Commit graph

750 commits

Author SHA1 Message Date
dependabot[bot]
3e6a272033
deps(docker): bump powershell from 7.3-alpine-3.17 to 7.4-alpine-3.17 (#5279)
Bumps powershell from 7.3-alpine-3.17 to 7.4-alpine-3.17.

---
updated-dependencies:
- dependency-name: powershell
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 11:10:18 +00:00
dependabot[bot]
5dc9a6a8fa
deps(docker): bump terraform-linters/tflint from v0.50.2 to v0.50.3 (#5258)
Bumps [terraform-linters/tflint](https://github.com/terraform-linters/tflint) from v0.50.2 to v0.50.3.
- [Release notes](https://github.com/terraform-linters/tflint/releases)
- [Changelog](https://github.com/terraform-linters/tflint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terraform-linters/tflint/compare/v0.50.2...v0.50.3)

---
updated-dependencies:
- dependency-name: terraform-linters/tflint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 08:48:08 +00:00
dependabot[bot]
9b1e9361ee
deps(docker): bump mvdan/shfmt from v3.7.0 to v3.8.0 (#5257)
Bumps mvdan/shfmt from v3.7.0 to v3.8.0.

---
updated-dependencies:
- dependency-name: mvdan/shfmt
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-13 08:47:38 +00:00
dependabot[bot]
edd813ae55
deps(docker): bump golangci/golangci-lint from v1.55.2 to v1.56.1 (#5256)
Bumps golangci/golangci-lint from v1.55.2 to v1.56.1.

---
updated-dependencies:
- dependency-name: golangci/golangci-lint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 21:04:52 +00:00
dependabot[bot]
07e5032e39
deps(docker): bump python from 3.12.1-alpine3.19 to 3.12.2-alpine3.19 (#5259)
Bumps python from 3.12.1-alpine3.19 to 3.12.2-alpine3.19.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 21:02:29 +00:00
dependabot[bot]
02e9da59ae
deps(docker): bump clj-kondo/clj-kondo (#5260)
Bumps clj-kondo/clj-kondo from 2023.12.15-alpine to 2024.02.12-alpine.

---
updated-dependencies:
- dependency-name: clj-kondo/clj-kondo
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 21:02:12 +00:00
Marco Ferrari
49320c834b
build: install dotnet and powershell from images (#5245)
Install the .NET SDK and PowerShell from their container images so that
we avoid spending time running their installers, and we can control
their updates automatically.

Close #5243
2024-02-10 08:51:09 +00:00
Marco Ferrari
5b5e54ad5c
fix: initialize terrascan at runtime (#5246)
Terrascan runs initialization anyway when scanning files, so there's no
point in running it at build time. Also, this works around a Terrascan
bug that caused it to fail its initialization if $HOME/.terrascan
directory is not present. This happens on GitHub Actions because it
configures a $HOME directory that is different from ours.
2024-02-09 22:57:01 +00:00
Marco Ferrari
1f2fbb14cd
build: install lintr in a dedicated stage (#5247) 2024-02-09 17:44:49 +00:00
dependabot[bot]
27bb6abc56
deps(docker): bump hashicorp/terraform from 1.7.1 to 1.7.2 (#5231)
Bumps hashicorp/terraform from 1.7.1 to 1.7.2.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 17:28:15 +00:00
dependabot[bot]
299dbf00a2
deps(docker): bump zricethezav/gitleaks from v8.18.1 to v8.18.2 (#5232)
Bumps zricethezav/gitleaks from v8.18.1 to v8.18.2.

---
updated-dependencies:
- dependency-name: zricethezav/gitleaks
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 17:27:31 +00:00
dependabot[bot]
ee5337123f
deps(docker): bump dart from 3.2.5-sdk to 3.2.6-sdk (#5233)
Bumps dart from 3.2.5-sdk to 3.2.6-sdk.

