actions/lint
1
0
Fork 0
mirror of https://github.com/super-linter/super-linter.git synced 2024-11-21 21:50:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add AWS CloudFormation templates linting

Browse source
This commit is contained in:
Guillaume Delacour 2020-06-19 18:41:19 +02:00 committed by Guillaume Delacour
parent d8608a6cf1
commit f1d1b1cbe2
No known key found for this signature in database
GPG key ID: 9986518B9AAAA0A5
11 changed files with 285 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.automation/test/cfn/README.md Normal file
View file

@ -0,0 +1,13 @@
# AWS CloudFormation Test Cases
This folder holds the test cases for **CloudFormation**.
## Additional Docs
No Additional information is needed for this test case.
## Good Test Cases
The test cases denoted: `LANGUAGE_good_FILE.EXTENSION` are all valid, and should pass successfully when linted.
- **Note:** They are linted utilizing the default linter rules.
## Bad Test Cases
The test cases denoted: `LANGUAGE_bad_FILE.EXTENSION` are **NOT** valid, and should trigger errors when linted.
- **Note:** They are linted utilizing the default linter rules.

35
.automation/test/cfn/cfn_bad_1.json Normal file
View file

@ -0,0 +1,35 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "A sample template",
"Resources": {
"DNS": {
"Type": "AWS::Route53::HostedZonee",
"Properties": {
"HostedZoneConfig": {
"Comment": "Myhostedzoneforexample.com"
},
"Name": "example.com",
"VPCs": [
{
"VPCId": "vpc-abcd1234",
"VPCRegion": "ap-northeast-1"
},
{
"VPCId": "vpc-efgh5678",
"VPCRegion": "us-west-2"
}
],
"HostedZoneTags": [
{
"Key": "SampleKey1",
"Value": "SampleValue1"
},
{
"Key": "SampleKey2",
"Value": "SampleValue2"
}
]
}
}
}
}

23
.automation/test/cfn/cfn_bad_2.yaml Normal file
View file

@ -0,0 +1,23 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
DNS:
Type: "AWS::Route53::HostedZonee"
Properties:
HostedZoneConfig:
Comment: 'My hosted zone for example.com'
Name: 'example.com'
VPCs:
-
VPCId: 'vpc-abcd1234'
VPCRegion: 'ap-northeast-1'
-
VPCId: 'vpc-efgh5678'
VPCRegion: 'us-west-2'
HostedZoneTags:
-
Key: 'SampleKey1'
Value: 'SampleValue1'
-
Key: 'SampleKey2'
Value: 'SampleValue2'

35
.automation/test/cfn/cfn_good_1.json Normal file
View file

@ -0,0 +1,35 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "A sample template",
"Resources": {
"DNS": {
"Type": "AWS::Route53::HostedZone",
"Properties": {
"HostedZoneConfig": {
"Comment": "Myhostedzoneforexample.com"
},
"Name": "example.com",
"VPCs": [
{
"VPCId": "vpc-abcd1234",
"VPCRegion": "ap-northeast-1"
},
{
"VPCId": "vpc-efgh5678",
"VPCRegion": "us-west-2"
}
],
"HostedZoneTags": [
{
"Key": "SampleKey1",
"Value": "SampleValue1"
},
{
"Key": "SampleKey2",
"Value": "SampleValue2"
}
]
}
}
}
}

23
.automation/test/cfn/cfn_good_2.yaml Normal file
View file

@ -0,0 +1,23 @@
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
DNS:
Type: "AWS::Route53::HostedZone"
Properties:
HostedZoneConfig:
Comment: 'My hosted zone for example.com'
Name: 'example.com'
VPCs:
-
VPCId: 'vpc-abcd1234'
VPCRegion: 'ap-northeast-1'
-
VPCId: 'vpc-efgh5678'
VPCRegion: 'us-west-2'
HostedZoneTags:
-
Key: 'SampleKey1'
Value: 'SampleValue1'
-
Key: 'SampleKey2'
Value: 'SampleValue2'

