From 0afce663912858335b33a467d2e5e303b985c1b8 Mon Sep 17 00:00:00 2001
From: Ben Mangold <benmangold@gmail.com>
Date: Wed, 1 Sep 2021 14:00:52 -0400
Subject: [PATCH] preflight

---
 .dockerignore                |  3 ++-
 .gitignore                   |  3 ++-
 Makefile                     |  4 +++-
 scripts/install-dive.sh      | 13 ++++++++++---
 scripts/install-goss.sh      | 18 ++++++++++++++++--
 scripts/install-preflight.sh | 17 +++++++++++++++++
 scripts/install-snyk.sh      |  9 +++++++++
 7 files changed, 59 insertions(+), 8 deletions(-)
 create mode 100755 scripts/install-preflight.sh

diff --git a/.dockerignore b/.dockerignore
index ad71145..809613d 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,4 @@
 dgoss
 goss
-snyk
\ No newline at end of file
+snyk
+preflight
diff --git a/.gitignore b/.gitignore
index ad71145..809613d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 dgoss
 goss
-snyk
\ No newline at end of file
+snyk
+preflight
diff --git a/Makefile b/Makefile
index 5ff2da6..0410cd3 100644
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@
 ci: install build-image test
 
 # install testing dependencies
-install: install-goss install-dive install-snyk
+install: install-preflight install-goss install-dive install-snyk
 
 test: test-goss test-dive test-snyk
 
@@ -23,6 +23,8 @@ install-dive:
 install-snyk:
 	./scripts/install-snyk.sh
 
+install-preflight:
+	./scripts/install-preflight.sh
 
 # commands to run tests and scans on `test` image
 test-goss:
diff --git a/scripts/install-dive.sh b/scripts/install-dive.sh
index 58b885e..89ffc85 100755
--- a/scripts/install-dive.sh
+++ b/scripts/install-dive.sh
@@ -1,6 +1,13 @@
 #! /bin/bash
 
-curl -L https://github.com/wagoodman/dive/releases/download/v0.9.2/dive_0.9.2_linux_amd64.deb -o dive_0.9.2_linux_amd64.deb
-sudo apt install ./dive_0.9.2_linux_amd64.deb
+# Dive Debian package installation.  MacOSX installs Dive via `brew install dive`.
 
-rm dive_0.9.2_linux_amd64.deb
\ No newline at end of file
+export CHECKSUM=$(curl -L https://github.com/wagoodman/dive/releases/download/v0.10.0/dive_0.10.0_checksums.txt | grep linux_amd64.deb)
+
+curl -L https://github.com/wagoodman/dive/releases/download/v0.10.0/dive_0.10.0_linux_amd64.deb -o dive_0.10.0_linux_amd64.deb
+
+./preflight check sha256=$CHECKSUM dive_0.10.0_linux_amd64.deb
+
+sudo apt install ./dive_0.10.0_linux_amd64.deb
+
+rm dive_0.10.0_linux_amd64.deb
diff --git a/scripts/install-goss.sh b/scripts/install-goss.sh
index b03ab7a..87962f8 100755
--- a/scripts/install-goss.sh
+++ b/scripts/install-goss.sh
@@ -1,7 +1,21 @@
 #! /bin/bash
 
-curl -L https://raw.githubusercontent.com/aelsabbahy/goss/master/extras/dgoss/dgoss -o dgoss
-chmod +rx dgoss
+# Goss Binary installation to $PWD
+
+export GOSS_CHECKSUM=$(curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64.sha256 | head -n1 | cut -d " " -f1 )
 
 curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o goss
+
+./preflight check sha256=$GOSS_CHECKSUM goss
+
 chmod +rx goss
+
+# DGoss Binary installation to $PWD
+
+export DGOSS_CHECKSUM=$(curl -L https://github.com/aelsabbahy/goss/releases/latest/download/dgoss.sha256 | head -n1 | cut -d " " -f1 )
+
+curl -L https://github.com/aelsabbahy/goss/releases/latest/download/dgoss -o dgoss
+
+./preflight check sha256=$DGOSS_CHECKSUM dgoss
+
+chmod +rx dgoss
diff --git a/scripts/install-preflight.sh b/scripts/install-preflight.sh
new file mode 100755
index 0000000..a5c0b97
--- /dev/null
+++ b/scripts/install-preflight.sh
@@ -0,0 +1,17 @@
+#! /bin/bash
+
+# Preflight binary installation to $PWD
+
+mkdir .tmp_preflight
+
+curl -L https://github.com/SpectralOps/preflight/releases/download/v1.1.4/preflight_1.1.4_Linux_arm64.tar.gz -o .tmp_preflight/preflight_1.1.4_Linux_x86_64.tar.gz
+
+cd .tmp_preflight/
+tar -xvf preflight_1.1.4_Linux_x86_64.tar.gz
+cd ..
+
+cp ./.tmp_preflight/preflight preflight
+
+ls .tmp_preflight
+
+rm -rf .tmp_preflight/
diff --git a/scripts/install-snyk.sh b/scripts/install-snyk.sh
index 28ce1fe..2347b50 100755
--- a/scripts/install-snyk.sh
+++ b/scripts/install-snyk.sh
@@ -1,2 +1,11 @@
+#! /bin/bash
+
+# Snyk binary installation to $PWD
+
+export CHECKSUM=$(curl -L https://github.com/snyk/snyk/releases/latest/download/snyk-linux.sha256 | head -n1 | cut -d " " -f1)
+
 curl -L https://github.com/snyk/snyk/releases/latest/download/snyk-linux -o snyk
+
+./preflight check sha256=$CHECKSUM snyk 
+
 chmod +rx snyk