From f69420d0490a53039e74c192e30b344b9672dc6a Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Fri, 28 Jun 2024 17:43:43 +0100 Subject: [PATCH 1/3] Consolidate linters with super-linter + enable actionlint. This gets rid of a lot of ugly glue that we'd otherwise have to continue maintaining ourselves. Enable the linters we we running before, plus actionlint. --- .github/workflows/lint.yaml | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 5c031dc..862328d 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,23 +1,28 @@ -name: Run linters/fixers +--- +name: Lint on: [push] +permissions: {} jobs: - shellcheck: - name: Shellcheck + superlinter: runs-on: ubuntu-latest + permissions: + contents: read + packages: read + statuses: write steps: - uses: actions/checkout@v4 with: + fetch-depth: 0 show-progress: false - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0 - hadolint: - name: Hadolint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - show-progress: false - - uses: jbergstroem/hadolint-gh-action@eac45b98f6d761309202bd201205a8f8c988bfad # v1.11.0 - with: - dockerfile: '**/*Dockerfile' - error_level: '1' # Fail on warning or above. + - uses: github/super-linter@v6 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VALIDATE_BASH: true + VALIDATE_BASH_EXEC: true + VALIDATE_DOCKERFILE_HADOLINT: true + VALIDATE_EDITORCONFIG: true + VALIDATE_ENV: true + VALIDATE_GITHUB_ACTIONS: true + VALIDATE_JSON: true + VALIDATE_MARKDOWN: true + VALIDATE_YAML: true From cbacba30300c96816f2a9967e9d05484550e4a64 Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Mon, 8 Jul 2024 11:54:22 +0100 Subject: [PATCH 2/3] Clean up shellcheck lints. --- .github/workflows/build-multiarch.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-multiarch.yaml b/.github/workflows/build-multiarch.yaml index 25d03fc..59e3f48 100644 --- a/.github/workflows/build-multiarch.yaml +++ b/.github/workflows/build-multiarch.yaml @@ -36,9 +36,9 @@ jobs: show-progress: false - id: set-matrix run: | - echo "matrix=$(jq -c . < build-matrix.json)" >> $GITHUB_OUTPUT - echo "matrix_versions=$(jq -c .version < build-matrix.json)" >> $GITHUB_OUTPUT - echo "runs_on=$(jq -c .runs_on < build-matrix.json)" >> $GITHUB_OUTPUT + echo "matrix=$(jq -c . < build-matrix.json)" >> "$GITHUB_OUTPUT" + echo "matrix_versions=$(jq -c .version < build-matrix.json)" >> "$GITHUB_OUTPUT" + echo "runs_on=$(jq -c .runs_on < build-matrix.json)" >> "$GITHUB_OUTPUT" build_and_push_image: name: Build ruby_${{ join(matrix.version.rubyver, '.') }} for ${{ matrix.runs_on.arch }} and push to GHCR @@ -67,7 +67,7 @@ jobs: id: calculate-image-tags run: | CREATED_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" - echo "createdDate=${CREATED_DATE}" >> $GITHUB_OUTPUT + echo "createdDate=${CREATED_DATE}" >> "$GITHUB_OUTPUT" - name: Generate Base Image Metadata uses: docker/metadata-action@v5 @@ -190,7 +190,7 @@ jobs: id: calculate-image-tags run: | CREATED_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" - echo "createdDate=${CREATED_DATE}" >> $GITHUB_OUTPUT + echo "createdDate=${CREATED_DATE}" >> "$GITHUB_OUTPUT" - name: Login to GHCR uses: docker/login-action@v3 @@ -224,6 +224,7 @@ jobs: - name: Create Manifest Lists (for Base) working-directory: /tmp/digests/base run: | + # shellcheck disable=SC2046 docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.REGISTRY_BASE }}/govuk-ruby-base@sha256:%s ' *) @@ -252,6 +253,7 @@ jobs: - name: Create Manifest Lists (for Builder) working-directory: /tmp/digests/builder run: | + # shellcheck disable=SC2046 docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.REGISTRY_BASE }}/govuk-ruby-builder@sha256:%s ' *) From 61ad0406a5cb3e673b777ea33c00200dccfab21a Mon Sep 17 00:00:00 2001 From: Chris Banks Date: Mon, 8 Jul 2024 13:21:05 +0100 Subject: [PATCH 3/3] Fix another shellcheck lint. --- .github/workflows/build-multiarch.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-multiarch.yaml b/.github/workflows/build-multiarch.yaml index 59e3f48..817abc9 100644 --- a/.github/workflows/build-multiarch.yaml +++ b/.github/workflows/build-multiarch.yaml @@ -36,9 +36,11 @@ jobs: show-progress: false - id: set-matrix run: | - echo "matrix=$(jq -c . < build-matrix.json)" >> "$GITHUB_OUTPUT" - echo "matrix_versions=$(jq -c .version < build-matrix.json)" >> "$GITHUB_OUTPUT" - echo "runs_on=$(jq -c .runs_on < build-matrix.json)" >> "$GITHUB_OUTPUT" + { + echo "matrix=$(jq -c . < build-matrix.json)" + echo "matrix_versions=$(jq -c .version < build-matrix.json)" + echo "runs_on=$(jq -c .runs_on < build-matrix.json)" + } >> "$GITHUB_OUTPUT" build_and_push_image: name: Build ruby_${{ join(matrix.version.rubyver, '.') }} for ${{ matrix.runs_on.arch }} and push to GHCR