Simplify container image build (#4962)

This commit is contained in:
Marco Ferrari 2023-12-15 11:59:36 +01:00 committed by GitHub
parent 22564fb65c
commit 22b8624f61
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 354 additions and 312 deletions

5
.github/CODEOWNERS vendored
View file

@ -1,4 +1 @@
###################################################################### * @zkoppert @Hanse00 @ferrarimarco
# These owners will be the default owners for everything in the repo #
######################################################################
* @admiralawkbar @lindluni @zkoppert @nemchik @Hanse00 @GaboFDC @ferrarimarco

View file

@ -149,6 +149,6 @@ jobs:
title: "Failed to deploy to production", title: "Failed to deploy to production",
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
assignees: [ assignees: [
"zkoppert", "Hanse00" "zkoppert", "Hanse00", "ferrarimarco"
] ]
}) })

View file

@ -132,6 +132,7 @@ jobs:
body: "Automation has failed us! Failed to push release ${{ env.RELEASE_VERSION }}\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", body: "Automation has failed us! Failed to push release ${{ env.RELEASE_VERSION }}\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
assignees: [ assignees: [
'zkoppert', 'zkoppert',
'Hanse00' 'Hanse00',
'ferrarimarco'
] ]
}) })

View file

@ -4,6 +4,8 @@
########################################### ###########################################
########################################### ###########################################
ARG GLIBC_VERSION='2.34-r0'
######################################### #########################################
# Get dependency images as build stages # # Get dependency images as build stages #
######################################### #########################################
@ -16,7 +18,7 @@ FROM ghcr.io/terraform-linters/tflint:v0.48.0 as tflint
FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm
FROM golang:1.21.5-alpine as golang FROM golang:1.21.5-alpine as golang
FROM golangci/golangci-lint:v1.55.2 as golangci-lint FROM golangci/golangci-lint:v1.55.2 as golangci-lint
FROM hadolint/hadolint:latest-alpine as dockerfile-lint FROM hadolint/hadolint:v2.12.0-alpine as dockerfile-lint
FROM hashicorp/terraform:1.6.5 as terraform FROM hashicorp/terraform:1.6.5 as terraform
FROM koalaman/shellcheck:v0.9.0 as shellcheck FROM koalaman/shellcheck:v0.9.0 as shellcheck
FROM mstruebing/editorconfig-checker:2.7.2 as editorconfig-checker FROM mstruebing/editorconfig-checker:2.7.2 as editorconfig-checker
@ -26,72 +28,84 @@ FROM scalameta/scalafmt:v3.7.17 as scalafmt
FROM zricethezav/gitleaks:v8.18.1 as gitleaks FROM zricethezav/gitleaks:v8.18.1 as gitleaks
FROM yoheimuta/protolint:0.46.3 as protolint FROM yoheimuta/protolint:0.46.3 as protolint
################## FROM python:3.12.1-alpine3.19 as slim
# Get base image #
################## LABEL com.github.actions.name="Super-Linter" \
FROM python:3.11.5-alpine3.17 as base_image com.github.actions.description="A collection of code linters and analyzers." \
com.github.actions.icon="code" \
com.github.actions.color="red" \
maintainer="@Hanse00, @ferrarimarco, @zkoppert" \
org.opencontainers.image.authors="Super Linter Contributors: https://github.com/super-linter/super-linter/graphs/contributors" \
org.opencontainers.image.url="https://github.com/super-linter/super-linter" \
org.opencontainers.image.source="https://github.com/super-linter/super-linter" \
org.opencontainers.image.documentation="https://github.com/super-linter/super-linter" \
org.opencontainers.image.vendor="GitHub" \
org.opencontainers.image.description="A collection of code linters and analyzers."
################################
# Set ARG values used in Build #
################################
ARG CLJ_KONDO_VERSION='2023.05.18'
# Dart Linter
## stable dart sdk: https://dart.dev/get-dart#release-channels
ARG DART_VERSION='2.8.4'
## install alpine-pkg-glibc (glibc compatibility layer package for Alpine Linux)
ARG GLIBC_VERSION='2.34-r0'
ARG KTLINT_VERSION='0.47.1'
# PowerShell & PSScriptAnalyzer linter
ARG PSSA_VERSION='1.21.0'
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
ARG PWSH_VERSION='v7.3.1'
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
ARG TARGETARCH ARG TARGETARCH
#################### # Install bash first so we can use it
# Run APK installs # RUN apk add --no-cache \
#################### bash
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
RUN apk add --no-cache \ RUN apk add --no-cache \
bash \
ca-certificates \ ca-certificates \
cargo \ cargo \
cmake \ cmake \
coreutils \ coreutils \
curl \ curl \
file \ file \
gcc \
g++ \ g++ \
git git-lfs \ gcc \
git \
git-lfs \
gnupg \ gnupg \
icu-libs \ icu-libs \
jpeg-dev \ jpeg-dev \
jq \ jq \
krb5-libs \ krb5-libs \
libc-dev libcurl libffi-dev libgcc \ libc-dev \
libintl libssl1.1 libstdc++ \ libcurl \
libxml2-dev libxml2-utils \ libffi-dev \
libgcc \
libintl \
libssl3 \
libstdc++ \
libxml2-dev \
libxml2-utils \
linux-headers \ linux-headers \
lttng-ust-dev \ lttng-ust-dev \
make \ make \
musl-dev \ musl-dev \
net-snmp-dev \ net-snmp-dev \
npm nodejs-current \ nodejs-current \
npm \
openjdk17-jre \ openjdk17-jre \
openssh-client \ openssh-client \
openssl-dev \ openssl-dev \
parallel \ parallel \
perl perl-dev \ perl \
py3-setuptools python3-dev \ perl-dev \
py3-pyflakes \ py3-pyflakes \
R R-dev R-doc \ py3-setuptools \
python3-dev \
R \
R-dev \
R-doc \
readline-dev \ readline-dev \
ruby ruby-dev ruby-bundler ruby-rdoc \ ruby \
ruby-bundler \
ruby-dev \
ruby-rdoc \
rustup \ rustup \
zlib zlib-dev tar \
zlib \
zlib-dev \
zstd
########################################
# Copy dependencies files to container #
########################################
COPY dependencies/ / COPY dependencies/ /
################################################################### ###################################################################
@ -191,44 +205,70 @@ COPY --from=actionlint /usr/local/bin/actionlint /usr/bin/
###################### ######################
COPY --from=kubeconfrm /kubeconform /usr/bin/ COPY --from=kubeconfrm /kubeconform /usr/bin/
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
# Store the key here because the above host is sometimes down, and breaks our builds
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
#################
