这是indexloc提供的服务,不要输入任何密码
Skip to content
/ ghat Public

Ghat is a tool for updating your GitHub actions and Terraform with the latest version of it dependencies and using immutable hashes instead of mutable tags.

License

Apache-2.0 license
26 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JamesWoolfenden/ghat

BranchesTags

Repository files navigation

ghat

alt text

Maintenance Build Status Latest Release GitHub tag (latest SemVer) Terraform Version pre-commit checkov Github All Releases

Ghat is a tool (GHAT) for updating dependencies in a GHA - GitHub Action. It replaces insecure mutable tags with immutable commit hashes as well as using the latest released version:

   ## sets up go based on the version
      - name: Install Go
        uses: actions/setup-go@v4.0.1
        with:
          go-version: ${{ matrix.go-version }}

      ## checks out our code locally, so we can work with the files
      - name: Checkout code
        uses: actions/checkout@v3.5.3

Becomes

      ## sets up go based on the version
      - name: Install Go
        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        with:
          go-version: ${{ matrix.go-version }}

      ## checks out our code locally, so we can work with the files
      - name: Checkout code
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

Ghat will use your Github creds, if available, from your environment using the environmental variables GITHUB_TOKEN or GITHUB_API, but it can also drop back to anonymous access, the drawback is that this is severely rate limited by gitHub.

Table of Contents

Install

Download the latest binary here:

https://github.com/JamesWoolfenden/ghat/releases

Install from code:

  • Clone repo
  • Run go install

Install remotely:

go install  github.com/jameswoolfenden/ghat@latest

MacOS

brew tap jameswoolfenden/homebrew-tap
brew install jameswoolfenden/tap/ghat

Windows

I'm now using Scoop to distribute releases, it's much quicker to update and easier to manage than previous methods, you can install scoop from https://scoop.sh/.

Add my scoop bucket:

scoop bucket add iac https://github.com/JamesWoolfenden/scoop.git

Then you can install a tool:

scoop install ghat

Docker

docker pull jameswoolfenden/ghat
docker run --tty --volume /local/path/to/tf:/tf jameswoolfenden/ghat scan -d /tf

https://hub.docker.com/repository/docker/jameswoolfenden/ghat

Usage

To authenticate the GitHub Api you will need to set you GitHub Personal Access Token as the environment variable GITHUB_API

Help

./ghat -h
NAME:
   ghat - Update GHA dependencies

USAGE:
   ghat [global options] command [command options] [arguments...]

VERSION:
   9.9.9

AUTHOR:
   James Woolfenden <jim.wolf@duck.com>

COMMANDS:
   swot, a     updates GHA in a directory
   version, v  Outputs the application version
   help, h     Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help
   --version, -v  print the version

Building

go build

or

Make build

Extending

About

Ghat is a tool for updating your GitHub actions and Terraform with the latest version of it dependencies and using immutable hashes instead of mutable tags.

Topics

terraform iac hashes cicd github-actions

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

26 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 32

v0.1.13 Latest
Dec 9, 2024
+ 31 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages