY}" || "${SSH_SETUP_GITHUB}" == "true" ]]; then if [[ -n "${SSH_KEY}" || "${SSH_SETUP_GITHUB}" == "true" ]]; then
info "Adding github.com SSH keys" info "Adding github.com SSH keys"
@ -41,4 +31,3 @@ function SetupGithubComSshKeys() {
fi fi
fi fi
} }
################################################################################

View file

@ -1,79 +1,39 @@
#!/usr/bin/env bash #!/usr/bin/env bash
################################################################################
################################################################################
########### Super-Linter linting Functions @admiralawkbar ######################
################################################################################
################################################################################
########################## FUNCTION CALLS BELOW ################################
################################################################################
################################################################################
#### Function CheckSSLCert #####################################################
function CheckSSLCert() { function CheckSSLCert() {
if [ -z "${SSL_CERT_SECRET}" ]; then if [ -z "${SSL_CERT_SECRET}" ]; then
# No cert was passed # No cert was passed
debug "User did not provide a SSL secret, moving on..." debug "User did not provide a SSL_CERT_SECRET"
else else
# User has provided a cert file to upload # User has provided a cert file to upload
debug "User passed SSL secret:[${SSL_CERT_SECRET}]" debug "User configured a SSL_CERT_SECRET"
InstallSSLCert InstallSSLCert
fi fi
} }
################################################################################
#### Function InstallSSLCert ###################################################
function InstallSSLCert() { function InstallSSLCert() {
############# local CERT_FILE
# Base Vars #
#############
CERT_FILE='/tmp/cert.crt' CERT_FILE='/tmp/cert.crt'
local CERT_ROOT
CERT_ROOT='/usr/local/share/ca-certificates' CERT_ROOT='/usr/local/share/ca-certificates'
local FILE_NAME
FILE_NAME=$(basename "${CERT_FILE}" 2>&1) FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
#########################
# Echo secret into file #
#########################
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}" echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
######################################## local CERT_DESTINATION
# Put the cert in the correct location # CERT_DESTINATION="${CERT_ROOT}/${FILE_NAME}"
######################################## info "Moving certificate to ${CERT_DESTINATION}"
COPY_CMD=$(mv "${CERT_FILE}" "${CERT_ROOT}/${FILE_NAME}" 2>&1) local COPY_CMD
if ! COPY_CMD=$(mv -v "${CERT_FILE}" "${CERT_DESTINATION}" 2>&1); then
####################### fatal "Failed to move cert to ${CERT_DESTINATION}. Output: ${COPY_CMD}"
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ "${ERROR_CODE}" -ne 0 ]; then
error "ERROR! Failed to move cert into location!"
fatal "ERROR:[${COPY_CMD}]"
else
info "Moved cert into location, adding to trust store..."
fi fi
debug "Move certificate output: ${COPY_CMD}"
############################################## info "Update cert store to consider the new certificate"
# Update ca-certificates to pull in the cert # local UPDATE_CMD
############################################## if ! UPDATE_CMD=$(update-ca-certificates 2>&1); then
UPDATE_CMD=$(update-ca-certificates 2>&1) fatal "Failed to add the certificate to the trust store. Output: ${UPDATE_CMD}"
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ "${ERROR_CODE}" -ne 0 ]; then
# ERROR
error "ERROR! Failed to add cert to trust store!"
fatal "ERROR:[${UPDATE_CMD}]"
else
# Success
info "Successfully added cert to trust store"
fi fi
debug "Cert store update output: ${UPDATE_CMD}"
} }
################################################################################

