Merge pull request #5 from accurics/update-cli-version

Fixes an issue when fetching the latest terraform binaries.
tenable · Feb 23, 2021 · 61bb46e · 61bb46e
2 parents 7fe7b10 + 4e18fee
commit 61bb46e
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 27 deletions.
diff --git a/.github/workflows/accurics-workflow.yml b/.github/workflows/accurics-workflow.yml
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ See examples below.
 ```yaml
     steps:
       - name: Accurics
-        uses: accurics/accurics-action@v1.0
+        uses: accurics/accurics-action@v1.3
         id: accurics
         with:
           app-id: ${{ secrets.ACCURICS_APP_ID }}
@@ -79,7 +79,7 @@ This example configures an Accurics Scan with a custom Terraform version and var
       - name: Checkout
         uses: actions/checkout@v2
       - name: Accurics
-        uses: accurics/accurics-action@v1.0
+        uses: accurics/accurics-action@v1.3
         id: accurics
         env: 
           # Required by Terraform
@@ -90,7 +90,7 @@ This example configures an Accurics Scan with a custom Terraform version and var
           app-id: ${{ secrets.ACCURICS_APP_ID }}
           env-id: ${{ secrets.ACCURICS_ENV_ID }}
           # Optional args
-          terraform-version: 0.12.24
+          terraform-version: 0.14.7
           plan-args: '-var myvar1=val1 -var myvar2=val2'
 ```
 
@@ -101,7 +101,7 @@ This example configures an Accurics Scan using the latest Terraform version, cus
       - name: Checkout
         uses: actions/checkout@v2
       - name: Accurics
-        uses: accurics/accurics-action@v1.0
+        uses: accurics/accurics-action@v1.3
         id: accurics
         env:
           # Required by Terraform
@@ -124,7 +124,7 @@ This is the same configuration as before, but it now includes an extra build ste
       - name: Checkout
         uses: actions/checkout@v2
       - name: Accurics
-        uses: accurics/accurics-action@v1.0
+        uses: accurics/accurics-action@v1.3
         id: accurics
         env:
           # Required by Terraform

diff --git a/action.yml b/action.yml
@@ -48,6 +48,8 @@ inputs:
 outputs:
   env-name:
     description: 'Environment Name'
+  repo:
+    description: 'Repository Location'
   num-violations:
     description: 'Number of Violations'
   num-resources:

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -29,10 +29,13 @@ process_args() {
 
 install_terraform() {
   local terraform_ver=$1
-  local url="https://releases.hashicorp.com/terraform/$terraform_ver/terraform_${terraform_ver}_linux_amd64.zip"
+  local url
+
   [ "$terraform_ver" = "latest" ] && terraform_ver=`curl -sL https://releases.hashicorp.com/terraform/index.json | jq -r '.versions[].version' | grep -v '[-].*' | sort -rV | head -n 1`
 
-  echo "Downloading Terraform: $terraform_ver"
+  url="https://releases.hashicorp.com/terraform/$terraform_ver/terraform_${terraform_ver}_linux_amd64.zip"
+
+  echo "Downloading Terraform: $terraform_ver from $url"
   curl -s -S -L -o /tmp/terraform_${terraform_ver}_linux_amd64.zip ${url}
 
   [ "$?" -ne 0 ] && echo "Error while downloading Terraform $terraform_ver" && exit 150
@@ -66,6 +69,7 @@ process_errors() {
 
 process_output() {
   num_violations=$VIOLATIONS
+  repo=$ACCURICS_REPO_NAME
   env_name=`grep envName $REPORT_NAME | head -1 | cut -d\" -f4`
   num_resources=`grep resources $REPORT_NAME | head -1 | awk '{ print $2 }' | cut -d, -f1`
   high=`grep high $REPORT_NAME | head -1 | awk '{ print $2 }' | cut -d, -f1`
@@ -79,6 +83,7 @@ process_output() {
   has_errors=`grep HasErrors $REPORT_NAME | head -1 | awk '{ print $2 }' | cut -d, -f1`
 
   echo "::set-output name=env-name::$env_name"
+  echo "::set-output name=repo::$repo"
   echo "::set-output name=num-violations::$num_violations"
   echo "::set-output name=num-resources::$num_resources"
   echo "::set-output name=high::$high"

diff --git a/workflow.yml → example-workflow.yml b/workflow.yml → example-workflow.yml
@@ -14,36 +14,41 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Accurics Scan
-        uses: accurics/accurics-action@v1.2
+        uses: accurics/accurics-action@v1.3
         id: accurics
         env:
           # Credentials are required by Terraform. They can be specified using any method that Terraform accepts
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         with:
           # A specific Terraform version can be chosen (default=latest)
-          terraform-version: 0.12.28
+          terraform-version: 0.14.7
           # Specify any Terraform plan args here. Variables can be specified as follows (enclosed in single quotes)
           plan-args: '-var public_key_path=terraform-poc01.pub -var key_name=terraform-poc01'
           # Specify the ENV_ID and APP_ID from the config file
-          env-id: ${{ secrets.PROD_ENV_ID }}
-          app-id: ${{ secrets.PROD_APP_ID }}
+          app-id: ${{ secrets.ACCURICS_APP_ID }}
+          env-id: ${{ secrets.ACCURICS_ENV_ID }}
           # Specify the location to the repository
           repo: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY
           # Fail the build when violations are found:
           fail-on-violations: true
           # Fail the build on all errors
-#          fail-on-all-errors: false
+          fail-on-all-errors: false
       - name: Display statistics
         run: '
+            echo ""
             echo "Environment Name           : ${{ steps.accurics.outputs.env-name }}";
+            echo "Repository                 : ${{ steps.accurics.outputs.repo }}";
             echo "Violation Count            : ${{ steps.accurics.outputs.num-violations }}";
             echo "Resource Count             : ${{ steps.accurics.outputs.num-resources }}";
+            echo ""
             echo "Native Resources           : ${{ steps.accurics.outputs.native }}";
             echo "Inherited Resources        : ${{ steps.accurics.outputs.inherited }}";
+            echo ""
             echo "High-Severity Violations   : ${{ steps.accurics.outputs.high }}";
             echo "Medium-Severity Violations : ${{ steps.accurics.outputs.medium }}";
             echo "Low-Severity Violations    : ${{ steps.accurics.outputs.low }}";
+            echo ""
             echo "Drift                      : ${{ steps.accurics.outputs.drift }}";
             echo "IaC Drift                  : ${{ steps.accurics.outputs.iacdrift }}";
             echo "Cloud Drift                : ${{ steps.accurics.outputs.clouddrift }}";