Merge pull request #28 from theohbrothers/enhancement/add-validation-…

…for-sops

Enhancement: Add validation for `sops`

generate/templates/Dockerfile.ps1

@@ -27,23 +27,31 @@ RUN apk add --no-cache libvirt-client
 
 if ( $VARIANT['_metadata']['components'] -contains 'sops' ) {
     if ( $VARIANT['_metadata']['distro'] -eq 'alpine' -and $VARIANT['_metadata']['distro_version'] -in @('3.6', '3.5', '3.4', '3.3') ) {
-        @"
+@"
 # Fix generic certification validation errors in alpine 3.5: https://github.com/docker-library/official-images/issues/2773#issuecomment-350431934
 RUN apk add --no-cache ca-certificates
 
 # Fix wget not working in alpine:3.6 and below. https://github.com/gliderlabs/docker-alpine/issues/423
 # RUN apk add --no-cache libressl
 
 # Fix wget error 'wget: SSL/TLS certificate is not being validated!' in alpine:3.5, use curl instead: https://github.com/docker-library/official-images/issues/2773
-RUN apk add --no-cache curl \
-    && curl -sL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
-    && apk del curl
+RUN set -eux; \
+    apk add --no-cache curl; \
+    curl -sSL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version; \
+    apk del curl
 
 
 "@
     }else {
-        @"
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+@"
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 
 "@

variants/v0.11.0-jq-sops-ssh-alpine-3.7/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.11.0-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.11.7-jq-sops-ssh-alpine-3.8/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.11.7-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.11.8-jq-sops-ssh-alpine-3.9/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.11.8-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.12.17-jq-sops-ssh-alpine-3.11/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.12.17-r1
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.12.25-jq-sops-ssh-alpine-3.12/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.12.25-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.12.6-jq-sops-ssh-alpine-3.10/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.12.6-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.14.4-jq-sops-ssh-alpine-3.13/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.14.4-r0
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.14.9-jq-sops-ssh-alpine-3.14/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=0.14.9-r4
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v0.8.1-jq-sops-ssh-alpine-3.5/Dockerfile

@@ -14,9 +14,13 @@ RUN apk add --no-cache ca-certificates
 # RUN apk add --no-cache libressl
 
 # Fix wget error 'wget: SSL/TLS certificate is not being validated!' in alpine:3.5, use curl instead: https://github.com/docker-library/official-images/issues/2773
-RUN apk add --no-cache curl \
-    && curl -sL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
-    && apk del curl
+RUN set -eux; \
+    apk add --no-cache curl; \
+    curl -sSL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version; \
+    apk del curl
 
 RUN apk add --no-cache gnupg
 

variants/v0.9.5-jq-sops-ssh-alpine-3.6/Dockerfile

@@ -14,9 +14,13 @@ RUN apk add --no-cache ca-certificates
 # RUN apk add --no-cache libressl
 
 # Fix wget error 'wget: SSL/TLS certificate is not being validated!' in alpine:3.5, use curl instead: https://github.com/docker-library/official-images/issues/2773
-RUN apk add --no-cache curl \
-    && curl -sL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops \
-    && apk del curl
+RUN set -eux; \
+    apk add --no-cache curl; \
+    curl -sSL https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version; \
+    apk del curl
 
 RUN apk add --no-cache gnupg
 

variants/v1.0.11-jq-sops-ssh-alpine-3.15/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=1.0.11-r2
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v1.2.0-jq-sops-ssh-alpine-3.16/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=1.2.0-r4
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v1.3.4-jq-libvirt-sops-ssh-alpine-3.17/Dockerfile

@@ -9,7 +9,11 @@ RUN apk add --no-cache jq
 
 RUN apk add --no-cache libvirt-client
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg
 

variants/v1.3.4-jq-sops-ssh-alpine-3.17/Dockerfile

@@ -7,7 +7,11 @@ RUN apk add --no-cache terraform=1.3.4-r2
 
 RUN apk add --no-cache jq
 
-RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops
+RUN set -eux; \
+    wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
+    chmod +x /usr/local/bin/sops; \
+    sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
+    sops --version
 
 RUN apk add --no-cache gnupg