mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-06 01:05:54 -05:00
Certs (#1470)
* adding cert * update readme * typo * make exec * spaces * adding better way * adding example * make shell happy * fix space * adding notes * bad var * duh
This commit is contained in:
parent
b94bec19c9
commit
e0e4a67f3a
4 changed files with 113 additions and 9 deletions
|
@ -337,6 +337,7 @@ RUN wget --tries=5 -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sger
|
|||
&& wget --tries=5 -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk \
|
||||
&& apk add --no-cache \
|
||||
bash \
|
||||
ca-certificates \
|
||||
glibc-${GLIBC_VERSION}.apk \
|
||||
gnupg \
|
||||
php7 php7-phar php7-json php7-mbstring php-xmlwriter \
|
||||
|
|
15
README.md
15
README.md
|
@ -245,6 +245,7 @@ But if you wish to select or exclude specific linters, we give you full control
|
|||
| **RUBY_CONFIG_FILE** | `.ruby-lint.yml` | Filename for [rubocop configuration](https://docs.rubocop.org/rubocop/configuration.html) (ex: `.ruby-lint.yml`, `.rubocop.yml`) |
|
||||
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
|
||||
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
|
||||
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
|
||||
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
|
||||
| **TYPESCRIPT_ES_CONFIG_FILE** | `.eslintrc.yml` | Filename for [eslint configuration](https://eslint.org/docs/user-guide/configuring#configuration-file-formats) (ex: `.eslintrc.yml`, `.eslintrc.json`) |
|
||||
| **VALIDATE_ALL_CODEBASE** | `true` | Will parse the entire repository and find all files to validate across all types. **NOTE:** When set to `false`, only **new** or **edited** files will be parsed for validation. |
|
||||
|
@ -367,6 +368,20 @@ You can checkout this repository using [Container Remote Development](https://co
|
|||
|
||||
We will also support [GitHub Codespaces](https://github.com/features/codespaces/) once it becomes available
|
||||
|
||||
### SSL Certs
|
||||
|
||||
If you need to inject a SSL cert into the trust store, you will need to first copy the cert to **GitHub Secrets**
|
||||
Once you have copied the plain text certificate into **GitHub Secrets**, you can use the variable `SSL_CERT_SECRET` to point the **Super-Linter** to the files contents.
|
||||
Once found, it will load the certificate contents to a file, and to the trust store.
|
||||
- Example workflow:
|
||||
```yml
|
||||
- name: Lint Code Base
|
||||
uses: github/super-linter@v3
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
SSL_CERT_SECRET: ${{ secrets.ROOT_CA }}
|
||||
```
|
||||
|
||||
## Limitations
|
||||
|
||||
Below are a list of the known limitations for the **GitHub Super-Linter**:
|
||||
|
|
79
lib/functions/updateSSL.sh
Executable file
79
lib/functions/updateSSL.sh
Executable file
|
@ -0,0 +1,79 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
################################################################################
|
||||
################################################################################
|
||||
########### Super-Linter linting Functions @admiralawkbar ######################
|
||||
################################################################################
|
||||
################################################################################
|
||||
########################## FUNCTION CALLS BELOW ################################
|
||||
################################################################################
|
||||
################################################################################
|
||||
#### Function CheckSSLCert #####################################################
|
||||
function CheckSSLCert() {
|
||||
if [ -z "${SSL_CERT_SECRET}" ]; then
|
||||
# No cert was passed
|
||||
debug "User did not provide a SSL secret, moving on..."
|
||||
else
|
||||
# User has provided a cert file to upload
|
||||
debug "User passed SSL secret:[${SSL_CERT_SECRET}]"
|
||||
InstallSSLCert
|
||||
fi
|
||||
}
|
||||
################################################################################
|
||||
#### Function InstallSSLCert ###################################################
|
||||
function InstallSSLCert() {
|
||||
#############
|
||||
# Base Vars #
|
||||
#############
|
||||
CERT_FILE='/tmp/cert.crt'
|
||||
CERT_ROOT='/usr/local/share/ca-certificates'
|
||||
FILE_NAME=$(basename "${CERT_FILE}" 2>&1)
|
||||
|
||||
#########################
|
||||
# Echo secret into file #
|
||||
#########################
|
||||
echo "${SSL_CERT_SECRET}" >>"${CERT_FILE}"
|
||||
|
||||
########################################
|
||||
# Put the cert in the correct location #
|
||||
########################################
|
||||
COPY_CMD=$(mv "${CERT_FILE}" "${CERT_ROOT}/${FILE_NAME}" 2>&1)
|
||||
|
||||
#######################
|
||||
# Load the error code #
|
||||
#######################
|
||||
ERROR_CODE=$?
|
||||
|
||||
##############################
|
||||
# Check the shell for errors #
|
||||
##############################
|
||||
if [ "${ERROR_CODE}" -ne 0 ]; then
|
||||
error "ERROR! Failed to move cert into location!"
|
||||
fatal "ERROR:[${COPY_CMD}]"
|
||||
else
|
||||
info "Moved cert into location, adding to trust store..."
|
||||
fi
|
||||
|
||||
##############################################
|
||||
# Update ca-certificates to pull in the cert #
|
||||
##############################################
|
||||
UPDATE_CMD=$(update-ca-certificates 2>&1)
|
||||
|
||||
#######################
|
||||
# Load the error code #
|
||||
#######################
|
||||
ERROR_CODE=$?
|
||||
|
||||
##############################
|
||||
# Check the shell for errors #
|
||||
##############################
|
||||
if [ "${ERROR_CODE}" -ne 0 ]; then
|
||||
# ERROR
|
||||
error "ERROR! Failed to add cert to trust store!"
|
||||
fatal "ERROR:[${UPDATE_CMD}]"
|
||||
else
|
||||
# Success
|
||||
info "Successfully added cert to trust store"
|
||||
fi
|
||||
}
|
||||
################################################################################
|
|
@ -44,21 +44,23 @@ export LOG_ERROR
|
|||
# Source Function Files #
|
||||
#########################
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/buildFileList.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/detectFiles.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/linterRules.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/linterVersions.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/log.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/buildFileList.sh # Source the function script(s)
|
||||
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/updateSSL.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/validation.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/worker.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/tapLibrary.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/linterRules.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/detectFiles.sh # Source the function script(s)
|
||||
# shellcheck source=/dev/null
|
||||
source /action/lib/functions/linterVersions.sh # Source the function script(s)
|
||||
|
||||
###########
|
||||
# GLOBALS #
|
||||
|
@ -149,6 +151,8 @@ SNAKEMAKE_SNAKEFMT_FILE_NAME="${SNAKEMAKE_SNAKEFMT_CONFIG_FILE:-.snakefmt.toml}"
|
|||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||
SUPPRESS_POSSUM="${SUPPRESS_POSSUM:-false}"
|
||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||
SSL_CERT_SECRET="${SSL_CERT_SECRET}"
|
||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||
SQL_FILE_NAME="${SQL_CONFIG_FILE:-.sql-config.json}"
|
||||
# shellcheck disable=SC2034 # Variable is referenced indirectly
|
||||
TERRAFORM_FILE_NAME=".tflint.hcl"
|
||||
|
@ -859,6 +863,11 @@ for i in "${!LINTER_COMMANDS_ARRAY[@]}"; do
|
|||
done
|
||||
debug "---------------------------------------------"
|
||||
|
||||
#################################
|
||||
# Check for SSL cert and update #
|
||||
#################################
|
||||
CheckSSLCert
|
||||
|
||||
###########################################
|
||||
# Build the list of files for each linter #
|
||||
###########################################
|
||||
|
|
Loading…
Reference in a new issue