Initial plugin source.

kokuwaio · Feb 8, 2025 · 8b12860 · 8b12860
1 parent 5dc432e
commit 8b12860
Show file tree

Hide file tree

Showing 16 changed files with 706 additions and 0 deletions.
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -0,0 +1,35 @@
+name: Lint
+
+on: push
+
+jobs:
+
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/renovate-config-validator
+
+  markdownlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/markdownlint
+
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/yamllint
+
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/hadolint
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/shellcheck
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -0,0 +1,7 @@
+# https://github.com/hadolint/hadolint#configure
+failure-threshold: style
+strict-labels: true
+disable-ignore-pragma: true
+ignored:
+  - DL3008  # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+trustedRegistries: [docker.io]
diff --git a/.justfile b/.justfile
@@ -0,0 +1,57 @@
+# https://just.systems/man/en/
+set fallback := true
+set unstable := true
+set script-interpreter := ["bash", "-eu"]
+
+REGISTRY_IMAGE := "docker.io/library/registry:2.8.3"
+REGISTRY_NAME := "kaniko-registry"
+REGISTRY_PORT := "5001"
+IMAGE := replace("localhost:_/yamllint", '_', REGISTRY_PORT)
+
+[private]
+@default:
+	just --list --unsorted
+
+# Run linter.
+@lint:
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate-config-validator
+
+# Build using local repository as cache.
+@build: registry-up
+	docker run --rm --net=host --volume=$(pwd):/workspace:ro gcr.io/kaniko-project/executor:v1.23.2 --context=/workspace --destination={{IMAGE}}
+
+# Run image against local repository.
+run: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Inspect image layers with `dive`.
+@dive: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm -it --volume=/var/run/docker.sock:/var/run/docker.sock:ro wagoodman/dive:latest {{IMAGE}}
+
+# Build with local docker daemon.
+docker: registry-up
+	docker buildx build . --load --quiet --tag={{IMAGE}}:amd64 --platform=linux/amd64
+	docker buildx build . --load --quiet --tag={{IMAGE}}:arm64 --platform=linux/arm64
+	docker push {{IMAGE}} --all-tags --quiet
+	docker manifest rm {{IMAGE}} || true
+	docker manifest create {{IMAGE}} --insecure --amend {{IMAGE}}:amd64 --amend {{IMAGE}}:arm64
+	docker manifest inspect {{IMAGE}} --verbose
+	docker manifest push {{IMAGE}} --purge
+	docker pull {{IMAGE}}
+	docker image inspect {{IMAGE}}
+	docker run --rm --read-only --env=CI=1 --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Start local image registry at `http://localhost:{{REGISTRY_PORT}}`.
+@registry-up:
+	docker volume create {{REGISTRY_NAME}} >/dev/null
+	docker ps --format '{{{{.Names}}' | grep {{REGISTRY_NAME}} >/dev/null || docker run --quiet --detach --volume={{REGISTRY_NAME}}:/var/lib/registry --publish={{REGISTRY_PORT}}:5000 --name={{REGISTRY_NAME}} {{REGISTRY_IMAGE}} >/dev/null
+
+# Shutdown local image registry.
+@registry-down:
+	docker rm {{REGISTRY_NAME}} --force >/dev/null 2>&1
diff --git a/.markdownlint.yaml b/.markdownlint.yaml
@@ -0,0 +1,9 @@
+# Default state for all rules
+default: true
+
+# MD009 - Trailing spaces
+MD009:
+  strict: true
+
+# MD013 - Line length
+MD013: false
diff --git a/.woodpecker/build.yaml b/.woodpecker/build.yaml
@@ -0,0 +1,38 @@
+when:
+  event: [manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  build:
+    image: gcr.io/kaniko-project/executor:v1.23.2-debug
+    commands: /kaniko/executor
+        --context=$CI_WORKSPACE
+        --destination=ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER-$PLATFORM
+        --reproducible
+        --cache
+        --cache-copy-layers
+        --cache-run-layers
+        --cache-repo=$DOCKER_CACHE/cache/kokuwaio/yamllint
+        --insecure-registry=$DOCKER_CACHE
+        --insecure-registry=$DOCKER_MIRROR
+        --registry-mirror=$DOCKER_MIRROR
+        --skip-default-registry-fallback
+        --label=org.opencontainers.image.title="Yamllint Plugin"
+        --label=org.opencontainers.image.description="A Woodpecker CI plugin for yamllint to lint yaml files."
+        --label=org.opencontainers.image.url=$CI_REPO_URL
+        --label=org.opencontainers.image.documentation=$CI_REPO_URL
+        --label=org.opencontainers.image.source=$CI_REPO_CLONE_URL
+        --label=org.opencontainers.image.vendor=kokuwa.io
+        --label=org.opencontainers.image.licenses=GPL-3.0-or-later
+        --label=org.opencontainers.image.version=1.35.0
+
+  test:
+    image: ci-registry.schnabel.org/kokuwaio/yamllint:${CI_PIPELINE_NUMBER}-${PLATFORM}
+    pull: true
diff --git a/.woodpecker/dockerhub.yaml b/.woodpecker/dockerhub.yaml
@@ -0,0 +1,17 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/yamllint
+  event: push
+  branch: main
+  path: README.md
+
+steps:
+
+  metadata:
+    image: kokuwaio/dockerhub-metadata
+    settings:
+      repository: kokuwaio/yamllint
+      description-short: A Woodpecker CI plugin for yamllint to lint yaml files.
+      categories: [developer-tools, integration-and-delivery]
+      username: {from_secret: DOCKERHUB_USERNAME}
+      password: {from_secret: DOCKERHUB_PASSWORD}
diff --git a/.woodpecker/lint.yaml b/.woodpecker/lint.yaml
@@ -0,0 +1,31 @@
+when:
+  event: [cron, manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"]
+
+steps:
+
+  renovate:
+    image: kokuwaio/renovate-config-validator
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, renovate.json]]
+
+  yaml:
+    image: kokuwaio/yamllint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .yamllint.yaml, "**/*.yaml"]]
+
+  markdown:
+    image: kokuwaio/markdownlint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .markdownlint.yaml, "**/*.md"]]
+
+  dockerfile:
+    image: kokuwaio/hadolint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]]
+
+  shellcheck:
+    image: kokuwaio/shellcheck
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, "**/*.sh"]]
diff --git a/.woodpecker/push.yaml b/.woodpecker/push.yaml
@@ -0,0 +1,39 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/yamllint
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [build]
+skip_clone: true
+
+steps:
+
+  manifest:
+    image: mplatform/manifest-tool:alpine-v2.1.9
+    commands: manifest-tool push from-args
+        --platforms=linux/amd64,linux/arm64
+        --template=ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER-ARCH
+        --target=ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
+
+  docker.io: &push
+    image: quay.io/skopeo/stable:v1.17.0
+    depends_on: [manifest]
+    commands:
+      - echo "$AUTH" > /tmp/auth.json
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/yamllint:1.35.0
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/yamllint:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/yamllint:latest
+    environment:
+      URL: docker.io
+      AUTH: {from_secret: DOCKER_IO_AUTH}
+
+  ghcr.io:
+    <<: *push
+    environment:
+      URL: ghcr.io
+      AUTH: {from_secret: GHCR_IO_AUTH}
diff --git a/.woodpecker/test.yaml b/.woodpecker/test.yaml
@@ -0,0 +1,18 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/yamllint
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [push]
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  test:
+    image: kokuwaio/yamllint
+    pull: true
diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -0,0 +1,23 @@
+extends: default
+
+## see https://yamllint.readthedocs.io/en/stable/rules.html
+rules:
+
+  # no need for document start
+  document-start: disable
+
+  # line length is not important
+  line-length: disable
+
+  # reduce space from 2
+  comments:
+    min-spaces-from-content: 1
+
+  # force double quotes everywhere
+  quoted-strings:
+    quote-type: double
+    required: only-when-needed
+
+  # allow everything on keys
+  truthy:
+    check-keys: false
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,36 @@
+##
+## Debian base layer with python
+##
+
+FROM docker.io/library/debian:12.9-slim@sha256:40b107342c492725bc7aacbe93a49945445191ae364184a6d24fedb28172f6f7 AS debian
+RUN rm -rf /etc/*- /tmp/* /var/cache/* /var/log/* /var/lib/dpkg/*-old /var/lib/dpkg/status
+RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	apt-get -qq update && \
+	apt-get -qq install --yes --no-install-recommends python3-minimal libpython3-stdlib && \
+	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+
+##
+## Download yamllint
+##
+
+FROM debian AS build
+RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	apt-get -qq update && \
+	apt-get -qq install --yes --no-install-recommends python3-pip && \
+	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+RUN pip install yamllint==1.35.0 \
+		--root=/build \
+		--root-user-action=ignore \
+		--break-system-packages \
+		--no-cache-dir \
+		--no-warn-script-location
+
+##
+## Final stage
+##
+
+FROM debian
+COPY --link --chown=0:0 --from=build /build /
+COPY --link --chown=0:0 --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+USER 1000:1000
diff --git a/Dockerfile.dockerignore b/Dockerfile.dockerignore
@@ -0,0 +1,3 @@
+.*
+
+!entrypoint.sh