* adding cert

* update readme

* typo

* make exec

* spaces

* adding better way

* adding example

* make shell happy

* fix space

* adding notes

* bad var

* duh
This commit is contained in:
Lukas Gravley 2021-04-26 09:00:42 -05:00 committed by GitHub
parent b94bec19c9
commit e0e4a67f3a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 113 additions and 9 deletions

View file

@ -337,6 +337,7 @@ RUN wget --tries=5 -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sger
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
&& apk add --no-cache \
bash \
ca-certificates \
glibc-${GLIBC_VERSION}.apk \
gnupg \
php7 php7-phar php7-json php7-mbstring php-xmlwriter \

View file

@ -245,6 +245,7 @@ But if you wish to select or exclude specific linters, we give you full control
| **RUBY_CONFIG_FILE** | `.ruby-lint.yml` | Filename for [rubocop configuration](https://docs.rubocop.org/rubocop/configuration.html) (ex: `.ruby-lint.yml`, `.rubocop.yml`) |
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
| **TYPESCRIPT_ES_CONFIG_FILE** | `.eslintrc.yml` | Filename for [eslint configuration](https://eslint.org/docs/user-guide/configuring#configuration-file-formats) (ex: `.eslintrc.yml`, `.eslintrc.json`) |
| **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. |
@ -367,6 +368,20 @@ You can checkout this repository using [Container Remote Development](https://co
We will also support [GitHub Codespaces](https://github.com/features/codespaces/) once it becomes available
### SSL Certs
If you need to inject a SSL cert into the trust store, you will need to first copy the cert to **GitHub Secrets**
Once you have copied the plain text certificate into **GitHub Secrets**, you can use the variable `SSL_CERT_SECRET` to point the **Super-Linter** to the files contents.
Once found, it will load the certificate contents to a file, and to the trust store.
- Example workflow:
```yml
- name: Lint Code Base
uses: github/super-linter@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}
```
## Limitations
Below are a list of the known limitations for the **GitHub Super-Linter**:

79
lib/functions/updateSSL.sh Executable file
View file

@ -0,0 +1,79 @@
#!/usr/bin/env bash
################################################################################
################################################################################
########### Super-Linter linting Functions @admiralawkbar ######################
################################################################################
################################################################################
########################## FUNCTION CALLS BELOW ################################
################################################################################
################################################################################
#### Function CheckSSLCert #####################################################
function CheckSSLCert() {
if [ -z "${SSL_CERT_SECRET}" ]; then
# No cert was passed
debug "User did not provide a SSL secret, moving on..."
else
# User has provided a cert file to upload
debug "User passed SSL secret:[${SSL_CERT_SECRET}]"
InstallSSLCert
fi
}
################################################################################
#### Function InstallSSLCert ###################################################
function InstallSSLCert() {
#############
# Base Vars #
#############
CERT_FILE='/tmp/cert.crt'
CERT_ROOT='/usr/local/share/ca-certificates'
FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
#########################
# Echo secret into file #
#########################
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
########################################
# Put the cert in the correct location #
########################################
COPY_CMD=$(mv "${CERT_FILE}" "${CERT_ROOT}/${FILE_NAME}" 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ "${ERROR_CODE}" -ne 0 ]; then
error "ERROR! Failed to move cert into location!"
fatal "ERROR:[${COPY_CMD}]"
else
info "Moved cert into location, adding to trust store..."
fi
##############################################
# Update ca-certificates to pull in the cert #
##############################################
UPDATE_CMD=$(update-ca-certificates 2>&1)
#######################
# Load the error code #
#######################
ERROR_CODE=$?
##############################
# Check the shell for errors #
##############################
if [ "${ERROR_CODE}" -ne 0 ]; then
# ERROR
error "ERROR! Failed to add cert to trust store!"
fatal "ERROR:[${UPDATE_CMD}]"
else
# Success
info "Successfully added cert to trust store"
fi
}
################################################################################

View file

@ -44,21 +44,23 @@ export LOG_ERROR
# Source Function Files #
#########################
# shellcheck source=/dev/null
source /action/lib/functions/buildFileList.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/detectFiles.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/linterRules.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/linterVersions.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/log.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/buildFileList.sh # Source the function script(s)
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/updateSSL.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/validation.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/worker.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/linterRules.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/detectFiles.sh # Source the function script(s)
# shellcheck source=/dev/null
source /action/lib/functions/linterVersions.sh # Source the function script(s)
###########
# GLOBALS #
@ -149,6 +151,8 @@ SNAKEMAKE_SNAKEFMT_FILE_NAME="${SNAKEMAKE_SNAKEFMT_CONFIG_FILE:-.snakefmt.toml}"
# shellcheck disable=SC2034 # Variable is referenced indirectly
SUPPRESS_POSSUM="${SUPPRESS_POSSUM:-false}"
# shellcheck disable=SC2034 # Variable is referenced indirectly
SSL_CERT_SECRET="${SSL_CERT_SECRET}"
# shellcheck disable=SC2034 # Variable is referenced indirectly
SQL_FILE_NAME="${SQL_CONFIG_FILE:-.sql-config.json}"
# shellcheck disable=SC2034 # Variable is referenced indirectly
TERRAFORM_FILE_NAME=".tflint.hcl"
@ -859,6 +863,11 @@ for i in "${!LINTER_COMMANDS_ARRAY[@]}"; do
done
debug "---------------------------------------------"
#################################
# Check for SSL cert and update #
#################################
CheckSSLCert
###########################################
# Build the list of files for each linter #
###########################################