fix: initialize terrascan at runtime (#5246)

Terrascan runs initialization anyway when scanning files, so there's no point in running it at build time. Also, this works around a Terrascan bug that caused it to fail its initialization if $HOME/.terrascan directory is not present. This happens on GitHub Actions because it configures a $HOME directory that is different from ours.
super-linter · Feb 9, 2024 · 5b5e54a · 5b5e54a
1 parent 6fd6830
commit 5b5e54a
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -391,11 +391,6 @@ ENV PATH="${PATH}:${DART_SDK}/bin:/root/.pub-cache/bin"
 ENV VERSION_FILE="/action/linterVersions.txt"
 RUN mkdir /action
 
-# Initialize Terrascan
-# Initialize ChkTeX config file
-RUN terrascan init --log-level "debug" \
-    && touch ~/.chktexrc
-
 ENTRYPOINT ["/action/lib/linter.sh"]
 
 FROM base_image as slim

diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@
 all: info docker test ## Run all targets.
 
 .PHONY: test
-test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-log-level test-linters ## Run the test suite
+test: info validate-container-image-labels test-lib inspec lint-codebase test-default-config-files test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-log-level test-linters ## Run the test suite
 
 # if this session isn't interactive, then we don't want to allocate a
 # TTY, which would fail, but if it is interactive, we do want to attach
@@ -289,6 +289,12 @@ test-custom-ssl-cert: ## Test the configuration of a custom SSL/TLS certificate
 		-v "$(CURDIR)/docs":/tmp/lint \
 		$(SUPER_LINTER_TEST_CONTAINER_URL)
 
+.phony: test-non-default-home-directory
+test-non-default-home-directory: ## Test a non-default HOME directory
+	$(CURDIR)/test/run-super-linter-tests.sh \
+		$(SUPER_LINTER_TEST_CONTAINER_URL) \
+		"run_test_cases_non_default_home"
+
 .phony: test-linters
 test-linters: test-linters-expect-success test-linters-expect-failure ## Run the linters test suite
 

diff --git a/lib/functions/buildFileList.sh b/lib/functions/buildFileList.sh
@@ -156,7 +156,7 @@ function BuildFileList() {
   if ! RESULTS_OBJECT=$(jq --raw-output -n '[inputs]' "${PARALLEL_RESULTS_FILE_PATH}"); then
     fatal "Error loading results when building the file list: ${RESULTS_OBJECT}"
   fi
-  debug "RESULTS_OBJECT for ${FILE_TYPE}:\n${RESULTS_OBJECT}"
+  debug "RESULTS_OBJECT when building the file list:\n${RESULTS_OBJECT}"
 
   local STDOUT_BUILD_FILE_LIST
   # Get raw output so we can strip quotes from the data we load

diff --git a/lib/functions/detectFiles.sh b/lib/functions/detectFiles.sh
@@ -444,6 +444,22 @@ function RunAdditionalInstalls() {
     done
   fi
 
+  if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ] && [ -e "${FILE_ARRAYS_DIRECTORY_PATH}/file-array-TERRAFORM_TERRASCAN" ]; then
+    info "Initializing Terrascan repository"
+    local -a TERRASCAN_INIT_COMMAND
+    TERRASCAN_INIT_COMMAND=(terrascan init -c "${TERRAFORM_TERRASCAN_LINTER_RULES}")
+    if [[ "${LOG_DEBUG}" == "true" ]]; then
+      TERRASCAN_INIT_COMMAND+=(--log-level "debug")
+    fi
+    debug "Terrascan init command: ${TERRASCAN_INIT_COMMAND[*]}"
+
+    local TERRASCAN_INIT_COMMAND_OUTPUT
+    if ! TERRASCAN_INIT_COMMAND_OUTPUT="$("${TERRASCAN_INIT_COMMAND[@]}" 2>&1)"; then
+      fatal "Error while initializing Terrascan:\n${TERRASCAN_INIT_COMMAND_OUTPUT}"
+    fi
+    debug "Terrascan init command output:\n${TERRASCAN_INIT_COMMAND_OUTPUT}"
+  fi
+
   # Check if there's local configuration for the Raku linter
   if [ -e "${GITHUB_WORKSPACE}/META6.json" ]; then
     cd "${GITHUB_WORKSPACE}" && zef install --deps-only --/test .

diff --git a/test/inspec/super-linter/controls/super_linter.rb b/test/inspec/super-linter/controls/super_linter.rb
@@ -495,8 +495,7 @@
     "/action/lib/.automation/.yaml-lint.yml",
     "/action/lib/.automation/phpcs.xml",
     "/action/lib/.automation/phpstan.neon",
-    "/action/lib/.automation/psalm.xml",
-    "/root/.chktexrc"
+    "/action/lib/.automation/psalm.xml"
   ]
 
   files.each do |item|

diff --git a/test/linters/terraform_terrascan/good/terraform-terrascan_good_2.tf b/test/linters/terraform_terrascan/good/terraform-terrascan_good_2.tf
@@ -0,0 +1,15 @@
+resource "aws_instance" "instanceWithVpc2" {
+  ami           = "some-id"
+  instance_type = "t2.micro"
+  monitoring = true
+  ebs_optimized = true
+
+  vpc_security_group_ids = ["sg-12345678901234567"]
+  subnet_id = "subnet-12345678901234567"
+  metadata_options {
+    http_endpoint = "disabled"
+  }
+  tags = {
+    Name = "HelloWorld"
+  }
+}
diff --git a/test/run-super-linter-tests.sh b/test/run-super-linter-tests.sh
@@ -23,6 +23,11 @@ run_test_cases_log_level() {
   LOG_LEVEL="NOTICE"
 }
 
+run_test_cases_non_default_home() {
+  run_test_cases_expect_success
+  COMMAND_TO_RUN+=(-e HOME=/tmp)
+}
+
 # Run the test setup function
 ${TEST_FUNCTION_NAME}