Files
devpod-terraform/.devcontainer/.devpod-internal/0/install.sh
2024-09-11 14:23:17 +02:00

558 lines
24 KiB
Bash
Executable File

#!/usr/bin/env bash
#-------------------------------------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information.
#-------------------------------------------------------------------------------------------------------------
#
# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/terraform.md
# Maintainer: The VS Code and Codespaces Teams
set -e
# Clean up
rm -rf /var/lib/apt/lists/*
TERRAFORM_VERSION="${VERSION:-"latest"}"
TFLINT_VERSION="${TFLINT:-"latest"}"
TERRAGRUNT_VERSION="${TERRAGRUNT:-"latest"}"
INSTALL_SENTINEL=${INSTALLSENTINEL:-false}
INSTALL_TFSEC=${INSTALLTFSEC:-false}
INSTALL_TERRAFORM_DOCS=${INSTALLTERRAFORMDOCS:-false}
TERRAFORM_SHA256="${TERRAFORM_SHA256:-"automatic"}"
TFLINT_SHA256="${TFLINT_SHA256:-"automatic"}"
TERRAGRUNT_SHA256="${TERRAGRUNT_SHA256:-"automatic"}"
SENTINEL_SHA256="${SENTINEL_SHA256:-"automatic"}"
TFSEC_SHA256="${TFSEC_SHA256:-"automatic"}"
TERRAFORM_DOCS_SHA256="${TERRAFORM_DOCS_SHA256:-"automatic"}"
TERRAFORM_GPG_KEY="72D7468F"
TFLINT_GPG_KEY_URI="https://raw.githubusercontent.com/terraform-linters/tflint/v0.46.1/8CE69160EB3F2FE9.key"
KEYSERVER_PROXY="${HTTPPROXY:-"${HTTP_PROXY:-""}"}"
architecture="$(uname -m)"
case ${architecture} in
x86_64) architecture="amd64";;
aarch64 | armv8*) architecture="arm64";;
aarch32 | armv7* | armvhf*) architecture="arm";;
i?86) architecture="386";;
*) echo "(!) Architecture ${architecture} unsupported"; exit 1 ;;
esac
if [ "$(id -u)" -ne 0 ]; then
echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.'
exit 1
fi
# Get the list of GPG key servers that are reachable
get_gpg_key_servers() {
declare -A keyservers_curl_map=(
["hkps://keyserver.ubuntu.com"]="https://keyserver.ubuntu.com"
["hkps://keys.openpgp.org"]="https://keys.openpgp.org"
["hkps://keyserver.pgp.com"]="https://keyserver.pgp.com"
)
local curl_args=""
local keyserver_reachable=false # Flag to indicate if any keyserver is reachable
if [ ! -z "${KEYSERVER_PROXY}" ]; then
curl_args="--proxy ${KEYSERVER_PROXY}"
fi
for keyserver in "${!keyservers_curl_map[@]}"; do
local keyserver_curl_url="${keyservers_curl_map[${keyserver}]}"
if curl -s ${curl_args} --max-time 5 ${keyserver_curl_url} > /dev/null; then
echo "keyserver ${keyserver}"
keyserver_reachable=true
else
echo "(*) Keyserver ${keyserver} is not reachable." >&2
fi
done
if ! $keyserver_reachable; then
echo "(!) No keyserver is reachable." >&2
exit 1
fi
}
# Import the specified key in a variable name passed in as
receive_gpg_keys() {
local keys=${!1}
local keyring_args=""
if [ ! -z "$2" ]; then
keyring_args="--no-default-keyring --keyring $2"
fi
if [ ! -z "${KEYSERVER_PROXY}" ]; then
keyring_args="${keyring_args} --keyserver-options http-proxy=${KEYSERVER_PROXY}"
fi
# Install curl
if ! type curl > /dev/null 2>&1; then
check_packages curl
fi
# Use a temporary location for gpg keys to avoid polluting image
export GNUPGHOME="/tmp/tmp-gnupg"
mkdir -p ${GNUPGHOME}
chmod 700 ${GNUPGHOME}
echo -e "disable-ipv6\n$(get_gpg_key_servers)" > ${GNUPGHOME}/dirmngr.conf
# GPG key download sometimes fails for some reason and retrying fixes it.
local retry_count=0
local gpg_ok="false"
set +e
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "5" ];
do
echo "(*) Downloading GPG key..."
