oxsecurity · bdovaz · Jun 23, 2022 · Jun 24, 2022 · Jun 24, 2022 · Jun 24, 2022
@@ -2805,6 +2805,7 @@ def generate_documentation_all_linters():
     linters.sort(key=lambda x: x.linter_name)
     table_header = [
         "Linter",
+        "Supported Platforms",
         "Version",
         "License",
         "Popularity",
@@ -2990,9 +2991,17 @@ def generate_documentation_all_linters():
                 f"[![GitHub stars](https://img.shields.io/github/stars/{repo}?cacheSeconds=3600)]"
                 f"(https://github.com/{repo}){{target=_blank}}"
             )
+        supported_platforms = []
+        # supported platforms
+        if (
+            hasattr(linter, "supported_platforms")
+            and "platform" in linter.supported_platforms
+        ):
+            supported_platforms += linter.supported_platforms["platform"]
         # line
         table_line = [
             linter.linter_name,
+            ", ".join(supported_platforms),
             linter_version,
             license,
             "N/A",
@@ -3009,6 +3018,7 @@ def generate_documentation_all_linters():
             linter_doc_links += [link]
         md_table_line = [
             md_linter_name,
+            "<br/> ".join(supported_platforms),
             linter_version,
             md_license,
             md_popularity,
@@ -3049,10 +3059,10 @@ def generate_documentation_all_linters():
         outfile.write("<!-- markdownlint-disable -->\n\n")
         outfile.write("# References\n\n")
         outfile.write(
-            "| Linter | Version | License | Popularity | Descriptors | Ref | URL |\n"
+            "| Linter | Supported Platforms | Version | License | Popularity | Descriptors | Ref | URL |\n"
         )
         outfile.write(
-            "| :----  | :-----: | :-----: | :-----: | :---------  | :--------------: | :-: |\n"
+            "| :----  | :-----: | :-----: | :-----: | :-----: | :---------  | :--------------: | :-: |\n"
         )
         for md_table_line in md_table_lines:
             outfile.write("| %s |\n" % " | ".join(md_table_line))

@@ -1,3 +1,4 @@
+---
 # https://docs.codecov.io/docs/commit-status#disabling-a-status
 # Disable blocking patch status to avoid to block PRs without good reason !
 coverage:

@@ -454,6 +454,7 @@
         "Syft",
         "Symlinks",
         "Syntastic",
+        "TARGETPLATFORM",
         "TEAMPROJECT",
         "TEKTON",
         "TERMIOS",
@@ -492,6 +493,7 @@
         "YMLs",
         "YOURBRANCH",
         "YOURUSERNAME",
+        "aarch64",
         "abhith",
         "absolutized",
         "abstractproperty",
@@ -524,6 +526,7 @@
         "arctan",
         "aren",
         "argparse",
+        "armv6",
         "artefacts",
         "asdict",
         "ashokm",
@@ -1017,6 +1020,7 @@
         "msrest",
         "mstruebing",
         "msvs",
+        "multiarch",
         "muandane",
         "multiline",
         "multimatch",
@@ -1250,6 +1254,7 @@
         "returnrules",
         "rexec",
         "risd",
+        "riscv",
         "rmfamily",
         "rockspec",
         "rockspecs",

@@ -1,3 +1,3 @@
+---
 # These are supported funding model platforms
-
 github: [nvuillam]
@@ -1,3 +1,4 @@
+---
 #################################
 # GitHub Dependabot Config info #
 #################################

@@ -1,2 +1,3 @@
+---
 include_checks:
   - I
@@ -1,3 +1,4 @@
+---
 # You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file
 quiet: true
 skip-check:

@@ -1,3 +1,4 @@
+---
 ignored:
   - DL3007
   - DL3016

@@ -1,3 +1,4 @@
+---
 # Lint directives.
 lint:
   # Linter rules.

