From 3affaa3f013a698025eb29890e99a52a7639cc83 Mon Sep 17 00:00:00 2001 From: nvuillam Date: Fri, 22 Nov 2024 19:59:17 +0100 Subject: [PATCH] Env variable replacement for PRE_COMMIT Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise) Fixes https://github.com/oxsecurity/megalinter/issues/2947 --- .automation/test/pre-post-test/.mega-linter.yml | 6 ++++++ CHANGELOG.md | 1 + megalinter/descriptors/terraform.megalinter-descriptor.yml | 5 +++++ megalinter/linters/TfLintLinter.py | 6 ++++++ megalinter/pre_post_factory.py | 5 +++++ megalinter/tests/test_megalinter/pre_post_test.py | 7 +++++++ 6 files changed, 30 insertions(+) diff --git a/.automation/test/pre-post-test/.mega-linter.yml b/.automation/test/pre-post-test/.mega-linter.yml index 4b8b09b113e..8415e1371ea 100644 --- a/.automation/test/pre-post-test/.mega-linter.yml +++ b/.automation/test/pre-post-test/.mega-linter.yml @@ -20,6 +20,12 @@ PRE_COMMANDS: - command: export MY_OUTPUT_VARIABLE="my output variable value" && export MY_OUTPUT_VARIABLE2="my output variable value2" output_variables: ["MY_OUTPUT_VARIABLE", "MY_OUTPUT_VARIABLE2"] cwd: "root" + - command: export MY_OUTPUT_VARIABLE_REPLACED="$MY_INPUT_VARIABLE" + replacement_env_vars: + - var_src: MY_INPUT_VARIABLE_REPLACEMENT + - var_dest: MY_INPUT_VARIABLE + output_variables: ["MY_OUTPUT_VARIABLE_REPLACED"] + cwd: "root" POST_COMMANDS: - command: npm run test cwd: "workspace" diff --git a/CHANGELOG.md b/CHANGELOG.md index c8fb7fe0c1e..a8c1ea065b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-linter.yml file, or with `oxsecurity/megalinter:beta` docker image - Core + - Allow to replace an ENV var value with the value of another ENV var before calling a PRE_COMMAND (helps for tflint run from GitHub Enterprise) - New linters diff --git a/megalinter/descriptors/terraform.megalinter-descriptor.yml b/megalinter/descriptors/terraform.megalinter-descriptor.yml index 31a12d164a7..854a398a833 100644 --- a/megalinter/descriptors/terraform.megalinter-descriptor.yml +++ b/megalinter/descriptors/terraform.megalinter-descriptor.yml @@ -24,6 +24,8 @@ linters: linter_text: | > If you are using the GitHub action please use the `TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN` to prevent plugin download issues + > If you have issues with tflint --init, create a GitHub Personal Access Token and set its value to PAT_GITHUB_COM variable. + Note: It's recommended to create your own `.tflint.hcl` custom config file tailored to your project's specific needs. The default configuration enables all supported languages and rules, which may not be optimal for every project. linter_icon_png_url: https://raw.githubusercontent.com/oxsecurity/megalinter/main/docs/assets/icons/linters/tflint.png @@ -38,6 +40,9 @@ linters: - name: TERRAFORM_TFLINT_SECURED_ENV default_value: true description: Allows to send the full env to **tflint --init**. Initialized with default value `true`. Set to `false` to allow `tflint --init` to access your env vars. + - name: PAT_GITHUB_COM + default_value: "" + description: If you have issues with tflint --init, create a GitHub Personal Access Token and set its value to PAT_GITHUB_COM variable. examples: - "tflint" - "tflint -c .tflint.hcl" diff --git a/megalinter/linters/TfLintLinter.py b/megalinter/linters/TfLintLinter.py index a8168356526..8e2e88d8338 100644 --- a/megalinter/linters/TfLintLinter.py +++ b/megalinter/linters/TfLintLinter.py @@ -28,6 +28,12 @@ def before_lint_files(self): "command": tflint_init_command, "cwd": self.workspace, "secured_env": tflint_secured_env, + "replacement_env_vars": [ + { + "var_dest": "GITHUB_TOKEN", + "var_src": "PAT_GITHUB_COM" + } + ] } if self.pre_commands is None: self.pre_commands = [] diff --git a/megalinter/pre_post_factory.py b/megalinter/pre_post_factory.py index ae13e294764..c95aaa55592 100644 --- a/megalinter/pre_post_factory.py +++ b/megalinter/pre_post_factory.py @@ -98,6 +98,11 @@ def run_command(command_info, log_key, mega_linter, linter=None): mega_linter.request_id, command_info["secured_env"], unsecured_env_variables ) } + # Complete with replacement variables if necessary + if "replacement_env_vars" in command_info: + for replacement in command_info["replacement_env_vars"]: + if replacement["var_src"] in subprocess_env: + subprocess_env[replacement["var_dest"]] = replacement["var_src"] add_in_logs( linter, log_key, diff --git a/megalinter/tests/test_megalinter/pre_post_test.py b/megalinter/tests/test_megalinter/pre_post_test.py index cfcd1be06af..29f0b3171be 100644 --- a/megalinter/tests/test_megalinter/pre_post_test.py +++ b/megalinter/tests/test_megalinter/pre_post_test.py @@ -32,6 +32,8 @@ def test_pre_post_success(self): "GITHUB_COMMENT_REPORTER": "false", "LOG_LEVEL": "DEBUG", "request_id": self.request_id, + "MY_INPUT_VARIABLE": "SHOULD_BE_REPLACED", + "MY_INPUT_VARIABLE_REPLACEMENT": "HAS_BEEN_REPLACED" } ) self.assertTrue( @@ -53,6 +55,11 @@ def test_pre_post_success(self): == "my output variable value2", "MY_OUTPUT_VARIABLE2 should be found", ) + self.assertTrue( + config.get(self.request_id, "MY_OUTPUT_VARIABLE_REPLACED", "") + == "HAS_BEEN_REPLACED", + "MY_OUTPUT_VARIABLE_REPLACED has not been replaced", + ) self.assertTrue( config.get(self.request_id, "MY_OUTPUT_LINTER_VARIABLE", "") == "my output linter variable value",