2
.github/linters/.cfnlintrc.yml vendored Normal file
View file

@ -0,0 +1,2 @@
include_checks:
- I

2
Dockerfile
View file

@ -53,7 +53,7 @@ RUN mkdir -p /opt/microsoft/powershell/7 \
# Run Pip3 Installs #
#####################
RUN pip3 --no-cache-dir install --upgrade --no-cache-dir \
yamllint pylint yq
yamllint pylint yq cfn-lint
####################
# Run NPM Installs #

50
README.md
View file

@ -32,30 +32,31 @@ The design of the **Super-Linter** is currently to allow linting to occur in **G
Developers on **GitHub** can call the **GitHub Action** to lint their code base with the following list of linters:
| *Language* | *Linter* |
| --- | --- |
| **Ansible** | [ansible-lint](https://github.com/ansible/ansible-lint) |
| **CSS** | [stylelint](https://stylelint.io/) |
| **Clojure** | [clj-kondo](https://github.com/borkdude/clj-kondo) |
| **CoffeeScript** | [coffeelint](https://coffeelint.github.io/) |
| **Dockerfile** | [dockerfilelint](https://github.com/replicatedhq/dockerfilelint.git) |
| **Golang** | [golangci-lint](https://github.com/golangci/golangci-lint) |
| **JavaScript** | [eslint](https://eslint.org/) [standard js](https://standardjs.com/) |
| **JSON** | [jsonlint](https://github.com/zaach/jsonlint) |
| **Markdown** | [markdownlint](https://github.com/igorshubovych/markdownlint-cli#readme) |
| **Perl** | [perl](https://pkgs.alpinelinux.org/package/edge/main/x86/perl) |
| **PHP** | [PHP](https://www.php.net/) |
| **Python3** | [pylint](https://www.pylint.org/) |
| **Ruby** | [RuboCop](https://github.com/rubocop-hq/rubocop) |
| **Shell** | [Shellcheck](https://github.com/koalaman/shellcheck) |
| **Terraform** | [tflint](https://github.com/terraform-linters/tflint) |
| **TypeScript** | [eslint](https://eslint.org/) [standard js](https://standardjs.com/) |
| **XML** | [LibXML](http://xmlsoft.org/) |
| **YAML** | [YamlLint](https://github.com/adrienverge/yamllint) |
| **PowerShell** | [PSScriptAnalyzer](https://github.com/PowerShell/Psscriptanalyzer) |
| **ENV** | [dotenv-linter](https://github.com/dotenv-linter/dotenv-linter) |
| **Kotlin** | [ktlint](https://github.com/pinterest/ktlint) |
| **OpenAPI** | [spectral](https://github.com/stoplightio/spectral) |
| *Language* | *Linter* |
| --- | --- |
| **Ansible** | [ansible-lint](https://github.com/ansible/ansible-lint) |
| **CSS** | [stylelint](https://stylelint.io/) |
| **Clojure** | [clj-kondo](https://github.com/borkdude/clj-kondo) |
| **CoffeeScript** | [coffeelint](https://coffeelint.github.io/) |
| **Dockerfile** | [dockerfilelint](https://github.com/replicatedhq/dockerfilelint.git) |
| **Golang** | [golangci-lint](https://github.com/golangci/golangci-lint) |
| **JavaScript** | [eslint](https://eslint.org/) [standard js](https://standardjs.com/) |
| **JSON** | [jsonlint](https://github.com/zaach/jsonlint) |
| **Markdown** | [markdownlint](https://github.com/igorshubovych/markdownlint-cli#readme) |
| **Perl** | [perl](https://pkgs.alpinelinux.org/package/edge/main/x86/perl) |
| **PHP** | [PHP](https://www.php.net/) |
| **Python3** | [pylint](https://www.pylint.org/) |
| **Ruby** | [RuboCop](https://github.com/rubocop-hq/rubocop) |
| **Shell** | [Shellcheck](https://github.com/koalaman/shellcheck) |
| **Terraform** | [tflint](https://github.com/terraform-linters/tflint) |
| **TypeScript** | [eslint](https://eslint.org/) [standard js](https://standardjs.com/) |
| **XML** | [LibXML](http://xmlsoft.org/) |
| **YAML** | [YamlLint](https://github.com/adrienverge/yamllint) |
| **PowerShell** | [PSScriptAnalyzer](https://github.com/PowerShell/Psscriptanalyzer) |
| **ENV** | [dotenv-linter](https://github.com/dotenv-linter/dotenv-linter) |
| **Kotlin** | [ktlint](https://github.com/pinterest/ktlint) |
| **OpenAPI** | [spectral](https://github.com/stoplightio/spectral) |
| **AWS CloudFormation templates** | [cfn-lint](https://github.com/aws-cloudformation/cfn-python-lint/) |
## How to use
To use this **GitHub** Action you will need to complete the following:
@ -167,6 +168,7 @@ and won't run anything unexpected.
| **VALIDATE_CLOJURE** | `true` | Flag to enable or disable the linting process of the language. |
| **VALIDATE_KOTLIN** | `true` | Flag to enable or disable the linting process of the language. |
| **VALIDATE_OPENAPI** | `true` | Flag to enable or disable the linting process of the language. |
| **VALIDATE_CLOUDFORMATION** | `true` | Flag to enable or disable the linting process of the language. |
| **ANSIBLE_DIRECTORY** | `/ansible` | Flag to set the root directory for Ansible file location(s). |
| **ACTIONS_RUNNER_DEBUG** | `false` | Flag to enable additional information about the linter, versions, and additional output. |
| **DISABLE_ERRORS** | `false` | Flag to have the linter complete with exit code 0 even if errors were detected. |

