diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index b7c9de2..19f0606 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -12,6 +12,7 @@ env: tfsec_version: "1.28.13" # https://github.com/aquasecurity/tfsec/releases tf_summarize_version: "0.3.14" # https://github.com/dineshba/tf-summarize/releases gitlab_terraform: "1.8.0" # https://gitlab.com/gitlab-org/terraform-images/-/tags + gitleaks_version: "8.23.1" # https://github.com/gitleaks/gitleaks/releases jobs: build: @@ -75,6 +76,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | @@ -96,6 +98,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | @@ -117,6 +120,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | @@ -138,6 +142,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | @@ -159,6 +164,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | @@ -201,6 +207,7 @@ jobs: TFLINT_VERSION=${{ env.tflint_version }} TFSEC_VERSION=${{ env.tfsec_version }} TF_SUMMARIZE_VERSION=${{ env.tf_summarize_version }} + GITLEAKS_VERSION=${{ env.gitleaks_version }} GITLAB_TERRAFORM=${{ env.gitlab_terraform }} GITHUB_TOKEN=${{ github.token }} tags: | diff --git a/Dockerfile b/Dockerfile index f205d25..b7ee765 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,6 +36,12 @@ ARG GITLAB_TERRAFORM RUN wget -q -O /usr/local/bin/gitlab-terraform https://gitlab.com/gitlab-org/terraform-images/-/raw/v${GITLAB_TERRAFORM}/src/bin/gitlab-terraform.sh RUN chmod +x /usr/local/bin/gitlab-terraform +ARG GITLEAKS_VERSION + +RUN curl -fsSL -o /tmp/gitleaks.tar.gz https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz +RUN tar xzf /tmp/gitleaks.tar.gz -C /tmp && rm /tmp/gitleaks.tar.gz +RUN mv /tmp/gitleaks /usr/local/bin/gitleaks && chmod +x /usr/local/bin/gitleaks + FROM cookielab/slim:12.9 RUN apt update && apt install -y openssl wget curl zip python3 tzdata jq git idn2 \ diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 4456090..2465435 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -36,6 +36,12 @@ ARG GITLAB_TERRAFORM RUN wget -q -O /usr/local/bin/gitlab-terraform https://gitlab.com/gitlab-org/terraform-images/-/raw/v${GITLAB_TERRAFORM}/src/bin/gitlab-terraform.sh RUN chmod +x /usr/local/bin/gitlab-terraform +ARG GITLEAKS_VERSION + +RUN curl -fsSL -o /tmp/gitleaks.tar.gz https://github.com/zricethezav/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz +RUN tar xzf /tmp/gitleaks.tar.gz -C /tmp && rm /tmp/gitleaks.tar.gz +RUN mv /tmp/gitleaks /usr/local/bin/gitleaks && chmod +x /usr/local/bin/gitleaks + FROM cookielab/alpine:3.21 RUN apk --update --no-cache add openssl wget curl zip python3 tzdata jq git idn2-utils