microsoft/hve-core
Publicmirrored fromhttps://github.com/microsoft/hve-coreAvailable
.devcontainer/scripts/on-create.sh
34lines · modecode
| 1 | #!/usr/bin/env bash |
| 2 | # Copyright (c) Microsoft Corporation. |
| 3 | # SPDX-License-Identifier: MIT |
| 4 | # |
| 5 | # on-create.sh |
| 6 | # Install system dependencies for HVE Core development container |
| 7 | |
| 8 | set -euo pipefail |
| 9 | |
| 10 | main() { |
| 11 | echo "Installing system dependencies..." |
| 12 | |
| 13 | sudo apt update |
| 14 | sudo apt install -y shellcheck |
| 15 | |
| 16 | # Dependencies are pinned for stability. Dependabot and security workflows manage updates. |
| 17 | echo "Installing gitleaks..." |
| 18 | # Download gitleaks tarball and verify checksum before extracting |
| 19 | EXPECTED_SHA256="6298c9235dfc9278c14b28afd9b7fa4e6f4a289cb1974bd27949fc1e9122bdee" |
| 20 | curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.18.2/gitleaks_8.18.2_linux_x64.tar.gz -o /tmp/gitleaks.tar.gz |
| 21 | |
| 22 | echo "Checking gitleaks tarball integrity..." |
| 23 | if ! echo "${EXPECTED_SHA256} /tmp/gitleaks.tar.gz" | sha256sum -c --quiet -; then |
| 24 | echo "ERROR: SHA256 checksum verification failed for gitleaks tarball" >&2 |
| 25 | rm /tmp/gitleaks.tar.gz |
| 26 | exit 1 |
| 27 | fi |
| 28 | sudo tar -xzf /tmp/gitleaks.tar.gz -C /usr/local/bin gitleaks |
| 29 | rm /tmp/gitleaks.tar.gz |
| 30 | |
| 31 | echo "System dependencies installed successfully" |
| 32 | } |
| 33 | |
| 34 | main "$@" |
| 35 | |