2
TEMPLATES/.cfnlintrc.yml Normal file
View file

@ -0,0 +1,2 @@
include_checks:
- I

37
docs/disabling-linters.md
View file

@ -7,6 +7,7 @@ Below are examples and documentation for each language and the various methods t
- [Shell](#shell)
- [Ansible](#ansible)
- [YAML](#yaml)
- [AWS CloudFormation templates](#cfn)
- [Python](#python3)
- [JSON](#json)
- [Markdown](#markdown)
@ -238,6 +239,42 @@ var = "terrible code down here..."
--------------------------------------------------------------------------------
## AWS CloudFormation templates
- [cfn-lint](https://github.com/aws-cloudformation/cfn-python-lint/)
### cfn-lint Config file
- `.github/linters/.cfnlintrc.yml`
- You can pass multiple rules and overwrite default rules
- File should be located at: `.github/linters/.cfnlintrc.yml`
### cfn-lint disable single line
- There is currently **No** way to disable rules inline of the file(s)
### cfn-lint disable code block
You can disable both [template](https://github.com/aws-cloudformation/cfn-python-lint/#template-based-metadata) or [resource](https://github.com/aws-cloudformation/cfn-python-lint/#resource-based-metadata) via [metadata](https://github.com/aws-cloudformation/cfn-python-lint/#metadata):
```yaml
Resources:
myInstance:
Type: AWS::EC2::Instance
Metadata:
cfn-lint:
config:
ignore_checks:
- E3030
Properties:
InstanceType: nt.x4superlarge
ImageId: ami-abc1234
```
### cfn-lint disable entire file
If you need to ignore an entire file, you can update the `.github/linters/.cfnlintrc.yml` to ignore certain files and locations
```yaml
ignore_templates:
- codebuild.yaml
```
--------------------------------------------------------------------------------
## JSON
- [jsonlint](https://github.com/zaach/jsonlint)

