mirror of
https://github.com/inspec/inspec
synced 2025-01-04 09:18:59 +00:00
86 lines
2.9 KiB
Text
86 lines
2.9 KiB
Text
|
pkg_name=<%= "inspec-profile-#{profile.name}" %>
|
||
|
pkg_version=<%= profile.version %>
|
||
|
pkg_origin=<%= habitat_origin %>
|
||
|
pkg_deps=(chef/inspec)
|
||
|
pkg_build_deps=(chef/inspec core/jq-static)
|
||
|
pkg_svc_user=root
|
||
|
<%= "pkg_license='#{profile.metadata.params[:license]}'" if profile.metadata.params[:license]%>
|
||
|
|
||
|
do_before() {
|
||
|
# Exit with error if not in the directory with 'inspec.yml'.
|
||
|
# This can happen if someone does 'hab studio enter' from within the
|
||
|
# 'habitat/' directory.
|
||
|
if [ ! -f "$PLAN_CONTEXT/../inspec.yml" ]; then
|
||
|
message="ERROR: Cannot find inspec.yml."
|
||
|
message="$message Please build from the profile root"
|
||
|
build_line "$message"
|
||
|
|
||
|
return 1
|
||
|
fi
|
||
|
|
||
|
# Execute an 'inspec compliance login' if a profile needs to be fetched from
|
||
|
# the Automate server
|
||
|
if [ "$(grep "compliance: " "$PLAN_CONTEXT/../inspec.yml")" ]; then
|
||
|
_do_compliance_login;
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
do_setup_environment() {
|
||
|
set_buildtime_env PROFILE_CACHE_DIR "$HAB_CACHE_SRC_PATH/$pkg_dirname"
|
||
|
set_buildtime_env ARCHIVE_NAME "$pkg_name-$pkg_version.tar.gz"
|
||
|
|
||
|
# InSpec loads `pry` which tries to expand `~`. This fails if HOME isn't set.
|
||
|
set_runtime_env HOME "$pkg_svc_var_path"
|
||
|
|
||
|
# InSpec will create a `.inspec` directory in the user's home directory.
|
||
|
# This overrides that to write to a place within the running service's path.
|
||
|
# NOTE: Setting HOME does the same currently. This is here to be explicit.
|
||
|
set_runtime_env INSPEC_CONFIG_DIR "$pkg_svc_var_path"
|
||
|
}
|
||
|
|
||
|
do_unpack() {
|
||
|
# Change directory to where the profile files are
|
||
|
pushd "$PLAN_CONTEXT/../" > /dev/null
|
||
|
|
||
|
# Get a list of all files in the profile except those that are Habitat related
|
||
|
profile_files=($(ls -I habitat -I results -I "*.hart"))
|
||
|
|
||
|
mkdir -p "$PROFILE_CACHE_DIR" > /dev/null
|
||
|
|
||
|
# Copy just the profile files to the profile cache directory
|
||
|
cp -r ${profile_files[@]} "$PROFILE_CACHE_DIR"
|
||
|
}
|
||
|
|
||
|
do_build() {
|
||
|
inspec archive "$PROFILE_CACHE_DIR" \
|
||
|
--overwrite \
|
||
|
-o "$PROFILE_CACHE_DIR/$ARCHIVE_NAME"
|
||
|
}
|
||
|
|
||
|
do_install() {
|
||
|
cp "$PROFILE_CACHE_DIR/$ARCHIVE_NAME" "$pkg_prefix"
|
||
|
}
|
||
|
|
||
|
_do_compliance_login() {
|
||
|
if [ -z $COMPLIANCE_CREDS ]; then
|
||
|
message="ERROR: Please perform an 'inspec compliance login' and set"
|
||
|
message="$message \$HAB_STUDIO_SECRET_COMPLIANCE_CREDS to the contents of"
|
||
|
message="$message '~/.inspec/compliance/config.json'"
|
||
|
build_line "$message"
|
||
|
return 1
|
||
|
fi
|
||
|
|
||
|
user=$(echo $COMPLIANCE_CREDS | jq .user | sed 's/"//g')
|
||
|
token=$(echo $COMPLIANCE_CREDS | jq .token | sed 's/"//g')
|
||
|
automate_server=$(echo $COMPLIANCE_CREDS | \
|
||
|
jq .server | \
|
||
|
sed 's/\/api\/v0//' | \
|
||
|
sed 's/"//g'
|
||
|
)
|
||
|
insecure=$(echo $COMPLIANCE_CREDS | jq .insecure)
|
||
|
inspec compliance login --insecure $insecure \
|
||
|
--user $user \
|
||
|
--token $token \
|
||
|
$automate_server
|
||
|
}
|