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys) 2>&1 && gpg_ok="true"
if [ "${gpg_ok}" != "true" ]; then
echo "(*) Failed getting key, retrying in 10s..."
(( retry_count++ ))
sleep 10s
fi
done
# If all attempts fail, try getting the keyserver IP address and explicitly passing it to gpg
if [ "${gpg_ok}" = "false" ]; then
retry_count=0;
echo "(*) Resolving GPG keyserver IP address..."
local keyserver_ip_address=$( dig +short keyserver.ubuntu.com | head -n1 )
echo "(*) GPG keyserver IP address $keyserver_ip_address"
until [ "${gpg_ok}" = "true" ] || [ "${retry_count}" -eq "3" ];
do
echo "(*) Downloading GPG key..."
( echo "${keys}" | xargs -n 1 gpg -q ${keyring_args} --recv-keys --keyserver ${keyserver_ip_address}) 2>&1 && gpg_ok="true"
if [ "${gpg_ok}" != "true" ]; then
echo "(*) Failed getting key, retrying in 10s..."
(( retry_count++ ))
sleep 10s
fi
done
fi
set -e
if [ "${gpg_ok}" = "false" ]; then
echo "(!) Failed to get gpg key."
exit 1
fi
}
# Figure out correct version of a three part version number is not passed
find_version_from_git_tags() {
local variable_name=$1
local requested_version=${!variable_name}
if [ "${requested_version}" = "none" ]; then return; fi
local repository=$2
local prefix=${3:-"tags/v"}
local separator=${4:-"."}
local last_part_optional=${5:-"false"}
if [ "$(echo "${requested_version}" | grep -o "." | wc -l)" != "2" ]; then
local escaped_separator=${separator//./\\.}
local last_part
if [ "${last_part_optional}" = "true" ]; then
last_part="(${escaped_separator}[0-9]+)?"
else
last_part="${escaped_separator}[0-9]+"
fi
local regex="${prefix}\\K[0-9]+${escaped_separator}[0-9]+${last_part}$"
local version_list="$(git ls-remote --tags ${repository} | grep -oP "${regex}" | tr -d ' ' | tr "${separator}" "." | sort -rV)"
if [ "${requested_version}" = "latest" ] || [ "${requested_version}" = "current" ] || [ "${requested_version}" = "lts" ]; then
declare -g ${variable_name}="$(echo "${version_list}" | head -n 1)"
else
set +e
declare -g ${variable_name}="$(echo "${version_list}" | grep -E -m 1 "^${requested_version//./\\.}([\\.\\s]|$)")"
set -e
fi
fi
if [ -z "${!variable_name}" ] || ! echo "${version_list}" | grep "^${!variable_name//./\\.}$" > /dev/null 2>&1; then
echo -e "Invalid ${variable_name} value: ${requested_version}\nValid values:\n${version_list}" >&2
exit 1
fi
echo "${variable_name}=${!variable_name}"
}
# Use semver logic to decrement a version number then look for the closest match
find_prev_version_from_git_tags() {
local variable_name=$1
local current_version=${!variable_name}
local repository=$2
# Normally a "v" is used before the version number, but support alternate cases
local prefix=${3:-"tags/v"}
# Some repositories use "_" instead of "." for version number part separation, support that
local separator=${4:-"."}
# Some tools release versions that omit the last digit (e.g. go)
local last_part_optional=${5:-"false"}
# Some repositories may have tags that include a suffix (e.g. actions/node-versions)
local version_suffix_regex=$6
# Try one break fix version number less if we get a failure. Use "set +e" since "set -e" can cause failures in valid scenarios.
