wrap trufflehog and add 'write to file' entrypoint'

Author: northdpole

components/scanners/trufflehog/README.md

@@ -24,21 +24,3 @@ as the following:
 
 The `trufflehog.json` file used in tests was generated with the following steps:
 
-* Cloning:
-
-```shell
-git clone https://github.com/smithy-security/e2e-monorepo
-```
-
-* Running trufflehog
-
-```shell
-docker run \
-    --rm -it -v "$PWD:/pwd" \
-     trufflesecurity/trufflehog:latest \
-     filesystem --json \
-     --no-fail \
-     --no-update \
-     --log-level=-1 \
-     --directory="/pwd"
-```

components/scanners/trufflehog/component.yaml

@@ -6,6 +6,16 @@ parameters:
     type: "string"
     value: "TARGET_TYPE_REPOSITORY"
 steps:
+  - name: "run-trufflehog"
+    image:  "components/scanners/trufflehog/scanner"
+    executable: /smithy_entrypoint.sh
+    env_vars:
+      RAW_OUT_FILE: "{{ scratchWorkspace }}/trufflehog.json"
+    args:
+      - filesystem
+      - --json
+      - --no-fail
+      - --directory="{{sourceCodeWorkspace}}"
   - name: "secret-scanner"
     image: "components/scanners/trufflehog"
     executable: "/bin/app"

components/scanners/trufflehog/scanner/Dockerfile

@@ -0,0 +1,5 @@
+FROM ghcr.io/trufflesecurity/trufflehog:3.88.23
+
+COPY smithy_entrypoint.sh /smithy_entrypoint.sh
+RUN chmod +x /smithy_entrypoint.sh
+ENTRYPOINT [ "/smithy_entrypoint.sh" ]

components/scanners/trufflehog/scanner/Makefile

@@ -0,0 +1,13 @@
+.PHONY: image
+
+BUILD_ARCHITECTURE=
+COMPONENT_REGISTRY=
+COMPONENT_REPOSITORY=
+COMPONENT_TAG=
+BUILD_LABELS=
+
+image:
+	docker build $$([ "${BUILD_ARCHITECTURE}" != "" ] && echo "--platform=${BUILD_ARCHITECTURE}" ) \
+				 --label "$(BUILD_LABELS)" \
+				 --tag $(COMPONENT_REGISTRY)/$(COMPONENT_REPOSITORY):$(COMPONENT_TAG) \
+				 --file Dockerfile .

components/scanners/trufflehog/scanner/smithy_entrypoint.sh

@@ -0,0 +1,5 @@
+#! /bin/sh
+set -xe
+
+echo "Running trufflehog with args {$@} sending output to ${RAW_OUT_FILE}" 
+/etc/entrypoint.sh $@ | tee ${RAW_OUT_FILE}