Skip to content
Snippets Groups Projects
Select Git revision
  • d51d7029b018fc8362927c1f6c655d01fb608f85
  • main default
  • penenadpi/config-man
  • penenadpi/visualization-extension
  • penenadpi/visulization-html-extended
  • penenadpi/result-persistence
  • penenadpi/result-filter-fix-files
  • penenadpi/result-filter-fix
  • y1
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
  • 0.0.9
  • 0.0.8
  • 0.0.7
  • 0.0.6
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
28 results

install-checks.sh

Blame
    • install-checks.sh 5.78 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169 
    

    

    

    #!/bin/bash
# this bash script is used to install checks for IaC Scan Runner, run it as: ./install-checks.sh

# env vars for directories
export ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
export VIRTUALENV_DIR="${ROOT_DIR}/.venv"
export TOOLS_DIR="${ROOT_DIR}/tools"
export TMP_DIR="${TOOLS_DIR}/tmp"
export NODE_MODULES_DIR="${TOOLS_DIR}/node_modules"
export CONFIG_DIR="${ROOT_DIR}/config"
# env vars for check executables
export OPERA_CHECK_PATH="${VIRTUALENV_DIR}/bin/opera/"
export ANSIBLE_LINT_CHECK_PATH="${VIRTUALENV_DIR}/bin/ansible-lint/"
export TFLINT_CHECK_PATH="${TOOLS_DIR}/tflint"
export TFSEC_CHECK_PATH="${TOOLS_DIR}/tfsec"
export TERRASCAN_CHECK_PATH="${TOOLS_DIR}/terrascan"
export YAMLLINT_CHECK_PATH="${VIRTUALENV_DIR}/bin/yamllint"
export PYLINT_CHECK_PATH="${VIRTUALENV_DIR}/bin/pylint"
export BANDIT_CHECK_PATH="${VIRTUALENV_DIR}/bin/bandit"
export SAFETY_CHECK_PATH="${VIRTUALENV_DIR}/bin/safety"
export GIT_LEAKS_CHECK_PATH="${TOOLS_DIR}/gitleaks"
export GIT_SECRETS_CHECK_PATH="${TOOLS_DIR}/git-secrets/bin/git-secrets"
export MARKDOWN_LINT_CHECK_PATH="${TOOLS_DIR}/mdl"
export HADOLINT_CHECK_PATH="${TOOLS_DIR}/hadolint"
export GIXY_CHECK_PATH="${VIRTUALENV_DIR}/bin/gixy"
export SHELL_CHECK_PATH="${TOOLS_DIR}/shellcheck"
export ES_LINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/eslint"
export HTMLHINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/htmlhint"
export STYLELINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/stylelint"
export CHECKSTYLE_CHECK_PATH="${TOOLS_DIR}/checkstyle.jar"
export SONAR_SCANNER_CHECK_PATH="${TOOLS_DIR}/sonar-scanner/bin/sonar-scanner"
export SNYK_CHECK_PATH="${NODE_MODULES_DIR}/.bin/snyk"

# urls for installation of check tools
checkStyleUrl='https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.13/checkstyle-8.13-all.jar'
checkShellUrl='https://github.com/koalaman/shellcheck/releases/download/v0.5.0/shellcheck-v0.5.0.linux.x86_64.tar.xz'
hadolintUrl='https://github.com/hadolint/hadolint/releases/download/v1.13.0/hadolint-Linux-x86_64'
gitLeaksUrl='https://github.com/zricethezav/gitleaks/releases/download/v7.5.0/gitleaks-linux-amd64'
gitSecretsUrl='https://github.com/awslabs/git-secrets.git'
tflintUrl='https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh'
tfsecUrl='https://github.com/tfsec/tfsec/releases/download/v0.51.1/tfsec-linux-amd64'
terrascanUrl='https://api.github.com/repos/accurics/terrascan/releases/latest'
sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'

