diff --git a/.github/workflows/analysis-scorecard.yaml b/.github/workflows/analysis-scorecard.yaml index 32c97f7a..23676d22 100644 --- a/.github/workflows/analysis-scorecard.yaml +++ b/.github/workflows/analysis-scorecard.yaml @@ -3,7 +3,7 @@ name: OpenSSF Scorecard on: branch_protection_rule: push: - branches: [ main ] + branches: [main] schedule: - cron: '30 0 * * 5' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 350a499a..40fb7822 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,7 +2,7 @@ name: CI on: push: - branches: [ main ] + branches: [main] pull_request: permissions: @@ -79,7 +79,7 @@ jobs: run: nix develop --impure .#ci - name: Lint - run: nix develop --impure .#ci -c make lint + run: nix develop --impure .#ci -c make lint -j license-check: name: License check @@ -167,7 +167,7 @@ jobs: needs: [artifacts] strategy: matrix: - k8s_version: ["v1.24.13", "v1.25.9", "v1.26.4", "v1.27.1" ] + k8s_version: ["v1.24.13", "v1.25.9", "v1.26.4", "v1.27.1"] # vault_version: ["1.10.11", "1.11.10", "1.12.6", "1.13.2"] steps: diff --git a/.gitignore b/.gitignore index 50face93..5a3cd4b3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,51 +1,6 @@ -# Binaries for programs and plugins -*.exe -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -/.licensei.cache - -./bank-vaults - -# Operator -operator/build/_output/bin/* -operator/vendor -operator/go.mod -operator/go.sum - -/vendor/ - -/.licensei.cache -bin/* -/build/ -/bin/ - -# Helm -**/*.tgz -**/*.lock -!flake.lock - -# Certificates -*.csr -*.pem - -vault-config.yaml - -# goreleaser -dist/ - -# Vault configs -*.hcl - -# VS Code config -.vscode/ - /.devenv/ /.direnv/ +/.pre-commit-config.yaml +/bin/ +/build/ +/tmp/ diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 00000000..eee9f9be --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +ignored: + - DL3018 + - DL3059 diff --git a/.yamlignore b/.yamlignore new file mode 100644 index 00000000..ac0593e1 --- /dev/null +++ b/.yamlignore @@ -0,0 +1,3 @@ +/deploy/ +/e2e/deploy/ +/e2e/test/ diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 00000000..bac19ce1 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,6 @@ +ignore-from-file: [.gitignore, .yamlignore] + +extends: default + +rules: + line-length: disable diff --git a/Makefile b/Makefile index 81a8c76d..c6414c34 100644 --- a/Makefile +++ b/Makefile @@ -72,8 +72,24 @@ test-e2e-local: container-image ## Run e2e tests locally LOAD_IMAGE=${CONTAINER_IMAGE_REF} WEBHOOK_VERSION=dev ${MAKE} test-e2e .PHONY: lint +lint: lint-go lint-helm lint-docker lint-yaml lint: ## Run linter - golangci-lint run ${LINT_ARGS} + +.PHONY: lint-go +lint-go: + golangci-lint run $(if ${CI},--out-format github-actions,) + +.PHONY: lint-helm +lint-helm: + helm lint deploy/charts/vault-secrets-webhook + +.PHONY: lint-docker +lint-docker: + hadolint Dockerfile + +.PHONY: lint-yaml +lint-yaml: + yamllint $(if ${CI},-f github,) --no-warnings . .PHONY: fmt fmt: ## Format code @@ -121,4 +137,4 @@ bin/helm-docs: .PHONY: help .DEFAULT_GOAL := help help: - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}' + @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' diff --git a/flake.nix b/flake.nix index 0a0a962a..10a9e0f6 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,12 @@ vault.enable = true; }; + pre-commit.hooks = { + nixpkgs-fmt.enable = true; + yamllint.enable = true; + hadolint.enable = true; + }; + packages = with pkgs; [ gnumake @@ -36,6 +42,9 @@ kustomize kubernetes-helm helm-docs + + yamllint + hadolint ] ++ [ self'.packages.licensei ];