# Install glibc #
#################
ARG GLIBC_VERSION
COPY scripts/install-glibc.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-glibc.sh && rm -rf /install-glibc.sh
################# #################
# Install Lintr # # Install Lintr #
################# #################
COPY scripts/install-lintr.sh / COPY scripts/install-lintr.sh /
RUN /install-lintr.sh && rm -rf /install-lintr.sh RUN /install-lintr.sh && rm -rf /install-lintr.sh
#################################
# Install luacheck and luarocks #
#################################
COPY scripts/install-lua.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-lua.sh && rm -rf /install-lua.sh
#####################################
# Build python virtual environments #
#####################################
COPY dependencies/python/ /stage
WORKDIR /stage
RUN ./build-venvs.sh
# Set work directory back to root because some scripts depend on it
WORKDIR /
##############################
# Install Phive dependencies #
##############################
COPY scripts/install-phive.sh /
RUN /install-phive.sh && rm -rf /install-phive.sh
##################### #####################
# Install clj-kondo # # Install clj-kondo #
##################### #####################
ARG CLJ_KONDO_VERSION='2023.05.18'
COPY scripts/install-clj-kondo.sh / COPY scripts/install-clj-kondo.sh /
RUN /install-clj-kondo.sh && rm -rf /install-clj-kondo.sh RUN /install-clj-kondo.sh && rm -rf /install-clj-kondo.sh
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
# Store the key here because the above host is sometimes down, and breaks our builds
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
################## ##################
# Install ktlint # # Install ktlint #
################## ##################
ARG KTLINT_VERSION='0.47.1'
COPY scripts/install-ktlint.sh / COPY scripts/install-ktlint.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-ktlint.sh && rm -rf /install-ktlint.sh RUN --mount=type=secret,id=GITHUB_TOKEN /install-ktlint.sh && rm -rf /install-ktlint.sh
####################
# Install dart-sdk #
####################
COPY scripts/install-dart-sdk.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-dart-sdk.sh && rm -rf /install-dart-sdk.sh
################################
# Install Bash-Exec #
################################
COPY --chmod=555 scripts/bash-exec.sh /usr/bin/bash-exec
################################################# #################################################
# Install Raku and additional Edge dependencies # # Install Raku and additional Edge dependencies #
################################################# #################################################
RUN apk add --no-cache rakudo zef RUN apk add --no-cache rakudo zef
####################
# Install dart-sdk #
####################
ARG DART_VERSION='2.8.4'
COPY scripts/install-dart-sdk.sh /
RUN /install-dart-sdk.sh && rm -rf /install-dart-sdk.sh
###################### ######################
# Install CheckStyle # # Install CheckStyle #
###################### ######################
@ -241,118 +281,32 @@ RUN --mount=type=secret,id=GITHUB_TOKEN /install-checkstyle.sh && rm -rf /instal
COPY scripts/install-google-java-format.sh / COPY scripts/install-google-java-format.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-google-java-format.sh && rm -rf /install-google-java-format.sh RUN --mount=type=secret,id=GITHUB_TOKEN /install-google-java-format.sh && rm -rf /install-google-java-format.sh
#################################
# Install luacheck and luarocks #
#################################
COPY scripts/install-lua.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-lua.sh && rm -rf /install-lua.sh
######################### #########################
# Clean to shrink image # # Clean to shrink image #
######################### #########################
RUN find /usr/ -type f -name '*.md' -exec rm {} + RUN find /usr/ -type f -name '*.md' -exec rm {} +
################################################################################ #####################
# Grab small clean image to build python packages ############################## # Install Bash-Exec #
################################################################################ #####################
FROM python:3.11.5-alpine3.17 as python_builder COPY --chmod=555 scripts/bash-exec.sh /usr/bin/bash-exec
RUN apk add --no-cache bash g++ git libffi-dev
COPY dependencies/python/ /stage
WORKDIR /stage
RUN ./build-venvs.sh
################################################################################ #################################
# Grab small clean image to build slim ################################### # Copy super-linter executables #
################################################################################ #################################
FROM alpine:3.19.0 as slim COPY lib /action/lib
############################ ###################################
# Get the build arguements # # Copy linter configuration files #
############################ ###################################
ARG BUILD_DATE COPY TEMPLATES /action/lib/.automation
ARG BUILD_REVISION
ARG BUILD_VERSION
## install alpine-pkg-glibc (glibc compatibility layer package for Alpine Linux)
ARG GLIBC_VERSION='2.34-r0'
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
ARG TARGETARCH
######################################### #########################
# Label the instance and set maintainer # # Configure Environment #
######################################### #########################
LABEL com.github.actions.name="GitHub Super-Linter" \ # Set image variant
com.github.actions.description="Lint your code base with GitHub Actions" \
com.github.actions.icon="code" \
com.github.actions.color="red" \
maintainer="@Hanse00, @ferrarimarco, @zkoppert" \
org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.revision=$BUILD_REVISION \
org.opencontainers.image.version=$BUILD_VERSION \
org.opencontainers.image.authors="Super Linter Contributors: https://github.com/super-linter/super-linter/graphs/contributors" \
org.opencontainers.image.url="https://github.com/super-linter/super-linter" \
org.opencontainers.image.source="https://github.com/super-linter/super-linter" \
org.opencontainers.image.documentation="https://github.com/super-linter/super-linter" \
org.opencontainers.image.vendor="GitHub" \
