✨ Update to cnspec v9 (#132)

Signed-off-by: Christian Zunker <[email protected]>
Signed-off-by: Scott Ford <[email protected]>
Co-authored-by: Scott Ford <[email protected]>

.github/env

@@ -0,0 +1 @@
+golang-version=1.21.3

.github/workflows/pr-test-lint.yaml

@@ -8,9 +8,6 @@ on:
       - '**.mod'
       - 'go.sum'
 
-env:
-  GO_VERSION: '1.20'
-
 jobs:
   goreleaser:
     runs-on: self-hosted
@@ -22,10 +19,12 @@ jobs:
         uses: actions/checkout@v4
       - name: Unshallow
         run: git fetch --prune --unshallow
+      - name: Import environment variables from file
+        run: cat ".github/env" >> $GITHUB_ENV
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version: ">=${{ env.golang-version }}"
           cache: false
       - name: Check go mod
         run: |

.github/workflows/release.yaml

@@ -17,10 +17,12 @@ jobs:
         uses: actions/checkout@v4
       - name: Unshallow
         run: git fetch --prune --unshallow
+      - name: Import environment variables from file
+        run: cat ".github/env" >> $GITHUB_ENV
       - name: Set up Go
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: ">=${{ env.golang-version }}"
           cache: false
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v5

Makefile

@@ -5,14 +5,46 @@ COUNT?=1
 TEST?=$(shell go list ./...)
 HASHICORP_PACKER_PLUGIN_SDK_VERSION?=$(shell go list -m github.com/hashicorp/packer-plugin-sdk | cut -d " " -f2)
 
+ifndef LATEST_VERSION_TAG
+# echo "read LATEST_VERSION_TAG from git"
+LATEST_VERSION_TAG=$(shell git describe --abbrev=0 --tags)
+endif
+
+ifndef MANIFEST_VERSION
+# echo "read MANIFEST_VERSION from git"
+MANIFEST_VERSION=$(shell git describe --abbrev=0 --tags)
+endif
+
+ifndef TAG
+# echo "read TAG from git"
+TAG=$(shell git log --pretty=format:'%h' -n 1)
+endif
+
+ifndef VERSION
+# echo "read VERSION from git"
+VERSION=${LATEST_VERSION_TAG}+$(shell git rev-list --count HEAD)
+endif
+
 .PHONY: dev
 
 build:
-	CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=0.0.0 -X go.mondoo.com/packer-plugin-cnspec/version.Build=dev"
+	CGO_ENABLED=0 go build -o ${BINARY} -ldflags="-X go.mondoo.com/packer-plugin-cnspec/version.Version=${VERSION} -X go.mondoo.com/packer-plugin-cnspec/version.Build=${TAG}"
 
 dev: build
 	@mkdir -p ~/.packer.d/plugins/
 	@mv ${BINARY} ~/.packer.d/plugins/${BINARY}
+
+.PHONY: dev/linux
+dev/linux: build
+	@mkdir -p ~/.packer.d/plugins/github.com/mondoohq/cnspec/
+	@mv ${BINARY} ~/.packer.d/plugins/github.com/mondoohq/cnspec/${BINARY}_v${VERSION}_x5.0_linux_amd64
+	@cat ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64 | sha256sum -z --tag | cut -d"=" -f2 | tr -d " " > ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_x5.0_linux_amd64_SHA256SUM
+
+.PHONY: dev/macos
+dev/macos: build
+	@mkdir -p ~/.packer.d/plugins/github.com/mondoohq/cnspec/
+	@mv ${BINARY} ~/.packer.d/plugins/github.com/mondoohq/cnspec/${BINARY}_v${VERSION}_macos_amd64
+	@cat ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_macos_amd64 | shasum --tag | cut -d"=" -f2 | tr -d " " > ~/.packer.d/plugins/github.com/mondoohq/cnspec/packer-plugin-cnspec_v${VERSION}_macos_amd64_SHA256SUM
 
 test:
 	@go test -race -count $(COUNT) $(TEST) -timeout=3m

README.md

@@ -17,7 +17,7 @@ Packer plugin cnspec is designed to work in one of two modes:
 
