mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-24 17:50:58 -05:00
Simplify container image build (#4962)
This commit is contained in:
parent
22564fb65c
commit
22b8624f61
16 changed files with 354 additions and 312 deletions
5
.github/CODEOWNERS
vendored
5
.github/CODEOWNERS
vendored
|
@ -1,4 +1 @@
|
||||||
######################################################################
|
* @zkoppert @Hanse00 @ferrarimarco
|
||||||
# These owners will be the default owners for everything in the repo #
|
|
||||||
######################################################################
|
|
||||||
* @admiralawkbar @lindluni @zkoppert @nemchik @Hanse00 @GaboFDC @ferrarimarco
|
|
||||||
|
|
2
.github/workflows/cd.yml
vendored
2
.github/workflows/cd.yml
vendored
|
@ -149,6 +149,6 @@ jobs:
|
||||||
title: "Failed to deploy to production",
|
title: "Failed to deploy to production",
|
||||||
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
|
body: "Automation has failed us!\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
|
||||||
assignees: [
|
assignees: [
|
||||||
"zkoppert", "Hanse00"
|
"zkoppert", "Hanse00", "ferrarimarco"
|
||||||
]
|
]
|
||||||
})
|
})
|
||||||
|
|
3
.github/workflows/release.yml
vendored
3
.github/workflows/release.yml
vendored
|
@ -132,6 +132,7 @@ jobs:
|
||||||
body: "Automation has failed us! Failed to push release ${{ env.RELEASE_VERSION }}\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
|
body: "Automation has failed us! Failed to push release ${{ env.RELEASE_VERSION }}\nMore information can be found at:\n - ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
|
||||||
assignees: [
|
assignees: [
|
||||||
'zkoppert',
|
'zkoppert',
|
||||||
'Hanse00'
|
'Hanse00',
|
||||||
|
'ferrarimarco'
|
||||||
]
|
]
|
||||||
})
|
})
|
||||||
|
|
334
Dockerfile
334
Dockerfile
|
@ -4,6 +4,8 @@
|
||||||
###########################################
|
###########################################
|
||||||
###########################################
|
###########################################
|
||||||
|
|
||||||
|
ARG GLIBC_VERSION='2.34-r0'
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Get dependency images as build stages #
|
# Get dependency images as build stages #
|
||||||
#########################################
|
#########################################
|
||||||
|
@ -16,7 +18,7 @@ FROM ghcr.io/terraform-linters/tflint:v0.48.0 as tflint
|
||||||
FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm
|
FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm
|
||||||
FROM golang:1.21.5-alpine as golang
|
FROM golang:1.21.5-alpine as golang
|
||||||
FROM golangci/golangci-lint:v1.55.2 as golangci-lint
|
FROM golangci/golangci-lint:v1.55.2 as golangci-lint
|
||||||
FROM hadolint/hadolint:latest-alpine as dockerfile-lint
|
FROM hadolint/hadolint:v2.12.0-alpine as dockerfile-lint
|
||||||
FROM hashicorp/terraform:1.6.5 as terraform
|
FROM hashicorp/terraform:1.6.5 as terraform
|
||||||
FROM koalaman/shellcheck:v0.9.0 as shellcheck
|
FROM koalaman/shellcheck:v0.9.0 as shellcheck
|
||||||
FROM mstruebing/editorconfig-checker:2.7.2 as editorconfig-checker
|
FROM mstruebing/editorconfig-checker:2.7.2 as editorconfig-checker
|
||||||
|
@ -26,72 +28,84 @@ FROM scalameta/scalafmt:v3.7.17 as scalafmt
|
||||||
FROM zricethezav/gitleaks:v8.18.1 as gitleaks
|
FROM zricethezav/gitleaks:v8.18.1 as gitleaks
|
||||||
FROM yoheimuta/protolint:0.46.3 as protolint
|
FROM yoheimuta/protolint:0.46.3 as protolint
|
||||||
|
|
||||||
##################
|
FROM python:3.12.1-alpine3.19 as slim
|
||||||
# Get base image #
|
|
||||||
##################
|
LABEL com.github.actions.name="Super-Linter" \
|
||||||
FROM python:3.11.5-alpine3.17 as base_image
|
com.github.actions.description="A collection of code linters and analyzers." \
|
||||||
|
com.github.actions.icon="code" \
|
||||||
|
com.github.actions.color="red" \
|
||||||
|
maintainer="@Hanse00, @ferrarimarco, @zkoppert" \
|
||||||
|
org.opencontainers.image.authors="Super Linter Contributors: https://github.com/super-linter/super-linter/graphs/contributors" \
|
||||||
|
org.opencontainers.image.url="https://github.com/super-linter/super-linter" \
|
||||||
|
org.opencontainers.image.source="https://github.com/super-linter/super-linter" \
|
||||||
|
org.opencontainers.image.documentation="https://github.com/super-linter/super-linter" \
|
||||||
|
org.opencontainers.image.vendor="GitHub" \
|
||||||
|
org.opencontainers.image.description="A collection of code linters and analyzers."