org.opencontainers.image.description="Lint your code base with GitHub Actions"
#################################################
# Set ENV values used for debugging the version #
#################################################
ENV BUILD_DATE=$BUILD_DATE
ENV BUILD_REVISION=$BUILD_REVISION
ENV BUILD_VERSION=$BUILD_VERSION
ENV IMAGE="slim" ENV IMAGE="slim"
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
# Store the key here because the above host is sometimes down, and breaks our builds
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
###############
# Install Git #
###############
RUN apk add --no-cache bash git git-lfs
##############################
# Install Phive dependencies #
##############################
COPY scripts/install-phive.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-phive.sh && rm -rf /install-phive.sh
####################################################
# Install Composer after all Libs have been copied #
####################################################
RUN sh -c 'curl --retry 5 --retry-delay 5 --show-error -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer'
#################################
# Copy the libraries into image #
#################################
COPY --from=base_image /usr/bin/ /usr/bin/
COPY --from=base_image /usr/local/bin/ /usr/local/bin/
COPY --from=base_image /usr/local/lib/ /usr/local/lib/
COPY --from=base_image /usr/local/share/ /usr/local/share/
COPY --from=base_image /usr/local/include/ /usr/local/include/
COPY --from=base_image /usr/lib/ /usr/lib/
COPY --from=base_image /usr/share/ /usr/share/
COPY --from=base_image /usr/include/ /usr/include/
COPY --from=base_image /lib/ /lib/
COPY --from=base_image /bin/ /bin/
COPY --from=base_image /node_modules/ /node_modules/
COPY --from=base_image /home/r-library /home/r-library
COPY --from=python_builder /venvs/ /venvs/
##################################
# Configure TFLint plugin folder #
##################################
ENV TFLINT_PLUGIN_DIR="/root/.tflint.d/plugins"
########################################
# Add node packages to path and dotnet #
########################################
ENV PATH="${PATH}:/node_modules/.bin"
###############################
# Add python packages to path #
###############################
ENV PATH="${PATH}:/venvs/ansible-lint/bin" ENV PATH="${PATH}:/venvs/ansible-lint/bin"
ENV PATH="${PATH}:/venvs/black/bin" ENV PATH="${PATH}:/venvs/black/bin"
ENV PATH="${PATH}:/venvs/cfn-lint/bin" ENV PATH="${PATH}:/venvs/cfn-lint/bin"
@ -366,55 +320,49 @@ ENV PATH="${PATH}:/venvs/snakemake/bin"
ENV PATH="${PATH}:/venvs/sqlfluff/bin" ENV PATH="${PATH}:/venvs/sqlfluff/bin"
ENV PATH="${PATH}:/venvs/yamllint/bin" ENV PATH="${PATH}:/venvs/yamllint/bin"
ENV PATH="${PATH}:/venvs/yq/bin" ENV PATH="${PATH}:/venvs/yq/bin"
ENV PATH="${PATH}:/node_modules/.bin"
##################
# Add go to path #
##################
ENV PATH="${PATH}:/usr/lib/go/bin" ENV PATH="${PATH}:/usr/lib/go/bin"
############################# # Configure TFLint plugin folder
# Copy scripts to container # ENV TFLINT_PLUGIN_DIR="/root/.tflint.d/plugins"
#############################
COPY lib /action/lib
################################## # Initialize TFLint plugins so we get plugin versions listed when we ask for TFLint version
# Copy linter rules to container # # Run to build version file and validate image
################################## RUN tflint --init -c /action/lib/.automation/.tflint.hcl \
COPY TEMPLATES /action/lib/.automation && ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
################
# Pull in libs #
################
COPY --from=base_image /usr/libexec/ /usr/libexec/
################################################
# Run to build version file and validate image #
################################################
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
######################
# Set the entrypoint #
######################
ENTRYPOINT ["/action/lib/linter.sh"] ENTRYPOINT ["/action/lib/linter.sh"]
################################################################################ # Initialize Terrascan
# Grab small clean image to build standard ############################### # Initialize ChkTeX config file
################################################################################ RUN terrascan init \
&& touch ~/.chktexrc
# Set build metadata here so we don't invalidate the container image cache if we
# change the values of these arguments
ARG BUILD_DATE
ARG BUILD_REVISION
ARG BUILD_VERSION
LABEL org.opencontainers.image.created=$BUILD_DATE \
org.opencontainers.image.revision=$BUILD_REVISION \
org.opencontainers.image.version=$BUILD_VERSION
ENV BUILD_DATE=$BUILD_DATE
ENV BUILD_REVISION=$BUILD_REVISION
ENV BUILD_VERSION=$BUILD_VERSION
##############################
# Build the standard variant #
##############################
FROM slim as standard FROM slim as standard
############### # https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
# Set up args # ARG TARGETARCH
###############
ARG GITHUB_TOKEN
ARG PWSH_VERSION='latest' ARG PWSH_VERSION='latest'
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell' ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
ARG PSSA_VERSION='1.21.0' ARG PSSA_VERSION='1.21.0'
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
ARG TARGETARCH
################
# Set ENV vars #
################
ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1" ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1"
ENV IMAGE="standard" ENV IMAGE="standard"
ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet" ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet"
@ -449,7 +397,5 @@ RUN --mount=type=secret,id=GITHUB_TOKEN /install-pwsh.sh && rm -rf /install-pwsh
COPY scripts/install-arm-ttk.sh / COPY scripts/install-arm-ttk.sh /
RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-arm-ttk.sh RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-arm-ttk.sh
######################################################################################## # Run to build version file and validate image again because we installed more linters
# Run to build version file and validate image again because we installed more linters #
########################################################################################
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh

View file

@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<phive xmlns="https://phar.io/phive"> <phive xmlns="https://phar.io/phive">
<!-- When adding new linter, do not forget to add its GPG key ID to Dockerfile --> <!-- When adding new linter, do not forget to add its GPG key ID to Dockerfile -->
<phar name="phpcs" version="^3.6" installed="3.6.2" location="/usr/local/bin/phpcs" copy="true"/> <phar name="composer" version="^2.6.6" installed="2.6.6" location="./usr/bin/composer" copy="false"/>
<phar name="phpstan" version="^3.6" installed="3.6.2" location="/usr/local/bin/phpstan" copy="true"/> <phar name="phpcs" version="^3.8.0" installed="3.8.0" location="/usr/local/bin/phpcs" copy="true"/>
<phar name="psalm" version="^4.18" installed="4.18.1" location="./usr/local/bin/psalm" copy="true"/> <phar name="phpstan" version="^1.10.48" installed="1.10.48" location="/usr/local/bin/phpstan" copy="true"/>
<phar name="psalm" version="^5.17.0" installed="4.18.1" location="./usr/local/bin/psalm" copy="true"/>
</phive> </phive>

View file

@ -6,10 +6,13 @@ set -euo pipefail
# Reference https://github.com/Azure/arm-ttk # Reference https://github.com/Azure/arm-ttk
# Reference https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit # Reference https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
https://api.github.com/repos/Azure/arm-ttk/releases/latest | jq -r '.tarball_url') https://api.github.com/repos/Azure/arm-ttk/releases/latest | jq -r '.tarball_url'
)
mkdir -p /usr/lib/microsoft mkdir -p /usr/lib/microsoft
curl --retry 5 --retry-delay 5 -sL \ curl --retry 5 --retry-delay 5 -sL \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \

View file

@ -2,14 +2,20 @@
set -euo pipefail set -euo pipefail
CHECKSTYLE_VERSION="$(grep <"checkstyle/build.gradle" "checkstyle" | awk -F ':' '{print $3}' | tr -d "'")" CHECKSTYLE_VERSION="$(
set -euo pipefail
grep <"checkstyle/build.gradle" "checkstyle" | awk -F ':' '{print $3}' | tr -d "'"
)"
echo "Installing Checkstyle: ${CHECKSTYLE_VERSION}" echo "Installing Checkstyle: ${CHECKSTYLE_VERSION}"
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/checkstyle/checkstyle/releases/tags/checkstyle-${CHECKSTYLE_VERSION}" | "https://api.github.com/repos/checkstyle/checkstyle/releases/tags/checkstyle-${CHECKSTYLE_VERSION}" |
jq --arg name "checkstyle-${CHECKSTYLE_VERSION}-all.jar" -r '.assets | .[] | select(.name==$name) | .url') jq --arg name "checkstyle-${CHECKSTYLE_VERSION}-all.jar" -r '.assets | .[] | select(.name==$name) | .url'
)
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/checkstyle \ curl --retry 5 --retry-delay 5 -sL -o /usr/bin/checkstyle \
-H "Accept: application/octet-stream" \ -H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \

View file

@ -15,19 +15,10 @@ arm64)
;; ;;
esac esac
url=$(curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url')
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
-H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"${url}"
apk add --no-cache --force-overwrite "glibc-${GLIBC_VERSION}.apk"
rm "glibc-${GLIBC_VERSION}.apk"
curl --retry 5 --retry-delay 5 -sO "https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${target}-release.zip" curl --retry 5 --retry-delay 5 -sO "https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${target}-release.zip"
unzip -q dartsdk-linux-${target}-release.zip unzip -q dartsdk-linux-${target}-release.zip
chmod +x dart-sdk/bin/dart* && mv dart-sdk/bin/* /usr/bin/ && mv dart-sdk/lib/* /usr/lib/ && mv dart-sdk/include/* /usr/include/ chmod +x dart-sdk/bin/dart*
rm -r dart-sdk/ dartsdk-linux-${target}-release.zip mv -v dart-sdk/bin/* /usr/bin/
mv -v dart-sdk/lib/* /usr/lib/
mv -v dart-sdk/include/* /usr/include/
rm -rv dart-sdk/ dartsdk-linux-${target}-release.zip

37
scripts/install-glibc.sh Executable file
View file

@ -0,0 +1,37 @@
#!/usr/bin/env bash
set -euo pipefail
case $TARGETARCH in
amd64)
target=x86_64
;;
arm64)
target=arm64
;;
*)
echo "$TARGETARCH is not supported"
exit 1
;;
esac
url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url'
)
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
-H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"${url}"
apk add --no-cache --force-overwrite "glibc-${GLIBC_VERSION}.apk"
rm "glibc-${GLIBC_VERSION}.apk"
# Install zlib
mkdir /tmp/libz
curl --retry 5 --retry-delay 5 -sL https://www.archlinux.org/packages/core/${target}/zlib/download | tar -x --zstd -C /tmp/libz
mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib
rm -rf /tmp/libz

View file

@ -2,14 +2,20 @@
set -euo pipefail set -euo pipefail
GOOGLE_JAVA_FORMAT_VERSION="$(grep <"google-java-format/build.gradle" "google-java-format" | awk -F ':' '{print $3}' | tr -d "'")" GOOGLE_JAVA_FORMAT_VERSION="$(
set -euo pipefail
grep <"google-java-format/build.gradle" "google-java-format" | awk -F ':' '{print $3}' | tr -d "'"
)"
echo "Installing Google Java Format: ${GOOGLE_JAVA_FORMAT_VERSION}" echo "Installing Google Java Format: ${GOOGLE_JAVA_FORMAT_VERSION}"
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/google/google-java-format/releases/tags/v${GOOGLE_JAVA_FORMAT_VERSION}" | "https://api.github.com/repos/google/google-java-format/releases/tags/v${GOOGLE_JAVA_FORMAT_VERSION}" |
jq --arg name "google-java-format-${GOOGLE_JAVA_FORMAT_VERSION}-all-deps.jar" -r '.assets | .[] | select(.name==$name) | .url') jq --arg name "google-java-format-${GOOGLE_JAVA_FORMAT_VERSION}-all-deps.jar" -r '.assets | .[] | select(.name==$name) | .url'
)
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/google-java-format \ curl --retry 5 --retry-delay 5 -sL -o /usr/bin/google-java-format \
-H "Accept: application/octet-stream" \ -H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \

View file

@ -2,15 +2,16 @@
set -euo pipefail set -euo pipefail
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/pinterest/ktlint/releases/tags/${KTLINT_VERSION}" | "https://api.github.com/repos/pinterest/ktlint/releases/tags/${KTLINT_VERSION}" |
jq -r '.assets | .[] | select(.name=="ktlint") | .url') jq -r '.assets | .[] | select(.name=="ktlint") | .url'
)
curl --retry 5 --retry-delay 5 -sL -o "/usr/bin/ktlint" \ curl --retry 5 --retry-delay 5 -sL -o "/usr/bin/ktlint" \
-H "Accept: application/octet-stream" \ -H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"${url}" "${url}"
chmod a+x /usr/bin/ktlint chmod a+x /usr/bin/ktlint
terrascan init
cd ~ && touch .chktexrc