@@ -1,3 +1,4 @@
+---
 name-template: "v$RESOLVED_VERSION"
 tag-template: "v$RESOLVED_VERSION"
 template: |

@@ -81,7 +81,7 @@ jobs:
         with:
           context: .
           file: Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=auto_update_${{ github.sha }}

@@ -104,7 +104,7 @@ jobs:
         with:
           context: .
           file: flavors/${{ matrix.flavor }}/Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=${{ github.sha }}

@@ -111,7 +111,7 @@ jobs:
         with:
           context: .
           file: Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=${{ github.sha }}

@@ -122,7 +122,7 @@ jobs:
         with:
           context: .
           file: flavors/${{ matrix.flavor }}/Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=${{ github.sha }}

@@ -233,7 +233,7 @@ jobs:
         with:
           context: .
           file: linters/${{ matrix.linter }}/Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=${{ github.sha }}

@@ -127,7 +127,7 @@ jobs:
         with:
           context: .
           file: Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ env.BUILD_DATE }}
             BUILD_REVISION=${{ github.sha }}

@@ -165,7 +165,7 @@ jobs:
             "yaml_v8r",
           ]
 # linters-end
-        platform: ['linux/amd64']
+        platform: ['linux/amd64', 'linux/arm64']
     # Only run this on the main repo
     if: |
         (

@@ -53,6 +53,14 @@ jobs:
     # Set the agent to run on
     runs-on: ubuntu-latest
     permissions: read-all
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    env:
+      # If using Docker Hub, trivy would need to have docker.io as prefix
+      REGISTRY_PREFIX: localhost:5000
     # Prevent duplicate run from happening when a forked push is committed
     if: (github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository) && !contains(github.event.head_commit.message, 'skip deploy')
     # Set max build time for the job
@@ -80,13 +88,15 @@ jobs:
         id: meta
         with:
           images: |
-            ${{ github.repository }}
+            ${{ env.REGISTRY_PREFIX }}/${{ github.repository }}
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host
 
       ###################################
       # Build image locally for testing #
@@ -98,14 +108,13 @@ jobs:
         with:
           context: .
           file: Dockerfile-quick
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
             BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
             BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
             MEGA_LINTER_BASE_IMAGE="oxsecurity/megalinter:beta"
-          load: true
-          push: false
+          push: true
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           tags: ${{ steps.meta.outputs.tags }}
@@ -127,13 +136,12 @@ jobs:
         with:
           context: .
           file: Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
             BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
             BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
-          load: true
-          push: false
+          push: true
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           tags: ${{ steps.meta.outputs.tags }}
@@ -154,13 +162,12 @@ jobs:
         with:
           context: .
           file: Dockerfile
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           build-args: |
             BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
             BUILD_VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
             BUILD_REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
-          load: true
-          push: false
+          push: true
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
           tags: ${{ steps.meta.outputs.tags }}

@@ -1,3 +1,4 @@
+---
 # Configuration file for MegaLinter
 # See all available variables at https://megalinter.io/configuration/ and in linters documentation
 

@@ -62,17 +62,27 @@ FROM alpine/terragrunt:latest as terragrunt
 ##################
 # Get base image #
 ##################
+# https://stackoverflow.com/a/73711302/699056
+FROM multiarch/qemu-user-static:x86_64-aarch64 as qemu
+
 FROM python:3.12.3-alpine3.19
 
+# https://stackoverflow.com/a/73711302/699056
+COPY --from=qemu /usr/bin/qemu-aarch64-static /usr/bin/
+# https://stackoverflow.com/a/73711302/699056
+RUN apk add --update --no-cache libc6-compat \
+                     gcompat \
+                     qemu-x86_64
+
 #############################################################################################
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #ARG__START
+ARG TARGETPLATFORM
 ARG ARM_TTK_NAME='master.zip'
 ARG ARM_TTK_URI='https://github.com/Azure/arm-ttk/archive/master.zip'
 ARG ARM_TTK_DIRECTORY='/opt/microsoft'
 ARG BICEP_EXE='bicep'
-ARG BICEP_URI='https://github.com/Azure/bicep/releases/latest/download/bicep-linux-musl-x64'
 ARG BICEP_DIR='/usr/local/bin'
 ARG DART_VERSION='2.8.4'
 # renovate: datasource=github-tags depName=pmd/pmd extractVersion=^pmd_releases/(?<version>.*)$
@@ -351,11 +361,15 @@ COPY --link --from=terragrunt /bin/terraform /usr/bin/
 #OTHER__START
 RUN rc-update add docker boot && rc-service docker start || true \
 # ARM installation
-    && curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
-    && mkdir -p /opt/microsoft/powershell/7 \
-    && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
-    && chmod +x /opt/microsoft/powershell/7/pwsh \
-    && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
+    && case ${TARGETPLATFORM} in \
+  "linux/amd64")  POWERSHELL_ARCH=musl-x64 ;; \
+  "linux/arm64")  POWERSHELL_ARCH=arm64    ;; \
+esac \
+&& curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-${POWERSHELL_ARCH}.tar.gz -o /tmp/powershell.tar.gz \
+&& mkdir -p /opt/microsoft/powershell/7 \
+&& tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
+&& chmod +x /opt/microsoft/powershell/7/pwsh \
+&& ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
 