---
updated-dependencies:
- dependency-name: dart
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 17:27:16 +00:00
dependabot[bot]
31c3195838
deps(docker): bump alpine/terragrunt from 1.7.1 to 1.7.2 (#5234)
Bumps alpine/terragrunt from 1.7.1 to 1.7.2.

---
updated-dependencies:
- dependency-name: alpine/terragrunt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 17:27:06 +00:00
Marco Ferrari
d7790e4f1c
build: move linter verions logic outside runtime (#5197)
Move the logic to build the linter versions file outside the main
runtime. There's no need to include it there because it's used only when
building the image.

Move the list of linters by name in linterVersions.sh because we don't
need it in any other place.
2024-02-05 13:31:36 +01:00
Marco Ferrari
eded42747b
fix: don't add unnecessary empty lines (#5221) 2024-02-05 11:49:22 +01:00
Marco Ferrari
99e41ce451
feat: run linters in parallel (#5177) 2024-01-30 19:24:55 +00:00
dependabot[bot]
91dab1ed86
deps(docker): bump hashicorp/terraform from 1.7.0 to 1.7.1 (#5181)
Bumps hashicorp/terraform from 1.7.0 to 1.7.1.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 20:47:09 +00:00
dependabot[bot]
a1be60308a
deps(docker): bump alpine/terragrunt from 1.7.0 to 1.7.1 (#5182)
Bumps alpine/terragrunt from 1.7.0 to 1.7.1.

---
updated-dependencies:
- dependency-name: alpine/terragrunt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 20:47:00 +00:00
dependabot[bot]
ed014e511e
deps(docker): bump dart from 3.2.4-sdk to 3.2.5-sdk (#5163)
Bumps dart from 3.2.4-sdk to 3.2.5-sdk.

---
updated-dependencies:
- dependency-name: dart
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 21:38:47 +00:00
dependabot[bot]
6f1f9f3adc
deps(docker): bump alpine/terragrunt from 1.6.6 to 1.7.0 (#5160)
Bumps alpine/terragrunt from 1.6.6 to 1.7.0.

---
updated-dependencies:
- dependency-name: alpine/terragrunt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 21:08:31 +00:00
dependabot[bot]
d1fcddcc10
deps(docker): bump terraform-linters/tflint from v0.50.1 to v0.50.2 (#5162)
Bumps [terraform-linters/tflint](https://github.com/terraform-linters/tflint) from v0.50.1 to v0.50.2.
- [Release notes](https://github.com/terraform-linters/tflint/releases)
- [Changelog](https://github.com/terraform-linters/tflint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terraform-linters/tflint/compare/v0.50.1...v0.50.2)

---
updated-dependencies:
- dependency-name: terraform-linters/tflint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 18:53:27 +00:00
dependabot[bot]
f26b3de848
deps(docker): bump hashicorp/terraform from 1.6.6 to 1.7.0 (#5161)
Bumps hashicorp/terraform from 1.6.6 to 1.7.0.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-22 18:51:28 +00:00
Marco Ferrari
bf832c60ae
build: cache more standard image layers (#5133)
Run the steps to copy super-linter configs and executables in both the
standard and the slim images so that we can cache the steps to install
additional linters for the standard image even if we modify super-linter
configs and executables.
2024-01-15 21:02:51 +01:00
dependabot[bot]
e0011b38a0
deps(docker): bump yoheimuta/protolint from 0.47.4 to 0.47.5 (#5138)
Bumps yoheimuta/protolint from 0.47.4 to 0.47.5.