set +e
major="$(echo "${current_version}" | grep -oE '^[0-9]+' || echo '')"
minor="$(echo "${current_version}" | grep -oP '^[0-9]+\.\K[0-9]+' || echo '')"
breakfix="$(echo "${current_version}" | grep -oP '^[0-9]+\.[0-9]+\.\K[0-9]+' 2>/dev/null || echo '')"
if [ "${minor}" = "0" ] && [ "${breakfix}" = "0" ]; then
((major=major-1))
declare -g ${variable_name}="${major}"
# Look for latest version from previous major release
find_version_from_git_tags "${variable_name}" "${repository}" "${prefix}" "${separator}" "${last_part_optional}"
# Handle situations like Go's odd version pattern where "0" releases omit the last part
elif [ "${breakfix}" = "" ] || [ "${breakfix}" = "0" ]; then
((minor=minor-1))
declare -g ${variable_name}="${major}.${minor}"
# Look for latest version from previous minor release
find_version_from_git_tags "${variable_name}" "${repository}" "${prefix}" "${separator}" "${last_part_optional}"
else
((breakfix=breakfix-1))
if [ "${breakfix}" = "0" ] && [ "${last_part_optional}" = "true" ]; then
declare -g ${variable_name}="${major}.${minor}"
else
declare -g ${variable_name}="${major}.${minor}.${breakfix}"
fi
fi
set -e
}
find_sentinel_version_from_url() {
local variable_name=$1
local requested_version=${!variable_name}
if [ "${requested_version}" = "none" ]; then return; fi
local repository=$2
if [ "$(echo "${requested_version}" | grep -o "." | wc -l)" != "2" ]; then
local prefix='sentinel_'
local regex="${prefix}\d.\d{2}.\d(?:-\w*)?"
local version_list="$(wget -q $2 -O - | grep -oP ${regex} | tr -d ${prefix} | sort -rV)"
if [ "${requested_version}" = "latest" ] || [ "${requested_version}" = "current" ] || [ "${requested_version}" = "lts" ]; then
declare -g ${variable_name}="$(echo "${version_list}" | head -n 1)"
else
set +e
declare -g ${variable_name}="$(echo "${version_list}" | grep -E -m 1 "^${requested_version//./\\.}([\\.\\s]|$)")"
set -e
fi
fi
if [ -z "${!variable_name}" ] || ! echo "${version_list}" | grep "^${!variable_name//./\\.}$" >/dev/null 2>&1; then
echo -e "Invalid ${variable_name} value: ${requested_version}\nValid values:\n${version_list}" >&2
exit 1
fi
echo "${variable_name}=${!variable_name}"
}
apt_get_update()
{
if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
echo "Running apt-get update..."
apt-get update -y
fi
}
# Checks if packages are installed and installs them if not
check_packages() {
if ! dpkg -s "$@" > /dev/null 2>&1; then
apt_get_update
apt-get -y install --no-install-recommends "$@"
fi
}
# Function to fetch the version released prior to the latest version
get_previous_version() {
local url=$1
local repo_url=$2
local variable_name=$3
prev_version=${!variable_name}
output=$(curl -s "$repo_url");
# install jq
check_packages jq
message=$(echo "$output" | jq -r '.message')
if [[ $message == "API rate limit exceeded"* ]]; then
echo -e "\nAn attempt to find latest version using GitHub Api Failed... \nReason: ${message}"
echo -e "\nAttempting to find latest version using GitHub tags."
find_prev_version_from_git_tags prev_version "$url" "tags/v"
declare -g ${variable_name}="${prev_version}"
else
echo -e "\nAttempting to find latest version using GitHub Api."
version=$(echo "$output" | jq -r '.tag_name')
declare -g ${variable_name}="${version#v}"
fi
echo "${variable_name}=${!variable_name}"
}
get_github_api_repo_url() {
local url=$1
echo "${url/https:\/\/github.com/https:\/\/api.github.com\/repos}/releases/latest"
}
install_previous_version() {
given_version=$1
requested_version=${!given_version}
local URL=$2
INSTALLER_FN=$3
local REPO_URL=$(get_github_api_repo_url "$URL")
local PKG_NAME=$(get_pkg_name "${given_version}")
echo -e "\n(!) Failed to fetch the latest artifacts for ${PKG_NAME} v${requested_version}..."
get_previous_version "$URL" "$REPO_URL" requested_version
echo -e "\nAttempting to install ${requested_version}"
declare -g ${given_version}="${requested_version#v}"
$INSTALLER_FN "${!given_version}"
echo "${given_version}=${!given_version}"
}
install_cosign() {
COSIGN_VERSION=$1
local URL=$2
cosign_filename="/tmp/cosign_${COSIGN_VERSION}_${architecture}.deb"
cosign_url="https://github.com/sigstore/cosign/releases/latest/download/cosign_${COSIGN_VERSION}_${architecture}.deb"
curl -L "${cosign_url}" -o $cosign_filename
if grep -q "Not Found" "$cosign_filename"; then
echo -e "\n(!) Failed to fetch the latest artifacts for cosign v${COSIGN_VERSION}..."