 Check out the Packer tutorials on the Mondoo documentation site:
 
-- [Building secure AMIs with Mondoo and Packer]([https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
+- [Building secure AMIs with Mondoo and Packer](https://mondoo.com/docs/cnspec/cnspec-aws/cnspec-aws-packer/)
 - [Building secure VM images in Google Cloud with cnspec and HashiCorp Packer](https://mondoo.com/docs/cnspec/cnspec-gcp/cnspec-gcp-packer/) 
 
 # Installation
@@ -31,7 +31,7 @@ To install this plugin, copy and paste this code into your Packer configuration
 packer {
   required_plugins {
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/custom-policybundle/docker-ubuntu.pkr.hcl

@@ -8,7 +8,7 @@ packer {
       source  = "github.com/hashicorp/docker"
     }
     cnspec = {
-      version = ">= 8.0.0"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-aws/amazon-linux-2.pkr.hcl

@@ -9,7 +9,7 @@ packer {
       source  = "github.com/hashicorp/amazon"
     }
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-aws/ubuntu-2004.pkr.hcl

@@ -8,7 +8,7 @@ packer {
       source  = "github.com/hashicorp/amazon"
     }
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-aws/ubuntu-2204.pkr.hcl

@@ -8,7 +8,7 @@ packer {
       source  = "github.com/hashicorp/amazon"
     }
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-aws/windows-2019.pkr.hcl

@@ -8,7 +8,7 @@ packer {
       source  = "github.com/hashicorp/amazon"
     }
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-docker/docker-ubuntu.pkr.hcl

@@ -0,0 +1,49 @@
+# Copyright (c) Mondoo, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+packer {
+  required_plugins {
+    docker = {
+      version = ">= 0.0.7"
+      source = "github.com/hashicorp/docker"
+    }
+    cnspec = {
+      version = ">= 9.0.0"
+      source  = "github.com/mondoohq/cnspec"
+    }
+  }
+}
+
+variable "image_prefix" {
+  type        = string
+  description = "Prefix to be applied to image name"
+  default     = "mondoo-gcp-ubuntu-2004-secure-base"
+}
+
+locals { timestamp = regex_replace(timestamp(), "[- TZ:]", "") }
+
+source "docker" "ubuntu" {
+  image  = "ubuntu:jammy"
+  commit = true
+}
+
+build {
+  name    = "mondoo-docker-ubuntu-2204-secure-base"
+  sources = [
+    "source.docker.ubuntu"
+  ]
+
+  provisioner "shell" {
+    inline = [
+      "echo \"${var.image_prefix}-${local.timestamp}\" > /etc/hostname",
+    ]
+  }
+
+  provisioner "cnspec" {
+    on_failure = "continue"
+    asset_name = "${var.image_prefix}-${local.timestamp}"
+    annotations = {
+      Name          = "${var.image_prefix}-${local.timestamp}"
+    }
+  }
+}

examples/packer-gcp/ubuntu2004.pkr.hcl

@@ -8,7 +8,7 @@ packer {
       source  = "github.com/hashicorp/googlecompute"
     }
     cnspec = {
-      version = ">= 6.1.3"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-vsphere/centos7/centos-7-x86_64.vsphere.pkr.hcl

@@ -13,7 +13,7 @@ packer {
       source  = "github.com/hashicorp/vsphere"
     }
     cnspec = {
-      version = ">= v6.1.4"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }

examples/packer-vsphere/rocky8/rocky-8.pkr.hcl

@@ -21,7 +21,7 @@ packer {
       source  = "github.com/hashicorp/vsphere"
     }
     cnspec = {
-      version = ">= v6.1.4"
+      version = ">= 9.0.0"
       source  = "github.com/mondoohq/cnspec"
     }
   }