90
lib/linter.sh
View file

@ -22,6 +22,9 @@ MD_LINTER_RULES="$DEFAULT_RULES_LOCATION/$MD_FILE_NAME" # Path to th
# Python Vars
PYTHON_FILE_NAME='.python-lint' # Name of the file
PYTHON_LINTER_RULES="$DEFAULT_RULES_LOCATION/$PYTHON_FILE_NAME" # Path to the python lint rules
# Cloudformation Vars
CFN_FILE_NAME='.cfnlintrc.yml' # Name of the file
CFN_LINTER_RULES="$DEFAULT_RULES_LOCATION/$CFN_FILE_NAME" # Path to the python lint rules
# Ruby Vars
RUBY_FILE_NAME="${RUBY_CONFIG_FILE:-.ruby-lint.yml}" # Name of the file
RUBY_LINTER_RULES="$DEFAULT_RULES_LOCATION/$RUBY_FILE_NAME" # Path to the ruby lint rules
@ -67,7 +70,8 @@ CLOJURE_LINTER_RULES="$DEFAULT_RULES_LOCATION/$CLOJURE_FILE_NAME"
LINTER_ARRAY=("jsonlint" "yamllint" "xmllint" "markdownlint" "shellcheck"
"pylint" "perl" "rubocop" "coffeelint" "eslint" "standard"
"ansible-lint" "/dockerfilelint/bin/dockerfilelint" "golangci-lint" "tflint"
"stylelint" "dotenv-linter" "powershell" "ktlint" "clj-kondo" "spectral")
"stylelint" "dotenv-linter" "powershell" "ktlint" "clj-kondo" "spectral"
"cfn-lint")
#############################
# Language array for prints #
@ -75,7 +79,7 @@ LINTER_ARRAY=("jsonlint" "yamllint" "xmllint" "markdownlint" "shellcheck"
LANGUAGE_ARRAY=('YML' 'JSON' 'XML' 'MARKDOWN' 'BASH' 'PERL' 'PHP' 'RUBY' 'PYTHON'
'COFFEESCRIPT' 'ANSIBLE' 'JAVASCRIPT_STANDARD' 'JAVASCRIPT_ES'
'TYPESCRIPT_STANDARD' 'TYPESCRIPT_ES' 'DOCKER' 'GO' 'TERRAFORM'
'CSS' 'ENV' 'POWERSHELL' 'KOTLIN' 'CLOJURE' 'OPENAPI')
'CSS' 'ENV' 'POWERSHELL' 'KOTLIN' 'CLOJURE' 'OPENAPI' 'CFN')
###################
# GitHub ENV Vars #
@ -94,6 +98,7 @@ VALIDATE_BASH="${VALIDATE_BASH}" # Boolean to validate lang
VALIDATE_PERL="${VALIDATE_PERL}" # Boolean to validate language
VALIDATE_PHP="${VALIDATE_PHP}" # Boolean to validate language
VALIDATE_PYTHON="${VALIDATE_PYTHON}" # Boolean to validate language
VALIDATE_CLOUDFORMATION="${VALIDATE_CLOUDFORMATION}" # Boolean to validate language
VALIDATE_RUBY="${VALIDATE_RUBY}" # Boolean to validate language
VALIDATE_COFFEE="${VALIDATE_COFFEE}" # Boolean to validate language
VALIDATE_ANSIBLE="${VALIDATE_ANSIBLE}" # Boolean to validate language
@ -146,6 +151,7 @@ FILE_ARRAY_PERL=() # Array of files to check
FILE_ARRAY_PHP=() # Array of files to check
FILE_ARRAY_RUBY=() # Array of files to check
FILE_ARRAY_PYTHON=() # Array of files to check
FILE_ARRAY_CFN=() # Array of files to check
FILE_ARRAY_COFFEESCRIPT=() # Array of files to check
FILE_ARRAY_JAVASCRIPT_ES=() # Array of files to check
FILE_ARRAY_JAVASCRIPT_STANDARD=() # Array of files to check
@ -173,6 +179,7 @@ ERRORS_FOUND_PERL=0 # Count of errors found
ERRORS_FOUND_PHP=0 # Count of errors found
ERRORS_FOUND_RUBY=0 # Count of errors found
ERRORS_FOUND_PYTHON=0 # Count of errors found
ERRORS_FOUND_CFN=0 # Count of errors found
ERRORS_FOUND_COFFEESCRIPT=0 # Count of errors found
ERRORS_FOUND_ANSIBLE=0 # Count of errors found
ERRORS_FOUND_JAVASCRIPT_STANDARD=0 # Count of errors found
@ -605,6 +612,17 @@ DetectOpenAPIFile()