View file

@ -8,10 +8,14 @@ make linux
make install make install
cd .. && rm -r lua-5.3.5/ cd .. && rm -r lua-5.3.5/
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
https://api.github.com/repos/cvega/luarocks/releases/latest | jq -r '.tarball_url') https://api.github.com/repos/cvega/luarocks/releases/latest |
jq -r '.tarball_url'
)
curl --retry 5 --retry-delay 5 -sL \ curl --retry 5 --retry-delay 5 -sL \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \

View file

@ -1,44 +1,13 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
set -x
case $TARGETARCH in # Install PHP
amd64) apk add --no-cache \
target=x86_64
;;
arm64)
target=aarch64
;;
*)
echo "$TARGETARCH is not supported"
exit 1
;;
esac
apk add curl jq
url=$(curl -s \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url')
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
-H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"${url}"
apk add --no-cache --force-overwrite \
bash \
ca-certificates \
"glibc-${GLIBC_VERSION}.apk" \
gnupg \
php82 php82-curl php82-ctype php82-dom php82-iconv php82-mbstring \ php82 php82-curl php82-ctype php82-dom php82-iconv php82-mbstring \
php82-openssl php82-phar php82-simplexml php82-tokenizer php82-xmlwriter \ php82-openssl php82-phar php82-simplexml php82-tokenizer php82-xmlwriter
tar zstd
rm "glibc-${GLIBC_VERSION}.apk" # Install phive
mkdir /tmp/libz
curl --retry 5 --retry-delay 5 -sL https://www.archlinux.org/packages/core/${target}/zlib/download | tar -x --zstd -C /tmp/libz
mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib
rm -rf /tmp/libz
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar.asc curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar.asc
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "0x9D8A98B29B2D5D79" gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "0x9D8A98B29B2D5D79"
@ -47,10 +16,7 @@ chmod +x phive.phar
mv phive.phar /usr/local/bin/phive mv phive.phar /usr/local/bin/phive
rm phive.phar.asc rm phive.phar.asc
# Install PHARs # Install the PHARs listed in phive.xml
phive --no-progress install \ phive --no-progress install \
--trust-gpg-keys 31C7E470E2138192,CF1A108D0E7AE720,8A03EA3B385DBAA1,12CE0F1D262429A5,5E6DDE998AB73B8E,51C67305FFC2E5C0 \ --trust-gpg-keys 31C7E470E2138192,CF1A108D0E7AE720,8A03EA3B385DBAA1,12CE0F1D262429A5,5E6DDE998AB73B8E,51C67305FFC2E5C0,CBB3D576F2A0946F \
--target /usr/bin \ --target /usr/bin
phpstan@^1.10.48 \
psalm@^5.17.0 \
phpcs@^3.8.0

View file

@ -10,8 +10,6 @@ case $TARGETARCH in
amd64) amd64)
target=x64 target=x64
;; ;;
# arm64)
# only on ubuntu
*) *)
echo "$TARGETARCH is not supported" echo "$TARGETARCH is not supported"
exit 1 exit 1
@ -19,11 +17,14 @@ amd64)
esac esac
mkdir -p "${PWSH_DIRECTORY}" mkdir -p "${PWSH_DIRECTORY}"
url=$(curl -s \ url=$(
set -euo pipefail
curl -s \
-H "Accept: application/vnd.github+json" \ -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
"https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" | "https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" |
jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url') jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url'
)
curl --retry 5 --retry-delay 5 -sL \ curl --retry 5 --retry-delay 5 -sL \
-H "Accept: application/octet-stream" \ -H "Accept: application/octet-stream" \
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \ -H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \

View file

@ -14,8 +14,12 @@ control "super-linter-installed-packages" do
packages = [ packages = [
"bash", "bash",
"ca-certificates", "ca-certificates",
"cargo",
"cmake",
"coreutils", "coreutils",
"curl", "curl",
"file",
"g++",
"gcc", "gcc",
"git-lfs", "git-lfs",
"git", "git",
@ -23,6 +27,7 @@ control "super-linter-installed-packages" do
"gnupg", "gnupg",
"go", "go",
"icu-libs", "icu-libs",
"jpeg-dev",
"jq", "jq",
"krb5-libs", "krb5-libs",
"libc-dev", "libc-dev",
@ -30,7 +35,7 @@ control "super-linter-installed-packages" do
"libffi-dev", "libffi-dev",
"libgcc", "libgcc",
"libintl", "libintl",
"libssl1.1", "libssl3",
"libstdc++", "libstdc++",
"libxml2-dev", "libxml2-dev",
"libxml2-utils", "libxml2-utils",
@ -38,28 +43,44 @@ control "super-linter-installed-packages" do
"lttng-ust-dev", "lttng-ust-dev",
"make", "make",
"musl-dev", "musl-dev",
"npm",
"nodejs-current", "nodejs-current",
"npm",
"net-snmp-dev",
"openjdk17-jre", "openjdk17-jre",
"openssh-client",
"openssl-dev", "openssl-dev",
"parallel",
"perl-dev", "perl-dev",
"perl", "perl",
"php82",
"php82-ctype",
"php82-curl",
"php82-dom",
"php82-iconv",
"php82-mbstring",
"php82-openssl",
"php82-phar",
"php82-simplexml",
"php82-tokenizer",
"php82-xmlwriter",
"py3-pyflakes", "py3-pyflakes",
"py3-setuptools", "py3-setuptools",
"python3-dev", "python3-dev",
"rakudo",
"R-dev", "R-dev",
"R-doc", "R-doc",
"R", "R",
"rakudo",
"readline-dev", "readline-dev",
"ruby-bundler", "ruby-bundler",
"ruby-dev", "ruby-dev",
"ruby-rdoc", "ruby-rdoc",
"ruby", "ruby",
"rustup", "rustup",
"tar",
"zef", "zef",
"zlib-dev", "zlib-dev",
"zlib" "zlib",
"zstd"
] ]
# Removed linters from slim image # Removed linters from slim image
@ -94,26 +115,28 @@ control "super-linter-installed-commands" do
{ linter_name: "actionlint"}, { linter_name: "actionlint"},
{ linter_name: "ansible-lint", expected_stdout_regex: /(.*)/}, { linter_name: "ansible-lint", expected_stdout_regex: /(.*)/},
{ linter_name: "arm-ttk", version_command: "grep -iE 'version' '/usr/bin/arm-ttk' | xargs"}, { linter_name: "arm-ttk", version_command: "grep -iE 'version' '/usr/bin/arm-ttk' | xargs"},
{ linter_name: "asl-validator", expected_exit_status: 0}, { linter_name: "asl-validator"},
{ linter_name: "bash-exec", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command { linter_name: "bash-exec", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
{ linter_name: "black"}, { linter_name: "black"},
{ linter_name: "clang-format"},
{ linter_name: "cfn-lint"}, { linter_name: "cfn-lint"},
{ linter_name: "checkstyle", version_command: "java -jar /usr/bin/checkstyle --version"}, { linter_name: "checkstyle", version_command: "java -jar /usr/bin/checkstyle --version"},
{ linter_name: "google-java-format", version_command: "java -jar /usr/bin/google-java-format --version"},
{ linter_name: "chktex"}, { linter_name: "chktex"},
{ linter_name: "clang-format"},
{ linter_name: "clippy", linter_command: "clippy", version_command: "cargo-clippy --version"}, { linter_name: "clippy", linter_command: "clippy", version_command: "cargo-clippy --version"},
{ linter_name: "clj-kondo"}, { linter_name: "clj-kondo"},
{ linter_name: "coffeelint"}, { linter_name: "coffeelint"},
{ linter_name: "composer"},
{ linter_name: "cpplint"}, { linter_name: "cpplint"},
{ linter_name: "dart"}, { linter_name: "dart"},
{ linter_name: "dotnet"},
{ linter_name: "dotenv-linter"}, { linter_name: "dotenv-linter"},
{ linter_name: "dotnet"},
{ linter_name: "editorconfig-checker", version_option: "-version"}, { linter_name: "editorconfig-checker", version_option: "-version"},
{ linter_name: "eslint"}, { linter_name: "eslint"},
{ linter_name: "flake8"}, { linter_name: "flake8"},
{ linter_name: "gherkin-lint", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command { linter_name: "gherkin-lint", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
{ linter_name: "gitleaks", version_option: "version"},
{ linter_name: "golangci-lint"}, { linter_name: "golangci-lint"},
{ linter_name: "google-java-format", version_command: "java -jar /usr/bin/google-java-format --version"},
{ linter_name: "hadolint"}, { linter_name: "hadolint"},
{ linter_name: "htmlhint"}, { linter_name: "htmlhint"},
{ linter_name: "isort"}, { linter_name: "isort"},
@ -128,6 +151,7 @@ control "super-linter-installed-commands" do
{ linter_name: "php"}, { linter_name: "php"},
{ linter_name: "phpcs"}, { linter_name: "phpcs"},
{ linter_name: "phpstan"}, { linter_name: "phpstan"},
{ linter_name: "prettier"},
{ linter_name: "protolint", version_option: "version"}, { linter_name: "protolint", version_option: "version"},