# functions below are used to install the check tools
createAndActivateVenvDirIfNot() {
  if [ ! -d "$VIRTUALENV_DIR" ]; then
    python3 -m venv "$VIRTUALENV_DIR" && . "${VIRTUALENV_DIR}/bin/activate"
  fi
}

createDirIfNot() {
  dirPath=$1
  if [ ! -d "$dirPath" ]; then
    mkdir "${dirPath}"
  fi
}

removeDir() {
  rm -rf "$1"
}

downloadCheckStyleJarIfNot() {
  if [ ! -f "$CHECK_STYLE_PATH" ]; then
    wget ${checkStyleUrl} -O "${CHECK_STYLE_PATH}"
  fi
}

installShellCheckIfNot() {
  if [ ! -f "$SHELL_CHECK_PATH" ]; then
    wget ${checkShellUrl} -O "${TMP_DIR}/checkShell.linux.x86_64.tar.xz"
    tar --xz -xvf "${TMP_DIR}/checkShell.linux.x86_64.tar.xz" -C "${TMP_DIR}"
    cp "${TMP_DIR}"/shellcheck*/shellcheck "${TOOLS_DIR}"
    chmod u+x "${SHELL_CHECK_PATH}"
  fi
}

installHadolintlIfNot() {
  if [ ! -f "$HADOLINT_CHECK_PATH" ]; then
    wget ${hadolintUrl} -O "${HADOLINT_CHECK_PATH}"
    chmod u+x "${HADOLINT_CHECK_PATH}"
  fi
}

installMarkdownLintIfNot() {
  if [ ! -f "$MARKDOWN_LINT_CHECK_PATH" ]; then
    gem install --user-install -n "${TOOLS_DIR}" mdl
  fi
}

installRequiredNpmModulesIfNot() {
  if [ ! -f "$NODE_MODULES_DIR" ]; then
    cp package.json "${TOOLS_DIR}/package.json"
    cp package-lock.json "${TOOLS_DIR}/package-lock.json"
    npm i --prefix "${TOOLS_DIR}" --force
    rm "${TOOLS_DIR}/package.json" "${TOOLS_DIR}/package-lock.json"
  fi
}

installPythonModules() {
  pip install opera==0.6.8 pylint==2.12.2 gixy==0.1.20 ansible-lint==5.4.0 yamllint==1.26.3 bandit==1.7.2 safety==1.10.3
}

installGitLeaksIfNot() {
  if [ ! -f "$GIT_LEAKS_CHECK_PATH" ]; then
    wget ${gitLeaksUrl} -O "${GIT_LEAKS_CHECK_PATH}"
    chmod +x "${GIT_LEAKS_CHECK_PATH}"
  fi
}

installGitSecretsIfNot() {
  if [ ! -f "$GIT_SECRETS_CHECK_PATH" ]; then
    git clone ${gitSecretsUrl} "${TMP_DIR}/git-secrets"
    cd "${TMP_DIR}/git-secrets" || exit
    PREFIX="${TOOLS_DIR}/git-secrets" make install
  fi
}

installTFLintIfNot() {
  if [ ! -f "$TFLINT_CHECK_PATH" ]; then
    export TFLINT_INSTALL_PATH="$TOOLS_DIR"
    curl -fsSL ${tflintUrl} | bash
  fi
}

installTfsecIfNot() {
  if [ ! -f "$TFSEC_CHECK_PATH" ]; then
    wget ${tfsecUrl} -O "${TFSEC_CHECK_PATH}"
    chmod +x "${TFSEC_CHECK_PATH}"
  fi
}

installTerrascanIfNot() {
  if [ ! -f "$TERRASCAN_CHECK_PATH" ]; then
    curl -L "$(curl -s ${terrascanUrl} | grep -o -E "https://.+?_Linux_i386.tar.gz")" >"${TMP_DIR}/terrascan.tar.gz"
    tar -xf "${TMP_DIR}/terrascan.tar.gz" terrascan
    install terrascan "${TOOLS_DIR}"
    chmod +x "${TERRASCAN_CHECK_PATH}"
  fi
}

installSonarScannerIfNot() {
  if [ ! -f "$SONAR_SCANNER_CHECK_PATH" ]; then
    wget ${sonarScannerUrl} -O "${TMP_DIR}/sonar-scanner"
    unzip "${TMP_DIR}/sonar-scanner" -d "${TOOLS_DIR}"
    mv "${TOOLS_DIR}/sonar-scanner-4.6.2.2472-linux" "${TOOLS_DIR}/sonar-scanner"
  fi
}

# call the functions above to install all the necessary tools
createAndActivateVenvDirIfNot
createDirIfNot "${TOOLS_DIR}"
createDirIfNot "${TMP_DIR}"
createDirIfNot "${NODE_MODULES_DIR}"
createDirIfNot "${CONFIG_DIR}"
installPythonModules
installRequiredNpmModulesIfNot
downloadCheckStyleJarIfNot
installShellCheckIfNot
installHadolintlIfNot
installMarkdownLintIfNot
installGitLeaksIfNot
installGitSecretsIfNot
installTFLintIfNot
installTfsecIfNot
installTerrascanIfNot
installSonarScannerIfNot
removeDir "${TMP_DIR}"