|
||||||
|
|
||||||
################################
|
|
||||||
# Set ARG values used in Build #
|
|
||||||
################################
|
|
||||||
ARG CLJ_KONDO_VERSION='2023.05.18'
|
|
||||||
# Dart Linter
|
|
||||||
## stable dart sdk: https://dart.dev/get-dart#release-channels
|
|
||||||
ARG DART_VERSION='2.8.4'
|
|
||||||
## install alpine-pkg-glibc (glibc compatibility layer package for Alpine Linux)
|
|
||||||
ARG GLIBC_VERSION='2.34-r0'
|
|
||||||
ARG KTLINT_VERSION='0.47.1'
|
|
||||||
# PowerShell & PSScriptAnalyzer linter
|
|
||||||
ARG PSSA_VERSION='1.21.0'
|
|
||||||
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
|
|
||||||
ARG PWSH_VERSION='v7.3.1'
|
|
||||||
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
||||||
ARG TARGETARCH
|
ARG TARGETARCH
|
||||||
|
|
||||||
####################
|
# Install bash first so we can use it
|
||||||
# Run APK installs #
|
RUN apk add --no-cache \
|
||||||
####################
|
bash
|
||||||
|
|
||||||
|
SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
|
||||||
|
|
||||||
RUN apk add --no-cache \
|
RUN apk add --no-cache \
|
||||||
bash \
|
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
cargo \
|
cargo \
|
||||||
cmake \
|
cmake \
|
||||||
coreutils \
|
coreutils \
|
||||||
curl \
|
curl \
|
||||||
file \
|
file \
|
||||||
gcc \
|
|
||||||
g++ \
|
g++ \
|
||||||
git git-lfs \
|
gcc \
|
||||||
|
git \
|
||||||
|
git-lfs \
|
||||||
gnupg \
|
gnupg \
|
||||||
icu-libs \
|
icu-libs \
|
||||||
jpeg-dev \
|
jpeg-dev \
|
||||||
jq \
|
jq \
|
||||||
krb5-libs \
|
krb5-libs \
|
||||||
libc-dev libcurl libffi-dev libgcc \
|
libc-dev \
|
||||||
libintl libssl1.1 libstdc++ \
|
libcurl \
|
||||||
libxml2-dev libxml2-utils \
|
libffi-dev \
|
||||||
|
libgcc \
|
||||||
|
libintl \
|
||||||
|
libssl3 \
|
||||||
|
libstdc++ \
|
||||||
|
libxml2-dev \
|
||||||
|
libxml2-utils \
|
||||||
linux-headers \
|
linux-headers \
|
||||||
lttng-ust-dev \
|
lttng-ust-dev \
|
||||||
make \
|
make \
|
||||||
musl-dev \
|
musl-dev \
|
||||||
net-snmp-dev \
|
net-snmp-dev \
|
||||||
npm nodejs-current \
|
nodejs-current \
|
||||||
|
npm \
|
||||||
openjdk17-jre \
|
openjdk17-jre \
|
||||||
openssh-client \
|
openssh-client \
|
||||||
openssl-dev \
|
openssl-dev \
|
||||||
parallel \
|
parallel \
|
||||||
perl perl-dev \
|
perl \
|
||||||
py3-setuptools python3-dev \
|
perl-dev \
|
||||||
py3-pyflakes \
|
py3-pyflakes \
|
||||||
R R-dev R-doc \
|
py3-setuptools \
|
||||||
|
python3-dev \
|
||||||
|
R \
|
||||||
|
R-dev \
|
||||||
|
R-doc \
|
||||||
readline-dev \
|
readline-dev \
|
||||||
ruby ruby-dev ruby-bundler ruby-rdoc \
|
ruby \
|
||||||
|
ruby-bundler \
|
||||||
|
ruby-dev \
|
||||||
|
ruby-rdoc \
|
||||||
rustup \
|
rustup \
|
||||||
zlib zlib-dev
|
tar \
|
||||||
|
zlib \
|
||||||
|
zlib-dev \
|
||||||
|
zstd
|
||||||
|
|
||||||
########################################
|
|
||||||
# Copy dependencies files to container #
|
|
||||||
########################################
|
|
||||||
COPY dependencies/ /
|
COPY dependencies/ /
|
||||||
|
|
||||||
###################################################################
|
###################################################################
|
||||||
|
@ -191,44 +205,70 @@ COPY --from=actionlint /usr/local/bin/actionlint /usr/bin/
|
||||||
######################
|
######################
|
||||||
COPY --from=kubeconfrm /kubeconform /usr/bin/
|
COPY --from=kubeconfrm /kubeconform /usr/bin/
|
||||||
|
|
||||||
|
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
||||||
|
# Store the key here because the above host is sometimes down, and breaks our builds
|
||||||
|