---
updated-dependencies:
- dependency-name: yoheimuta/protolint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:36:36 +00:00
dependabot[bot]
16b7c50a0e
deps(docker): bump golang from 1.21.5-alpine to 1.21.6-alpine (#5137)
Bumps golang from 1.21.5-alpine to 1.21.6-alpine.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 14:35:31 +00:00
Marco Ferrari
877cdf4ea1
build: standard image from base_image stage (#5129)
Build the standard image starting from the base_image stage because we
don't need anything from the slim image.
2024-01-11 23:16:41 +01:00
Marco Ferrari
d5da0ceac9
build: run versions command in the slim stage (#5127)
Move the invocation of the command to build the linter versions file in
the slim stage because we run it again in the standard stage anyway, so
there's no need for the standard stage to wait for this command to run.
2024-01-11 20:30:18 +00:00
Marco Ferrari
df911171c4
build: python venvs and npm in dedicated stages (#5078)
Move the following tasks to dedicated stages so we can run these steps
in parallel with other stages:

- Build Python virtual environments
- Install npm packages
- Build clang-format
- Download and install TFlint plugins

Add missing target stage when building the container image
2024-01-10 11:09:53 +01:00
dependabot[bot]
f3431d7d7c
deps(docker): bump terraform-linters/tflint from v0.50.0 to v0.50.1 (#5109)
Bumps [terraform-linters/tflint](https://github.com/terraform-linters/tflint) from v0.50.0 to v0.50.1.
- [Release notes](https://github.com/terraform-linters/tflint/releases)
- [Changelog](https://github.com/terraform-linters/tflint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terraform-linters/tflint/compare/v0.50.0...v0.50.1)

---
updated-dependencies:
- dependency-name: terraform-linters/tflint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-09 10:22:43 +00:00
Marco Ferrari
19e39e211e
build: install clang-format from OS package repo (#5071)
Build and install clang-format instead of pulling it from a (potentially)
unmaintained repository
2024-01-01 11:39:59 +01:00
Marco Ferrari
690d422fd6
build: install chktex (#5074)
Install chktex directly instead of using a third-party container image.
2023-12-30 16:07:07 +01:00
Marco Ferrari
1ca3ebccd6
build: reduce container image size (#5072)
- Remove build-time dependencies
- Remove cached NPM packages
- Remove cached PyPi packages
- Remove dependency descriptors. These still count against the total space,
  although it's a few KBs
- Install rust-clippy and rust-fmt using the OS package manager instead of
  maintaining our own installation script
- Add tests for build time dependencies that are not supposed to be installed
2023-12-29 19:30:58 +01:00
dependabot[bot]
0355c996e0
deps(docker): bump yoheimuta/protolint from 0.47.3 to 0.47.4 (#5068)
Bumps yoheimuta/protolint from 0.47.3 to 0.47.4.

---
updated-dependencies:
- dependency-name: yoheimuta/protolint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-27 12:39:04 +01:00
dependabot[bot]
c208173f27
deps(docker): bump clj-kondo/clj-kondo (#5069)
Bumps clj-kondo/clj-kondo from 2023.05.18-alpine to 2023.12.15-alpine.

---
updated-dependencies:
- dependency-name: clj-kondo/clj-kondo
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-27 08:27:34 +00:00
Marco Ferrari
4d9eaa5c54
build: update Dart, dart analyzer to 3.2.4 (#5065)
Recent versions of dart analyzer don't support the --options
configuration option anymore, so we cannot pass an arbitrary
configuration file. This commit removes the default dart analyzer
configuration file as well, because it's not needed anymore.
2023-12-26 22:14:57 +01:00
Marco Ferrari
1dc74e194e
build: install clj-kondo from its container image (#5064)
Instead of providing a script to install clj-kondo, grab it from its
container image so that we can benefit from automated dependency
updates.
2023-12-25 12:41:40 +01:00
dependabot[bot]
dc166ec78d
deps(docker): bump terraform-linters/tflint from v0.49.0 to v0.50.0 (#5053)
Bumps [terraform-linters/tflint](https://github.com/terraform-linters/tflint) from v0.49.0 to v0.50.0.
- [Release notes](https://github.com/terraform-linters/tflint/releases)
- [Changelog](https://github.com/terraform-linters/tflint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terraform-linters/tflint/compare/v0.49.0...v0.50.0)

---
updated-dependencies:
- dependency-name: terraform-linters/tflint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-24 14:13:18 +00:00
dependabot[bot]
88562ff546
deps(docker): bump tenable/terrascan from 1.18.9 to 1.18.11 (#5055)
Bumps tenable/terrascan from 1.18.9 to 1.18.11.