View file

@ -0,0 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIFWTCCA0GgAwIBAgIUOC6jhUoFsZnjjBW2PprtWU42pSUwDQYJKoZIhvcNAQEL
BQAwOzEUMBIGA1UEAwwLZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVTMRYwFAYDVQQH
DA1TYW4gRnJhbnNpc2NvMCAXDTI0MDExMjEzMzc0OFoYDzIxMjEwNzAyMTMzNzQ4
WjA7MRQwEgYDVQQDDAtleGFtcGxlLmNvbTELMAkGA1UEBhMCVVMxFjAUBgNVBAcM
DVNhbiBGcmFuc2lzY28wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO
dOCh1uuHtwmrdfyhn+nZo+znIOVqMc6WTEfiSMjEzyu2aoRs6g33Ri+hA3eb7FJO
yMheG6m9b/kLawoEVrww0686+nr7d383jYRbuk56odh2B3oQ0w7m2s+YmQd6zY9Q
NVUovc2KC8/QAJtc5B66WNIo9ALsRoAke0h/F3j5W4JlZRxm/5Dy+91ZDhugzy8s
HzkFc1FS15CKDUKiSISwzR1UFEhKbxSA7Q6vMOK69hCOzxfPwpU8FutKa9LDWsqL
m43arZx6pn/suyqTwXanWtMRa2YwGDWtHIt9L4anNCtpc343ZGZ0Rg3pD8o1Rf/t
ylwgRDyJeeAhB291zhuw/XH/XS7tSfYL8/M+TjuPSn5s0d+2uzoKibYAv6xecEd+
BudhyQ6R0zbutsijPa/qE5geTtuQGK0KgrUO+OSI0uMrg49NFup5QUxgxVujq9ON
3CRHLZ15zoh+6AHzGeKjT+mvYCpfN3Psy1Ew1zQRaaVvgjrTAWegmJ/ohDUUsK/C
ECWvXu8OWoYJ9Oj6T4vimY+H/ayiqAeysK9X4Xl16VXMwkEBIGEQf/C+HLoCZKlb
BmD8OFPvhJbojcsla6FKh6PFfSLVSdej6z072SP+wbAttPfp69G7GfsagFZGjkZk
4oHRfn+9/2K22HutTILLb7USg5pgI85Nmm/2v/djFwIDAQABo1MwUTAdBgNVHQ4E
FgQUG9oBvDO9pINtlc0rGG6/8OUSBRwwHwYDVR0jBBgwFoAUG9oBvDO9pINtlc0r
GG6/8OUSBRwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAwT7/
25oTM0Tx86XmfIQ4zSSWxRhJxuOqlTIIehQ/UsOOiDCsdCxFwd+MkhfWlVLtDeTC
GDYgdX8C+FbpqodUDZrd48qZa+G0Z+WFGwPghGB5bCPpfWJSmKtL3sRGTUTxma6U
A8s1E/LOdVZRoHJJTxT+ktKzjlNbcBmcKRdMdAuEJtS39GBdtpph+iqC/pIFCyvs
Zq/mwqY33O7EP7Xv3NTQQSz2svcHzNidFSJAMUXGDF0uyjv+eDHRHl7cHHJ8HwII
fyGOOshcBF+KOZOkmPjJmVqXG+SAsEQVsaawTmXYZpYzBE3Rr10ND7vtu9eieqk/
L72dxb6f0iRB5fdxC7JtqGwec3EOeka4bzlats6711f7wszNp2xWOss0wnPpgdIy
WgtGZu2D1GyUD3lbQd/HLfpPguY2SolTMtLTqoBWKk8/5KKU0bykMjABuV+CtTQw
9PVTovUurZa1lY7Ox/qZ2bMmfw8ekvlzJTPMeVyCGSkJPeXpiY5M3ACJX6ne72v8
KqfNxNKBK74XjpjsL/iUjy8XttzrtIL40qfvMcz22MriPe9Q9GDywGkGbrXgblXX
RsufAamGRmvTM9mcDpPlf4qDEKMP/c23jKqSBFqqAUepiTpzveeRKAD2KOsLNpud
wKsysjuZvP0P5740pCSeSjvh8ZnIt5bdninHRYg=
-----END CERTIFICATE-----