{ linter_name: "psalm"}, { linter_name: "psalm"},
{ linter_name: "pwsh"}, { linter_name: "pwsh"},
@ -136,6 +160,7 @@ control "super-linter-installed-commands" do
lintr_ver <- packageVersion('lintr'); \ lintr_ver <- packageVersion('lintr'); \
glue::glue('lintr { lintr_ver } on { r_ver }')\""}, glue::glue('lintr { lintr_ver } on { r_ver }')\""},
{ linter_name: "raku", version_command: "raku --version | strings -n 8"}, { linter_name: "raku", version_command: "raku --version | strings -n 8"},
{ linter_name: "renovate-config-validator", version_command: "renovate --version"},
{ linter_name: "rubocop"}, { linter_name: "rubocop"},
{ linter_name: "rustfmt"}, { linter_name: "rustfmt"},
{ linter_name: "scalafmt"}, { linter_name: "scalafmt"},
@ -152,7 +177,9 @@ control "super-linter-installed-commands" do
{ linter_name: "terraform"}, { linter_name: "terraform"},
{ linter_name: "terragrunt"}, { linter_name: "terragrunt"},
{ linter_name: "terrascan", version_option: "version"}, { linter_name: "terrascan", version_option: "version"},
{ linter_name: "textlint"},
{ linter_name: "tflint"}, { linter_name: "tflint"},
{ linter_name: "ts-standard"},
{ linter_name: "xmllint"}, { linter_name: "xmllint"},
{ linter_name: "yamllint"}, { linter_name: "yamllint"},
] ]
@ -242,9 +269,12 @@ control "super-linter-installed-ruby-gems" do
gems = [ gems = [
"rubocop", "rubocop",
"rubocop-github", "rubocop-github",
"rubocop-minitest",
"rubocop-performance", "rubocop-performance",
"rubocop-rails", "rubocop-rails",
"rubocop-rspec" "rubocop-rake",
"rubocop-rspec",
"standard"
] ]
gems.each do |item| gems.each do |item|
@ -252,7 +282,6 @@ control "super-linter-installed-ruby-gems" do
it { should be_installed } it { should be_installed }
end end
end end
end end
############################################### ###############################################
@ -268,38 +297,61 @@ control "super-linter-installed-npm-packages" do
"@babel/preset-react", "@babel/preset-react",
"@babel/preset-typescript", "@babel/preset-typescript",
"@coffeelint/cli", "@coffeelint/cli",
"@react-native-community/eslint-config",
"@react-native-community/eslint-plugin",
"@stoplight/spectral-cli", "@stoplight/spectral-cli",
"@typescript-eslint/eslint-plugin", "@typescript-eslint/eslint-plugin",
"@typescript-eslint/parser", "@typescript-eslint/parser",
"asl-validator", "asl-validator",
#"axios", "axios",
#"eslint", "eslint",
"eslint-config-airbnb", "eslint-config-airbnb",
"eslint-config-airbnb-typescript",
"eslint-config-prettier", "eslint-config-prettier",
"eslint-plugin-jest", "eslint-plugin-jest",
"eslint-plugin-json", "eslint-plugin-json",
"eslint-plugin-jsonc", "eslint-plugin-jsonc",
"eslint-plugin-jsx-a11y", "eslint-plugin-jsx-a11y",
"eslint-plugin-prettier", "eslint-plugin-prettier",
"eslint-plugin-react",
"eslint-plugin-react-hooks",
"eslint-plugin-vue",
"gherkin-lint", "gherkin-lint",
"htmlhint", "htmlhint",
#"immer", "immer",
#"ini", "ini",
"jscpd", "jscpd",
#"lodash", "lodash",
"markdownlint-cli", "markdownlint-cli",
#"node-fetch", "next",
"next-pwa",
"node-fetch",
"npm-groovy-lint", "npm-groovy-lint",
"postcss-less",
"prettier", "prettier",
"prettyjson", "prettyjson",
#"pug", "pug",
"react",
"react-dom",
"react-intl",
"react-redux",
"react-router-dom",
"renovate",
"sql-lint", "sql-lint",
"standard", "standard",
"stylelint", "stylelint",
"stylelint-config-recommended-scss",
"stylelint-config-sass-guidelines", "stylelint-config-sass-guidelines",
"stylelint-config-standard", "stylelint-config-standard",
#"stylelint-scss", "stylelint-config-standard-scss",
"stylelint-prettier",
"stylelint-scss",
"tekton-lint", "tekton-lint",
"textlint",
"textlint-filter-rule-allowlist",
"textlint-filter-rule-comments",
"textlint-rule-terminology",
"ts-standard",
"typescript" "typescript"
] ]
@ -308,7 +360,37 @@ control "super-linter-installed-npm-packages" do
it { should be_installed } it { should be_installed }
end end
end end
end
###############################################
# Check to see if PyPi packages are installed #
###############################################
control "super-linter-installed-pypi-packages" do
impact 1
title "Super-Linter installed PyPi packages check"
desc "Check that PyPi packages that Super-Linter needs are installed."
pypi_packages = [
"ansible-lint",
"black",
"cfn-lint",
"cpplint",
"flake8",
"isort",
"mypy",
"pylint",
"snakefmt",
"snakemake",
"sqlfluff",
"yamllint",
"yq"
]
pypi_packages.each do |item|
describe pip(item, "/venvs/#{item}/bin/pip") do
it { should be_installed }
end
end
end end
##################################### #####################################