REPO_URL=$(get_github_api_repo_url "$URL")
get_previous_version "$URL" "$REPO_URL" COSIGN_VERSION
echo -e "\nAttempting to install ${COSIGN_VERSION}"
cosign_filename="/tmp/cosign_${COSIGN_VERSION}_${architecture}.deb"
cosign_url="https://github.com/sigstore/cosign/releases/latest/download/cosign_${COSIGN_VERSION}_${architecture}.deb"
curl -L "${cosign_url}" -o $cosign_filename
fi
dpkg -i $cosign_filename
rm $cosign_filename
echo "Installation of cosign succeeded with ${COSIGN_VERSION}."
}
# Install 'cosign' for validating signatures
# https://docs.sigstore.dev/cosign/overview/
ensure_cosign() {
check_packages curl ca-certificates gnupg2
if ! type cosign > /dev/null 2>&1; then
echo "Installing cosign..."
COSIGN_VERSION="latest"
cosign_url='https://github.com/sigstore/cosign'
find_version_from_git_tags COSIGN_VERSION "${cosign_url}"
install_cosign "${COSIGN_VERSION}" "${cosign_url}"
fi
if ! type cosign > /dev/null 2>&1; then
echo "(!) Failed to install cosign."
exit 1
fi
cosign version
}
# Ensure apt is in non-interactive to avoid prompts
export DEBIAN_FRONTEND=noninteractive
# Install dependencies if missing
check_packages curl ca-certificates gnupg2 dirmngr coreutils unzip dnsutils
if ! type git > /dev/null 2>&1; then
check_packages git
fi
terraform_url='https://github.com/hashicorp/terraform'
tflint_url='https://github.com/terraform-linters/tflint'
terragrunt_url='https://github.com/gruntwork-io/terragrunt'
# Verify requested version is available, convert latest
find_version_from_git_tags TERRAFORM_VERSION "$terraform_url"
find_version_from_git_tags TFLINT_VERSION "$tflint_url"
find_version_from_git_tags TERRAGRUNT_VERSION "$terragrunt_url"
install_terraform() {
local TERRAFORM_VERSION=$1
terraform_filename="terraform_${TERRAFORM_VERSION}_linux_${architecture}.zip"
curl -sSL -o ${terraform_filename} "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/${terraform_filename}"
}
mkdir -p /tmp/tf-downloads
cd /tmp/tf-downloads
# Install Terraform, tflint, Terragrunt
echo "Downloading terraform..."
terraform_filename="terraform_${TERRAFORM_VERSION}_linux_${architecture}.zip"
install_terraform "$TERRAFORM_VERSION"
if grep -q "The specified key does not exist." "${terraform_filename}"; then
install_previous_version TERRAFORM_VERSION $terraform_url "install_terraform"
terraform_filename="terraform_${TERRAFORM_VERSION}_linux_${architecture}.zip"
fi
if [ "${TERRAFORM_SHA256}" != "dev-mode" ]; then
if [ "${TERRAFORM_SHA256}" = "automatic" ]; then
receive_gpg_keys TERRAFORM_GPG_KEY
curl -sSL -o terraform_SHA256SUMS https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
curl -sSL -o terraform_SHA256SUMS.sig https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig
gpg --verify terraform_SHA256SUMS.sig terraform_SHA256SUMS
else
echo "${TERRAFORM_SHA256} *${terraform_filename}" > terraform_SHA256SUMS
fi
sha256sum --ignore-missing -c terraform_SHA256SUMS
fi
unzip ${terraform_filename}
mv -f terraform /usr/local/bin/
install_tflint() {
TFLINT_VERSION=$1
curl -sSL -o /tmp/tf-downloads/${TFLINT_FILENAME} https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/${TFLINT_FILENAME}
}
if [ "${TFLINT_VERSION}" != "none" ]; then
echo "Downloading tflint..."
