fix: initialize terrascan at runtime

Terrascan runs initialization anyway when scanning files, so there's no point in running it at build time. Also, this works around a Terrascan bug that caused it to fail its initialization if $HOME/.terrascan directory is not present. This happens on GitHub Actions because it configures a $HOME directory that is different from ours.
super-linter · Feb 8, 2024 · 35cb85c · 35cb85c
1 parent 38edbe5
commit 35cb85c
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@
 all: info docker test ## Run all targets.
 
 .PHONY: test
-test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-linters ## Run the test suite
+test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-non-default-home-directory test-git-flags test-linters ## Run the test suite
 
 # if this session isn't interactive, then we don't want to allocate a
 # TTY, which would fail, but if it is interactive, we do want to attach
@@ -276,6 +276,12 @@ test-custom-ssl-cert: ## Test the configuration of a custom SSL/TLS certificate
 		-v "$(CURDIR)/docs":/tmp/lint \
 		$(SUPER_LINTER_TEST_CONTAINER_URL)
 
+.phony: test-non-default-home-directory
+test-non-default-home-directory: ## Test a non-default HOME directory
+	$(CURDIR)/test/run-super-linter-tests.sh \
+		$(SUPER_LINTER_TEST_CONTAINER_URL) \
+		"run_test_cases_non_default_home"
+
 .phony: test-linters
 test-linters: test-linters-expect-success test-linters-expect-failure ## Run the linters test suite
 

diff --git a/lib/functions/buildFileList.sh b/lib/functions/buildFileList.sh
@@ -153,7 +153,7 @@ function BuildFileList() {
   if ! RESULTS_OBJECT=$(jq --raw-output -n '[inputs]' "${PARALLEL_RESULTS_FILE_PATH}"); then
     fatal "Error loading results when building the file list: ${RESULTS_OBJECT}"
   fi
-  debug "RESULTS_OBJECT for ${FILE_TYPE}:\n${RESULTS_OBJECT}"
+  debug "RESULTS_OBJECT when building the file list:\n${RESULTS_OBJECT}"
 
   local STDOUT_BUILD_FILE_LIST
   # Get raw output so we can strip quotes from the data we load

diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb
@@ -491,8 +491,7 @@
     "/action/lib/.automation/.yaml-lint.yml",
     "/action/lib/.automation/phpcs.xml",
     "/action/lib/.automation/phpstan.neon",
-    "/action/lib/.automation/psalm.xml",
-    "/root/.chktexrc"
+    "/action/lib/.automation/psalm.xml"
   ]
 
   files.each do |item|

diff --git a/test/linters/terraform_terrascan/good/terraform-terrascan_good_2.tf b/test/linters/terraform_terrascan/good/terraform-terrascan_good_2.tf
@@ -0,0 +1,15 @@
+resource "aws_instance" "instanceWithVpc2" {
+  ami           = "some-id"
+  instance_type = "t2.micro"
+  monitoring = true
+  ebs_optimized = true
+
+  vpc_security_group_ids = ["sg-12345678901234567"]
+  subnet_id = "subnet-12345678901234567"
+  metadata_options {
+    http_endpoint = "disabled"
+  }
+  tags = {
+    Name = "HelloWorld"
+  }
+}
diff --git a/test/run-super-linter-tests.sh b/test/run-super-linter-tests.sh
@@ -18,6 +18,11 @@ run_test_cases_expect_success() {
   COMMAND_TO_RUN+=(-e ANSIBLE_DIRECTORY="/test/linters/ansible/good" -e CHECKOV_FILE_NAME=".checkov-test-linters-success.yaml" -e FILTER_REGEX_INCLUDE=".*good.*")
 }
 
+run_test_cases_non_default_home() {
+  run_test_cases_expect_success
+  COMMAND_TO_RUN+=(-e HOME=/tmp)
+}
+
 # Run the test setup function
 ${TEST_FUNCTION_NAME}