Merge pull request #9 from darkwizard242/feature/update-workflows

Bump tfsec to 1.2.1 & Update workflows

.github/workflows/build-and-test.yml

@@ -7,10 +7,10 @@ on:
   push:
     branches:
       - 'feature*'
-      - 'feature/*'
       - 'feature_*'
-      - 'hotfix*'
+      - 'feature/*'
       - 'hotfix/*'
+      - 'hotfix*'
       - 'master'
   schedule:
     - cron: '0 2 * * *'
@@ -26,14 +26,15 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v2
       with:
         path: 'darkwizard242.tfsec'
         fetch-depth: 0
 
     - name: SonarCloud Scan
       uses: sonarsource/sonarcloud-github-action@master
       with:
+        projectBaseDir: 'darkwizard242.tfsec'
         args: >
           -Dsonar.projectVersion=${{ github.ref }}_${{ github.run_number }}
       env:
@@ -46,14 +47,14 @@ jobs:
     name: Build & Test
     runs-on: ubuntu-20.04
     strategy:
-      max-parallel: 8
+      max-parallel: 6
       matrix:
-        IMAGE: [ubuntu-20.04, ubuntu-18.04, ubuntu-16.04, centos-8, centos-7, debian-buster, debian-stretch]
+        IMAGE: [ubuntu-20.04, ubuntu-18.04, rockylinux-8, centos-7, debian-buster, debian-stretch]
 
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v2
       with:
         path: 'darkwizard242.tfsec'
 
@@ -69,6 +70,7 @@ jobs:
         pip3 install -U pip wheel ansible molecule[docker] docker ansible-lint flake8 pytest-testinfra
 
     - name: Execute Molecule test of role for ${{ matrix.IMAGE }}
+      working-directory: 'darkwizard242.tfsec'
       run: DISTRO=${{ matrix.IMAGE }} molecule test
       env:
         PY_COLORS: '1'

.github/workflows/release.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v2
       with:
         path: 'darkwizard242.tfsec'
 
@@ -31,4 +31,5 @@ jobs:
         pip3 install -U pip wheel ansible
 
     - name: Import to Ansible Galaxy.
+      working-directory: 'darkwizard242.tfsec'
       run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} ${{ github.repository_owner }} $(echo ${{ github.repository }} | sed 's/.*\///')

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Ali Muhammad
+Copyright (c) 2022 Ali Muhammad
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -16,23 +16,30 @@ Available variables are listed below (located in `defaults/main.yml`):
 
 ```yaml
 tfsec_app: tfsec
-tfsec_version: 0.63.1
-tfsec_osarch: linux-amd64
-tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_osarch }}
+tfsec_version: 1.2.1
+tfsec_os: linux
+tfsec_arch: amd64
+tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_os }}-{{ tfsec_arch }}
 tfsec_bin_path: "/usr/local/bin/{{ tfsec_app }}"
-tfsec_bin_permission_mode: '0755'
+tfsec_file_owner: root
+tfsec_file_group: root
+tfsec_file_mode: '0755'
 ```
 
 ### Variables table:
 
-Variable                  | Value (default)                                                                                                               | Description
-------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------
-tfsec_app                 | tfsec                                                                                                                         | Defines the app to install i.e. **tfsec**
-tfsec_version             | 0.61.3                                                                                                                        | Defined to dynamically fetch the desired version to install. Defaults to: **0.63.1**
-tfsec_osarch              | linux-amd64                                                                                                                   | Defines os architecture. Used for obtaining the correct type of binaries based on OS System Architecture. Defaults to: **linux-amd64**
-tfsec_dl_url              | "<https://github.com/aquasecurity/{{> tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_osarch }}" | Defines URL to download the tfsec binary from.
-tfsec_bin_path            | "/usr/local/bin/{{ tfsec_app }}"                                                                                              | Defined to dynamically set the appropriate path to store tfsec binary into. Defaults to (as generally available on any user's PATH): **/usr/local/bin/tfsec**
-tfsec_bin_permission_mode | '0755'                                                                                                                        | Defines the permission mode level for the file.
+Variable                  | Description
+------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------
+tfsec_app                 | Defines the app to install i.e. **tfsec**
+tfsec_version             | Defined to dynamically fetch the desired version to install. Defaults to: **1.2.1**
+tfsec_os                  | Defines os type. Used for obtaining the correct type of binaries based on OS type. Defaults to: **linux**
+tfsec_arch                | Defines os architecture. Used to set the correct type of binaries based on OS System Architecture. Defaults to: **amd64**
+tfsec_dl_url              | Defines URL to download the tfsec binary from.
+tfsec_bin_path            | Defined to dynamically set the appropriate path to store tfsec binary into. Defaults to (as generally available on any user's PATH): **/usr/local/bin/tfsec**
+tfsec_bin_permission_mode | Defines the permission mode level for the file.
+tfsec_file_owner          | Owner for the binary file of tfsec.
+tfsec_file_group          | Group for the binary file of tfsec.
+tfsec_file_mode           | Mode for the binary file of tfsec.
 
 ## Dependencies
 

defaults/main.yml

@@ -2,8 +2,11 @@
 # defaults file for tfsec
 
 tfsec_app: tfsec
-tfsec_version: 0.63.1
-tfsec_osarch: linux-amd64
-tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_osarch }}
+tfsec_version: 1.2.1
+tfsec_os: linux
+tfsec_arch: amd64
+tfsec_dl_url: https://github.com/aquasecurity/{{ tfsec_app }}/releases/download/v{{ tfsec_version }}/{{ tfsec_app }}-{{ tfsec_os }}-{{ tfsec_arch }}
 tfsec_bin_path: "/usr/local/bin/{{ tfsec_app }}"
-tfsec_bin_permission_mode: '0755'
+tfsec_file_owner: root
+tfsec_file_group: root
+tfsec_file_mode: '0755'

meta/main.yml

@@ -10,7 +10,6 @@ galaxy_info:
   platforms:
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
         - focal
     - name: Debian

molecule/default/converge.yml

@@ -3,3 +3,5 @@
   hosts: all
   roles:
     - role: darkwizard242.tfsec
+  vars:
+    ansible_python_interpreter: /usr/bin/python3

tasks/install_debian.yml

@@ -5,4 +5,6 @@
   get_url:
     url: "{{ tfsec_dl_url }}"
     dest: "{{ tfsec_bin_path }}"
-    mode: "{{ tfsec_bin_permission_mode }}"
+    owner: "{{ tfsec_file_owner }}"
+    group: "{{ tfsec_file_group }}"
+    mode: "{{ tfsec_file_mode }}"

tasks/install_el.yml

@@ -5,4 +5,6 @@
   get_url:
     url: "{{ tfsec_dl_url }}"
     dest: "{{ tfsec_bin_path }}"
-    mode: "{{ tfsec_bin_permission_mode }}"
+    owner: "{{ tfsec_file_owner }}"
+    group: "{{ tfsec_file_group }}"
+    mode: "{{ tfsec_file_mode }}"