TFLINT_FILENAME="tflint_linux_${architecture}.zip"
install_tflint "$TFLINT_VERSION"
if grep -q "Not Found" "/tmp/tf-downloads/${TFLINT_FILENAME}"; then
install_previous_version TFLINT_VERSION "$tflint_url" "install_tflint"
fi
if [ "${TFLINT_SHA256}" != "dev-mode" ]; then
if [ "${TFLINT_SHA256}" != "automatic" ]; then
echo "${TFLINT_SHA256} *${TFLINT_FILENAME}" > tflint_checksums.txt
sha256sum --ignore-missing -c tflint_checksums.txt
else
curl -sSL -o tflint_checksums.txt https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt
set +e
curl -sSL -o checksums.txt.keyless.sig https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt.keyless.sig
set -e
# Check that checksums.txt.keyless.sig exists and is not empty
if [ -s checksums.txt.keyless.sig ]; then
# Validate checksums with cosign
curl -sSL -o checksums.txt.pem https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt.pem
ensure_cosign
cosign verify-blob \
--certificate=/tmp/tf-downloads/checksums.txt.pem \
--signature=/tmp/tf-downloads/checksums.txt.keyless.sig \
--certificate-identity-regexp="^https://github.com/terraform-linters/tflint" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
/tmp/tf-downloads/tflint_checksums.txt
# Ensure that checksums.txt has $TFLINT_FILENAME
grep ${TFLINT_FILENAME} /tmp/tf-downloads/tflint_checksums.txt
# Validate downloaded file
sha256sum --ignore-missing -c tflint_checksums.txt
else
# Fallback to older, GPG-based verification (pre-0.47.0 of tflint)
curl -sSL -o tflint_checksums.txt.sig https://github.com/terraform-linters/tflint/releases/download/v${TFLINT_VERSION}/checksums.txt.sig
curl -sSL -o tflint_key "${TFLINT_GPG_KEY_URI}"
gpg -q --import tflint_key
gpg --verify tflint_checksums.txt.sig tflint_checksums.txt
fi
fi
fi
unzip /tmp/tf-downloads/${TFLINT_FILENAME}
mv -f tflint /usr/local/bin/
fi
install_terragrunt() {
TERRAGRUNT_VERSION=$1
curl -sSL -o /tmp/tf-downloads/${terragrunt_filename} https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/${terragrunt_filename}
}
if [ "${TERRAGRUNT_VERSION}" != "none" ]; then
echo "Downloading Terragrunt..."
terragrunt_filename="terragrunt_linux_${architecture}"
install_terragrunt "$TERRAGRUNT_VERSION"
output=$(cat "/tmp/tf-downloads/${terragrunt_filename}")
if [[ $output == "Not Found" ]]; then
install_previous_version TERRAGRUNT_VERSION $terragrunt_url "install_terragrunt"
fi
if [ "${TERRAGRUNT_SHA256}" != "dev-mode" ]; then
if [ "${TERRAGRUNT_SHA256}" = "automatic" ]; then
curl -sSL -o terragrunt_SHA256SUMS https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/SHA256SUMS
else
echo "${TERRAGRUNT_SHA256} *${terragrunt_filename}" > terragrunt_SHA256SUMS
fi
sha256sum --ignore-missing -c terragrunt_SHA256SUMS
fi
chmod a+x /tmp/tf-downloads/${terragrunt_filename}
mv -f /tmp/tf-downloads/${terragrunt_filename} /usr/local/bin/terragrunt
fi
if [ "${INSTALL_SENTINEL}" = "true" ]; then
SENTINEL_VERSION="latest"
sentinel_releases_url='https://releases.hashicorp.com/sentinel'
find_sentinel_version_from_url SENTINEL_VERSION ${sentinel_releases_url}
sentinel_filename="sentinel_${SENTINEL_VERSION}_linux_${architecture}.zip"
echo "(*) Downloading Sentinel... ${sentinel_filename}"
curl -sSL -o /tmp/tf-downloads/${sentinel_filename} ${sentinel_releases_url}/${SENTINEL_VERSION}/${sentinel_filename}
if [ "${SENTINEL_SHA256}" != "dev-mode" ]; then
if [ "${SENTINEL_SHA256}" = "automatic" ]; then
receive_gpg_keys TERRAFORM_GPG_KEY
curl -sSL -o sentinel_checksums.txt ${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS
curl -sSL -o sentinel_checksums.txt.sig ${sentinel_releases_url}/${SENTINEL_VERSION}/sentinel_${SENTINEL_VERSION}_SHA256SUMS.${TERRAFORM_GPG_KEY}.sig
gpg --verify sentinel_checksums.txt.sig sentinel_checksums.txt
# Verify the SHASUM matches the archive
shasum -a 256 --ignore-missing -c sentinel_checksums.txt
else
echo "${SENTINEL_SHA256} *${SENTINEL_FILENAME}" >sentinel_checksums.txt
fi
sha256sum --ignore-missing -c sentinel_checksums.txt
fi
unzip /tmp/tf-downloads/${sentinel_filename}
chmod a+x /tmp/tf-downloads/sentinel
mv -f /tmp/tf-downloads/sentinel /usr/local/bin/sentinel
fi
install_tfsec() {
local TFSEC_VERSION=$1
tfsec_filename="tfsec_${TFSEC_VERSION}_linux_${architecture}.tar.gz"
curl -sSL -o /tmp/tf-downloads/${tfsec_filename} https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/${tfsec_filename}
}
if [ "${INSTALL_TFSEC}" = "true" ]; then
TFSEC_VERSION="latest"
tfsec_url='https://github.com/aquasecurity/tfsec'
find_version_from_git_tags TFSEC_VERSION $tfsec_url
tfsec_filename="tfsec_${TFSEC_VERSION}_linux_${architecture}.tar.gz"
echo "(*) Downloading TFSec... ${tfsec_filename}"
install_tfsec "$TFSEC_VERSION"
if grep -q "Not Found" "/tmp/tf-downloads/${tfsec_filename}"; then
install_previous_version TFSEC_VERSION $tfsec_url "install_tfsec"
tfsec_filename="tfsec_${TFSEC_VERSION}_linux_${architecture}.tar.gz"
fi
if [ "${TFSEC_SHA256}" != "dev-mode" ]; then
if [ "${TFSEC_SHA256}" = "automatic" ]; then
curl -sSL -o tfsec_SHA256SUMS https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec_${TFSEC_VERSION}_checksums.txt
else
echo "${TFSEC_SHA256} *${tfsec_filename}" > tfsec_SHA256SUMS
fi
sha256sum --ignore-missing -c tfsec_SHA256SUMS
fi
mkdir -p /tmp/tf-downloads/tfsec
tar -xzf /tmp/tf-downloads/${tfsec_filename} -C /tmp/tf-downloads/tfsec
chmod a+x /tmp/tf-downloads/tfsec/tfsec
mv -f /tmp/tf-downloads/tfsec/tfsec /usr/local/bin/tfsec
fi
install_terraform_docs() {
local TERRAFORM_DOCS_VERSION=$1
tfdocs_filename="terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-${architecture}.tar.gz"
curl -sSL -o /tmp/tf-downloads/${tfdocs_filename} https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/${tfdocs_filename}
}
if [ "${INSTALL_TERRAFORM_DOCS}" = "true" ]; then
TERRAFORM_DOCS_VERSION="latest"
terraform_docs_url='https://github.com/terraform-docs/terraform-docs'
find_version_from_git_tags TERRAFORM_DOCS_VERSION $terraform_docs_url
tfdocs_filename="terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-${architecture}.tar.gz"
echo "(*) Downloading Terraform docs... ${tfdocs_filename}"
install_terraform_docs "$TERRAFORM_DOCS_VERSION"
if grep -q "Not Found" "/tmp/tf-downloads/${tfdocs_filename}"; then
install_previous_version TERRAFORM_DOCS_VERSION $terraform_docs_url "install_terraform_docs"
tfdocs_filename="terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-${architecture}.tar.gz"
fi
if [ "${TERRAFORM_DOCS_SHA256}" != "dev-mode" ]; then
if [ "${TERRAFORM_DOCS_SHA256}" = "automatic" ]; then
curl -sSL -o tfdocs_SHA256SUMS https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}.sha256sum
else
echo "${TERRAFORM_DOCS_SHA256} *${tfsec_filename}" > tfdocs_SHA256SUMS
fi
sha256sum --ignore-missing -c tfdocs_SHA256SUMS
fi
mkdir -p /tmp/tf-downloads/tfdocs
tar -xzf /tmp/tf-downloads/${tfdocs_filename} -C /tmp/tf-downloads/tfdocs
chmod a+x /tmp/tf-downloads/tfdocs/terraform-docs
mv -f /tmp/tf-downloads/tfdocs/terraform-docs /usr/local/bin/terraform-docs
fi
rm -rf /tmp/tf-downloads ${GNUPGHOME}
# Clean up
rm -rf /var/lib/apt/lists/*
echo "Done!"