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
||||||
|
|
||||||
|
#################
|
||||||
|
# Install glibc #
|
||||||
|
#################
|
||||||
|
ARG GLIBC_VERSION
|
||||||
|
COPY scripts/install-glibc.sh /
|
||||||
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-glibc.sh && rm -rf /install-glibc.sh
|
||||||
|
|
||||||
#################
|
#################
|
||||||
# Install Lintr #
|
# Install Lintr #
|
||||||
#################
|
#################
|
||||||
COPY scripts/install-lintr.sh /
|
COPY scripts/install-lintr.sh /
|
||||||
RUN /install-lintr.sh && rm -rf /install-lintr.sh
|
RUN /install-lintr.sh && rm -rf /install-lintr.sh
|
||||||
|
|
||||||
|
#################################
|
||||||
|
# Install luacheck and luarocks #
|
||||||
|
#################################
|
||||||
|
COPY scripts/install-lua.sh /
|
||||||
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-lua.sh && rm -rf /install-lua.sh
|
||||||
|
|
||||||
|
#####################################
|
||||||
|
# Build python virtual environments #
|
||||||
|
#####################################
|
||||||
|
COPY dependencies/python/ /stage
|
||||||
|
WORKDIR /stage
|
||||||
|
RUN ./build-venvs.sh
|
||||||
|
# Set work directory back to root because some scripts depend on it
|
||||||
|
WORKDIR /
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# Install Phive dependencies #
|
||||||
|
##############################
|
||||||
|
COPY scripts/install-phive.sh /
|
||||||
|
RUN /install-phive.sh && rm -rf /install-phive.sh
|
||||||
|
|
||||||
#####################
|
#####################
|
||||||
# Install clj-kondo #
|
# Install clj-kondo #
|
||||||
#####################
|
#####################
|
||||||
|
ARG CLJ_KONDO_VERSION='2023.05.18'
|
||||||
COPY scripts/install-clj-kondo.sh /
|
COPY scripts/install-clj-kondo.sh /
|
||||||
RUN /install-clj-kondo.sh && rm -rf /install-clj-kondo.sh
|
RUN /install-clj-kondo.sh && rm -rf /install-clj-kondo.sh
|
||||||
|
|
||||||
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
|
||||||
# Store the key here because the above host is sometimes down, and breaks our builds
|
|
||||||
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
|
||||||
|
|
||||||
##################
|
##################
|
||||||
# Install ktlint #
|
# Install ktlint #
|
||||||
##################
|
##################
|
||||||
|
ARG KTLINT_VERSION='0.47.1'
|
||||||
COPY scripts/install-ktlint.sh /
|
COPY scripts/install-ktlint.sh /
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-ktlint.sh && rm -rf /install-ktlint.sh
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-ktlint.sh && rm -rf /install-ktlint.sh
|
||||||
|
|
||||||
####################
|
|
||||||
# Install dart-sdk #
|
|
||||||
####################
|
|
||||||
COPY scripts/install-dart-sdk.sh /
|
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-dart-sdk.sh && rm -rf /install-dart-sdk.sh
|
|
||||||
|
|
||||||
################################
|
|
||||||
# Install Bash-Exec #
|
|
||||||
################################
|
|
||||||
COPY --chmod=555 scripts/bash-exec.sh /usr/bin/bash-exec
|
|
||||||
|
|
||||||
#################################################
|
#################################################
|
||||||
# Install Raku and additional Edge dependencies #
|
# Install Raku and additional Edge dependencies #
|
||||||
#################################################
|
#################################################
|
||||||
RUN apk add --no-cache rakudo zef
|
RUN apk add --no-cache rakudo zef
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Install dart-sdk #
|
||||||
|
####################