fi
}
#### Function DetectCloudFormationFile #########################################
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-formats.html
DetectCloudFormationFile()
{
if grep 'AWSTemplateFormatVersion' "${1}" > /dev/null; then
return 0
else
return 1
fi
}
################################################################################
#### Function GetGitHubVars ####################################################
GetGitHubVars()
@ -791,6 +809,7 @@ GetValidationInfo()
VALIDATE_PERL=$(echo "$VALIDATE_PERL" | awk '{print tolower($0)}')
VALIDATE_PHP=$(echo "$VALIDATE_PHP" | awk '{print tolower($0)}')
VALIDATE_PYTHON=$(echo "$VALIDATE_PYTHON" | awk '{print tolower($0)}')
VALIDATE_CLOUDFORMATION=$(echo "$VALIDATE_CLOUDFORMATION" | awk '{print tolower($0)}')
VALIDATE_RUBY=$(echo "$VALIDATE_RUBY" | awk '{print tolower($0)}')
VALIDATE_COFFEE=$(echo "$VALIDATE_COFFEE" | awk '{print tolower($0)}')
VALIDATE_ANSIBLE=$(echo "$VALIDATE_ANSIBLE" | awk '{print tolower($0)}')
@ -820,6 +839,7 @@ GetValidationInfo()
-n "$VALIDATE_PERL" || \
-n "$VALIDATE_PHP" || \
-n "$VALIDATE_PYTHON" || \
-n "$VALIDATE_CLOUDFORMATION" || \
-n "$VALIDATE_RUBY" || \
-n "$VALIDATE_COFFEE" || \
-n "$VALIDATE_ANSIBLE" || \
@ -951,6 +971,20 @@ GetValidationInfo()
VALIDATE_PYTHON="true"
fi
##############################################
# Validate if we should check Cloudformation #
##############################################
if [[ "$ANY_SET" == "true" ]]; then
# Some linter flags were set - only run those set to true
if [[ -z "$VALIDATE_CLOUDFORMATION" ]]; then
# CFN flag was not set - default to false
VALIDATE_CLOUDFORMATION="false"
fi
else
# No linter flags were set - default all to true
VALIDATE_CLOUDFORMATION="true"
fi
####################################
# Validate if we should check RUBY #
####################################
@ -1218,6 +1252,11 @@ GetValidationInfo()
else
PRINT_ARRAY+=("- Excluding [PYTHON] files in code base...")
fi
if [[ "$VALIDATE_CLOUDFORMATION" == "true" ]]; then
PRINT_ARRAY+=("- Validating [CFN] files in code base...")
else
PRINT_ARRAY+=("- Excluding [CFN] files in code base...")
fi
if [[ "$VALIDATE_RUBY" == "true" ]]; then
PRINT_ARRAY+=("- Validating [RUBY] files in code base...")
else
@ -1510,6 +1549,18 @@ BuildFileList()
##########################################################
READ_ONLY_CHANGE_FLAG=1
#####################
# Get the CFN files #
#####################
elif [ "$FILE_TYPE" == "json" ] || [ "$FILE_TYPE" == "yml" ] || [ "$FILE_TYPE" == "yaml" ] && DetectCloudFormationFile "$FILE"; then
################################
# Append the file to the array #
################################
FILE_ARRAY_CFN+=("$FILE")
##########################################################
# Set the READ_ONLY_CHANGE_FLAG since this could be exec #
##########################################################
READ_ONLY_CHANGE_FLAG=1
#####################
# Get the XML files #
#####################
elif [ "$FILE_TYPE" == "xml" ]; then