---
updated-dependencies:
- dependency-name: tenable/terrascan
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-24 14:13:18 +00:00
dependabot[bot]
57218d3e19
deps(docker): bump yoheimuta/protolint from 0.47.2 to 0.47.3 (#5052)
Bumps yoheimuta/protolint from 0.47.2 to 0.47.3.

---
updated-dependencies:
- dependency-name: yoheimuta/protolint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-24 14:13:13 +00:00
Marco Ferrari
fa7cb563d8
feat: automatically handle ktlint updates (#5049) 2023-12-24 14:47:34 +01:00
Marco Ferrari
9d7268fb99
feat: add support for checkov to lint iac files (#4925)
- Add support to run Checkov against infrastructure as code descriptors
  that are in a given (configurable) directory. Defaults to lint the
  whole workspace.
- Establish a baseline for our own codebase so we don't have to fix
  issues right away with this change.
2023-12-22 13:22:15 +01:00
Marco Ferrari
60983d395f
fix: fail if r package installation fails (#4994)
- Fail if the installation of a R package fails.
- Install the remotes package once during the image build, and not when we scan
  files at runtime.
- Reuse the default R library directory instead of moving it to /home/r-library
2023-12-21 20:52:57 +01:00
dependabot[bot]
17d5a62cc0
build(docker): bump yoheimuta/protolint from 0.47.0 to 0.47.2 (#5034)
Bumps yoheimuta/protolint from 0.47.0 to 0.47.2.

---
updated-dependencies:
- dependency-name: yoheimuta/protolint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 14:14:14 +00:00
Marco Ferrari
d8ca23519b
build: use a base image (#5033)
- Refactor Dockerfile to use a base image so that we can reuse the cache
  for the standard image and not just the base image.
- Simplify the cd workflow to take into account the Production
  environment only for latest images.
2023-12-20 17:45:35 +01:00
dependabot[bot]
a574fdc634
Bump tenable/terrascan from 1.18.5 to 1.18.9 (#5005)
Bumps tenable/terrascan from 1.18.5 to 1.18.9.

---
updated-dependencies:
- dependency-name: tenable/terrascan
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 20:23:33 +00:00
dependabot[bot]
7803a7c4f9
Bump hashicorp/terraform from 1.6.5 to 1.6.6 (#5003)
Bumps hashicorp/terraform from 1.6.5 to 1.6.6.

---
updated-dependencies:
- dependency-name: hashicorp/terraform
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:27:27 +00:00
dependabot[bot]
96f9115f12
Bump terraform-linters/tflint from v0.48.0 to v0.49.0 (#5004)
Bumps [terraform-linters/tflint](https://github.com/terraform-linters/tflint) from v0.48.0 to v0.49.0.
- [Release notes](https://github.com/terraform-linters/tflint/releases)
- [Changelog](https://github.com/terraform-linters/tflint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terraform-linters/tflint/compare/v0.48.0...v0.49.0)

---
updated-dependencies:
- dependency-name: terraform-linters/tflint
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:26:59 +00:00
dependabot[bot]
06fd2a9f45
Bump yoheimuta/protolint from 0.46.3 to 0.47.0 (#5006)
Bumps yoheimuta/protolint from 0.46.3 to 0.47.0.

---
updated-dependencies:
- dependency-name: yoheimuta/protolint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:25:32 +00:00
dependabot[bot]
8cda5efa9c
Bump alpine/terragrunt from 1.6.5 to 1.6.6 (#5007)
Bumps alpine/terragrunt from 1.6.5 to 1.6.6.

---
updated-dependencies:
- dependency-name: alpine/terragrunt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 18:25:14 +00:00
Marco Ferrari
22b8624f61
Simplify container image build (#4962) 2023-12-15 11:59:36 +01:00