|
||||||
|
ARG DART_VERSION='2.8.4'
|
||||||
|
COPY scripts/install-dart-sdk.sh /
|
||||||
|
RUN /install-dart-sdk.sh && rm -rf /install-dart-sdk.sh
|
||||||
|
|
||||||
######################
|
######################
|
||||||
# Install CheckStyle #
|
# Install CheckStyle #
|
||||||
######################
|
######################
|
||||||
|
@ -241,118 +281,32 @@ RUN --mount=type=secret,id=GITHUB_TOKEN /install-checkstyle.sh && rm -rf /instal
|
||||||
COPY scripts/install-google-java-format.sh /
|
COPY scripts/install-google-java-format.sh /
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-google-java-format.sh && rm -rf /install-google-java-format.sh
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-google-java-format.sh && rm -rf /install-google-java-format.sh
|
||||||
|
|
||||||
#################################
|
|
||||||
# Install luacheck and luarocks #
|
|
||||||
#################################
|
|
||||||
COPY scripts/install-lua.sh /
|
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-lua.sh && rm -rf /install-lua.sh
|
|
||||||
|
|
||||||
#########################
|
#########################
|
||||||
# Clean to shrink image #
|
# Clean to shrink image #
|
||||||
#########################
|
#########################
|
||||||
RUN find /usr/ -type f -name '*.md' -exec rm {} +
|
RUN find /usr/ -type f -name '*.md' -exec rm {} +
|
||||||
|
|
||||||
################################################################################
|
#####################
|
||||||
# Grab small clean image to build python packages ##############################
|
# Install Bash-Exec #
|
||||||
################################################################################
|
#####################
|
||||||
FROM python:3.11.5-alpine3.17 as python_builder
|
COPY --chmod=555 scripts/bash-exec.sh /usr/bin/bash-exec
|
||||||
RUN apk add --no-cache bash g++ git libffi-dev
|
|
||||||
COPY dependencies/python/ /stage
|
|
||||||
WORKDIR /stage
|
|
||||||
RUN ./build-venvs.sh
|
|
||||||
|
|
||||||
################################################################################
|
#################################
|
||||||
# Grab small clean image to build slim ###################################
|
# Copy super-linter executables #
|
||||||
################################################################################
|
#################################
|
||||||
FROM alpine:3.19.0 as slim
|
COPY lib /action/lib
|
||||||
|
|
||||||
############################
|
###################################
|
||||||
# Get the build arguements #
|
# Copy linter configuration files #
|
||||||
############################
|
###################################
|
||||||
ARG BUILD_DATE
|
COPY TEMPLATES /action/lib/.automation
|
||||||
ARG BUILD_REVISION
|
|
||||||
ARG BUILD_VERSION
|
|
||||||
## install alpine-pkg-glibc (glibc compatibility layer package for Alpine Linux)
|
|
||||||
ARG GLIBC_VERSION='2.34-r0'
|
|
||||||
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
|
||||||
ARG TARGETARCH
|
|
||||||
|
|
||||||
#########################################
|
#########################
|
||||||
# Label the instance and set maintainer #
|
# Configure Environment #
|
||||||
#########################################
|
#########################
|
||||||
LABEL com.github.actions.name="GitHub Super-Linter" \
|
# Set image variant
|
||||||
com.github.actions.description="Lint your code base with GitHub Actions" \
|
|
||||||
com.github.actions.icon="code" \
|
|
||||||
com.github.actions.color="red" \
|
|
||||||
maintainer="@Hanse00, @ferrarimarco, @zkoppert" \
|
|
||||||
org.opencontainers.image.created=$BUILD_DATE \
