From 5c1518cdeca9775fa443edb677435b270768a9e6 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Wed, 14 Jun 2023 20:46:48 +0200 Subject: [PATCH 1/2] build: add yamllint Signed-off-by: Mark Sagi-Kazar --- .github/workflows/analysis-scorecard.yaml | 2 +- .github/workflows/ci.yaml | 6 +-- .gitignore | 53 ++--------------------- .yamlignore | 3 ++ .yamllint.yaml | 6 +++ Makefile | 16 ++++++- flake.nix | 7 +++ 7 files changed, 38 insertions(+), 55 deletions(-) create mode 100644 .yamlignore create mode 100644 .yamllint.yaml diff --git a/.github/workflows/analysis-scorecard.yaml b/.github/workflows/analysis-scorecard.yaml index 32c97f7a..23676d22 100644 --- a/.github/workflows/analysis-scorecard.yaml +++ b/.github/workflows/analysis-scorecard.yaml @@ -3,7 +3,7 @@ name: OpenSSF Scorecard on: branch_protection_rule: push: - branches: [ main ] + branches: [main] schedule: - cron: '30 0 * * 5' diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 350a499a..40fb7822 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,7 +2,7 @@ name: CI on: push: - branches: [ main ] + branches: [main] pull_request: permissions: @@ -79,7 +79,7 @@ jobs: run: nix develop --impure .#ci - name: Lint - run: nix develop --impure .#ci -c make lint + run: nix develop --impure .#ci -c make lint -j license-check: name: License check @@ -167,7 +167,7 @@ jobs: needs: [artifacts] strategy: matrix: - k8s_version: ["v1.24.13", "v1.25.9", "v1.26.4", "v1.27.1" ] + k8s_version: ["v1.24.13", "v1.25.9", "v1.26.4", "v1.27.1"] # vault_version: ["1.10.11", "1.11.10", "1.12.6", "1.13.2"] steps: diff --git a/.gitignore b/.gitignore index 50face93..5a3cd4b3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,51 +1,6 @@ -# Binaries for programs and plugins -*.exe -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -/.licensei.cache - -./bank-vaults - -# Operator -operator/build/_output/bin/* -operator/vendor -operator/go.mod -operator/go.sum - -/vendor/ - -/.licensei.cache -bin/* -/build/ -/bin/ - -# Helm -**/*.tgz -**/*.lock -!flake.lock - -# Certificates -*.csr -*.pem - -vault-config.yaml - -# goreleaser -dist/ - -# Vault configs -*.hcl - -# VS Code config -.vscode/ - /.devenv/ /.direnv/ +/.pre-commit-config.yaml +/bin/ +/build/ +/tmp/ diff --git a/.yamlignore b/.yamlignore new file mode 100644 index 00000000..ac0593e1 --- /dev/null +++ b/.yamlignore @@ -0,0 +1,3 @@ +/deploy/ +/e2e/deploy/ +/e2e/test/ diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 00000000..bac19ce1 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,6 @@ +ignore-from-file: [.gitignore, .yamlignore] + +extends: default + +rules: + line-length: disable diff --git a/Makefile b/Makefile index 81a8c76d..c7828c2f 100644 --- a/Makefile +++ b/Makefile @@ -72,8 +72,20 @@ test-e2e-local: container-image ## Run e2e tests locally LOAD_IMAGE=${CONTAINER_IMAGE_REF} WEBHOOK_VERSION=dev ${MAKE} test-e2e .PHONY: lint +lint: lint-go lint-helm lint-yaml lint: ## Run linter - golangci-lint run ${LINT_ARGS} + +.PHONY: lint-go +lint-go: + golangci-lint run $(if ${CI},--out-format github-actions,) + +.PHONY: lint-helm +lint-helm: + helm lint deploy/charts/vault-secrets-webhook + +.PHONY: lint-yaml +lint-yaml: + yamllint $(if ${CI},-f github,) --no-warnings . .PHONY: fmt fmt: ## Format code @@ -121,4 +133,4 @@ bin/helm-docs: .PHONY: help .DEFAULT_GOAL := help help: - @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-10s\033[0m %s\n", $$1, $$2}' + @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' diff --git a/flake.nix b/flake.nix index 0a0a962a..9340c9c5 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,11 @@ vault.enable = true; }; + pre-commit.hooks = { + nixpkgs-fmt.enable = true; + yamllint.enable = true; + }; + packages = with pkgs; [ gnumake @@ -36,6 +41,8 @@ kustomize kubernetes-helm helm-docs + + yamllint ] ++ [ self'.packages.licensei ]; From f296ee3e279a69aff85a47afd55e5b1dc8c65259 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 15 Jun 2023 00:47:16 +0200 Subject: [PATCH 2/2] build: add hadolint Signed-off-by: Mark Sagi-Kazar --- .hadolint.yaml | 3 +++ Makefile | 6 +++++- flake.nix | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 .hadolint.yaml diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 00000000..eee9f9be --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,3 @@ +ignored: + - DL3018 + - DL3059 diff --git a/Makefile b/Makefile index c7828c2f..c6414c34 100644 --- a/Makefile +++ b/Makefile @@ -72,7 +72,7 @@ test-e2e-local: container-image ## Run e2e tests locally LOAD_IMAGE=${CONTAINER_IMAGE_REF} WEBHOOK_VERSION=dev ${MAKE} test-e2e .PHONY: lint -lint: lint-go lint-helm lint-yaml +lint: lint-go lint-helm lint-docker lint-yaml lint: ## Run linter .PHONY: lint-go @@ -83,6 +83,10 @@ lint-go: lint-helm: helm lint deploy/charts/vault-secrets-webhook +.PHONY: lint-docker +lint-docker: + hadolint Dockerfile + .PHONY: lint-yaml lint-yaml: yamllint $(if ${CI},-f github,) --no-warnings . diff --git a/flake.nix b/flake.nix index 9340c9c5..10a9e0f6 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,7 @@ pre-commit.hooks = { nixpkgs-fmt.enable = true; yamllint.enable = true; + hadolint.enable = true; }; packages = with pkgs; [ @@ -43,6 +44,7 @@ helm-docs yamllint + hadolint ] ++ [ self'.packages.licensei ];