 
 # CLOJURE installation
@@ -479,11 +493,15 @@ ENV PATH="/root/.composer/vendor/bin:${PATH}"
 
 # POWERSHELL installation
 # Next line commented because already managed by another linter
-# RUN curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz \
-#     && mkdir -p /opt/microsoft/powershell/7 \
-#     && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
-#     && chmod +x /opt/microsoft/powershell/7/pwsh \
-#     && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
+# RUN case ${TARGETPLATFORM} in \
+#   "linux/amd64")  POWERSHELL_ARCH=musl-x64 ;; \
+#   "linux/arm64")  POWERSHELL_ARCH=arm64    ;; \
+# esac \
+# && curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.4.2/powershell-7.4.2-linux-${POWERSHELL_ARCH}.tar.gz -o /tmp/powershell.tar.gz \
+# && mkdir -p /opt/microsoft/powershell/7 \
+# && tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \
+# && chmod +x /opt/microsoft/powershell/7/pwsh \
+# && ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
 
 # SALESFORCE installation
 # Next line commented because already managed by another linter
@@ -535,9 +553,13 @@ RUN curl --retry 5 --retry-delay 5 -sLO "${ARM_TTK_URI}" \
 # Managed with COPY --link --from=shfmt /bin/shfmt /usr/bin/
 
 # bicep_linter installation
-    && curl --retry 5 --retry-delay 5 -sLo ${BICEP_EXE} "${BICEP_URI}" \
-    && chmod +x "${BICEP_EXE}" \
-    && mv "${BICEP_EXE}" "${BICEP_DIR}" \
+    && case ${TARGETPLATFORM} in \
+  "linux/amd64")  POWERSHELL_ARCH=musl-x64 ;; \
+  "linux/arm64")  POWERSHELL_ARCH=arm64    ;; \
+esac \
+&& curl --retry 5 --retry-delay 5 -sLo ${BICEP_EXE} "https://github.com/Azure/bicep/releases/latest/download/bicep-linux-${POWERSHELL_ARCH}" \
+&& chmod +x "${BICEP_EXE}" \
+&& mv "${BICEP_EXE}" "${BICEP_DIR}" \
 
 # clj-kondo installation
     && curl --retry 5 --retry-delay 5 -sLO https://raw.githubusercontent.com/clj-kondo/clj-kondo/master/script/install-clj-kondo \
@@ -551,10 +573,14 @@ RUN curl --retry 5 --retry-delay 5 -sLO "${ARM_TTK_URI}" \
     && dotnet tool install -g roslynator.dotnet.cli \
 
 # dartanalyzer installation
-    && wget --tries=5 https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-x64-release.zip -O - -q | unzip -q - \
-    && chmod +x dart-sdk/bin/dart* \
-    && mv dart-sdk/bin/* /usr/bin/ && mv dart-sdk/lib/* /usr/lib/ && mv dart-sdk/include/* /usr/include/ \
-    && rm -r dart-sdk/ \
+    && case ${TARGETPLATFORM} in \
+  "linux/amd64")  DART_ARCH=x64   ;; \
+  "linux/arm64")  DART_ARCH=arm64 ;; \
+esac \
+&& wget --tries=5 https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${DART_ARCH}-release.zip -O - -q | unzip -q - \
+&& chmod +x dart-sdk/bin/dart* \
+&& mv dart-sdk/bin/* /usr/bin/ && mv dart-sdk/lib/* /usr/lib/ && mv dart-sdk/include/* /usr/include/ \
+&& rm -r dart-sdk/ \
 
 # hadolint installation
 # Managed with COPY --link --from=hadolint /bin/hadolint /usr/bin/hadolint
-Original file line number
+Diff line change
@@ -1,3 +1,4 @@
+    ---
     ignored:
       - DL3007
       - DL3016
@@ Expand Down @@