@ -1924,6 +1975,17 @@ LintCodebase()
continue
fi
# don't test normal json/yaml files wih cfn-lint
if [ "$LINTER_NAME" == "cfn-lint" ] && ! DetectCloudFormationFile "$GITHUB_WORKSPACE/$FILE"; then
# TODO: PRINT_ARRAY still contains "Linting [CFN] files..."
continue
fi
# don't test CloudFormation files with {json,yaml}lint
if [ "$LINTER_NAME" == "jsonlint" ] || [ "$LINTER_NAME" == "yamllint" ] && DetectCloudFormationFile "$GITHUB_WORKSPACE/$FILE"; then
continue
fi
##############
# File print #
##############
@ -2054,6 +2116,15 @@ TestCodebase()
# Set IFS back to default #
###########################
IFS="$DEFAULT_IFS"
# don't check yaml/json files with cnf-lint
# don't check CloudFormation files with json/yaml linters
if [ "$FILE_TYPE" == "CFN" ]; then
LIST_FILES=($(cd "$GITHUB_WORKSPACE/$TEST_CASE_FOLDER" || exit; find . -type f -regex "$FILE_EXTENSIONS" ! -path "*./ansible*" ! -path "*./json*" ! -path "*./yml*" 2>&1))
fi
if [ "$FILE_TYPE" == "JSON" ] || [ "$FILE_TYPE" == "YML" ]; then
LIST_FILES=($(cd "$GITHUB_WORKSPACE/$TEST_CASE_FOLDER" || exit; find . -type f -regex "$FILE_EXTENSIONS" ! -path "*./ansible*" ! -path "*./cfn*" 2>&1))
fi
fi
##################
@ -2240,6 +2311,7 @@ Footer()
[ "$ERRORS_FOUND_PERL" -ne 0 ] || \
[ "$ERRORS_FOUND_PHP" -ne 0 ] || \
[ "$ERRORS_FOUND_PYTHON" -ne 0 ] || \
[ "$ERRORS_FOUND_CFN" -ne 0 ] || \
[ "$ERRORS_FOUND_COFFEESCRIPT" -ne 0 ] || \
[ "$ERRORS_FOUND_ANSIBLE" -ne 0 ] || \
[ "$ERRORS_FOUND_JAVASCRIPT_ES" -ne 0 ] || \
@ -2319,6 +2391,7 @@ RunTestCases()
TestCodebase "CLOJURE" "clj-kondo" "clj-kondo --config $CLOJURE_LINTER_RULES --lint" ".*\.\(clj\|cljs\|cljc\|edn\)\$"
TestCodebase "KOTLIN" "ktlint" "ktlint" ".*\.\(kt\|kts\)\$"
TestCodebase "OPENAPI" "spectral" "spectral lint -r $OPENAPI_LINTER_RULES" ".*\.\(ymlopenapi\|jsonopenapi\)\$"
TestCodebase "CFN" "cfn-lint" "cfn-lint --config-file $CFN_LINTER_RULES" ".*\.\(json\|yml\|yaml\)\$"
#################
# Footer prints #
@ -2357,6 +2430,8 @@ GetLinterRules "$YAML_FILE_NAME" "$YAML_LINTER_RULES"
GetLinterRules "$MD_FILE_NAME" "$MD_LINTER_RULES"
# Get Python rules
GetLinterRules "$PYTHON_FILE_NAME" "$PYTHON_LINTER_RULES"
# Get CloudFormation rules
GetLinterRules "$CFN_FILE_NAME" "$CFN_LINTER_RULES"
# Get Ruby rules
GetLinterRules "$RUBY_FILE_NAME" "$RUBY_LINTER_RULES"
# Get Coffeescript rules
@ -2475,6 +2550,17 @@ if [ "$VALIDATE_PYTHON" == "true" ]; then
LintCodebase "PYTHON" "pylint" "pylint --rcfile $PYTHON_LINTER_RULES -E" ".*\.\(py\)\$" "${FILE_ARRAY_PYTHON[@]}"
fi
###############
# CFN LINTING #
###############
if [ "$VALIDATE_CLOUDFORMATION" == "true" ]; then
#################################
# Lint the CloudFormation files #
#################################
# LintCodebase "FILE_TYPE" "LINTER_NAME" "LINTER_CMD" "FILE_TYPES_REGEX" "FILE_ARRAY"
LintCodebase "CFN" "cfn-lint" "cfn-lint --config-file $CFN_LINTER_RULES" ".*\.\(json\|yml\|yaml\)\$" "${FILE_ARRAY_CFN[@]}"
fi
################
# PERL LINTING #
################