|
|
||||||
org.opencontainers.image.revision=$BUILD_REVISION \
|
|
||||||
org.opencontainers.image.version=$BUILD_VERSION \
|
|
||||||
org.opencontainers.image.authors="Super Linter Contributors: https://github.com/super-linter/super-linter/graphs/contributors" \
|
|
||||||
org.opencontainers.image.url="https://github.com/super-linter/super-linter" \
|
|
||||||
org.opencontainers.image.source="https://github.com/super-linter/super-linter" \
|
|
||||||
org.opencontainers.image.documentation="https://github.com/super-linter/super-linter" \
|
|
||||||
org.opencontainers.image.vendor="GitHub" \
|
|
||||||
org.opencontainers.image.description="Lint your code base with GitHub Actions"
|
|
||||||
|
|
||||||
#################################################
|
|
||||||
# Set ENV values used for debugging the version #
|
|
||||||
#################################################
|
|
||||||
ENV BUILD_DATE=$BUILD_DATE
|
|
||||||
ENV BUILD_REVISION=$BUILD_REVISION
|
|
||||||
ENV BUILD_VERSION=$BUILD_VERSION
|
|
||||||
ENV IMAGE="slim"
|
ENV IMAGE="slim"
|
||||||
|
|
||||||
# Source: https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
|
|
||||||
# Store the key here because the above host is sometimes down, and breaks our builds
|
|
||||||
COPY dependencies/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
|
|
||||||
|
|
||||||
###############
|
|
||||||
# Install Git #
|
|
||||||
###############
|
|
||||||
RUN apk add --no-cache bash git git-lfs
|
|
||||||
|
|
||||||
##############################
|
|
||||||
# Install Phive dependencies #
|
|
||||||
##############################
|
|
||||||
COPY scripts/install-phive.sh /
|
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-phive.sh && rm -rf /install-phive.sh
|
|
||||||
|
|
||||||
####################################################
|
|
||||||
# Install Composer after all Libs have been copied #
|
|
||||||
####################################################
|
|
||||||
RUN sh -c 'curl --retry 5 --retry-delay 5 --show-error -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer'
|
|
||||||
|
|
||||||
#################################
|
|
||||||
# Copy the libraries into image #
|
|
||||||
#################################
|
|
||||||
COPY --from=base_image /usr/bin/ /usr/bin/
|
|
||||||
COPY --from=base_image /usr/local/bin/ /usr/local/bin/
|
|
||||||
COPY --from=base_image /usr/local/lib/ /usr/local/lib/
|
|
||||||
COPY --from=base_image /usr/local/share/ /usr/local/share/
|
|
||||||
COPY --from=base_image /usr/local/include/ /usr/local/include/
|
|
||||||
COPY --from=base_image /usr/lib/ /usr/lib/
|
|
||||||
COPY --from=base_image /usr/share/ /usr/share/
|
|
||||||
COPY --from=base_image /usr/include/ /usr/include/
|
|
||||||
COPY --from=base_image /lib/ /lib/
|
|
||||||
COPY --from=base_image /bin/ /bin/
|
|
||||||
COPY --from=base_image /node_modules/ /node_modules/
|
|
||||||
COPY --from=base_image /home/r-library /home/r-library
|
|
||||||
COPY --from=python_builder /venvs/ /venvs/
|
|
||||||
|
|
||||||
##################################
|
|
||||||
# Configure TFLint plugin folder #
|
|
||||||
##################################
|
|
||||||
ENV TFLINT_PLUGIN_DIR="/root/.tflint.d/plugins"
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Add node packages to path and dotnet #
|
|
||||||
########################################
|
|
||||||
ENV PATH="${PATH}:/node_modules/.bin"
|
|
||||||
|
|
||||||
###############################
|
|
||||||
# Add python packages to path #
|
|
||||||
###############################
|
|
||||||
ENV PATH="${PATH}:/venvs/ansible-lint/bin"
|
ENV PATH="${PATH}:/venvs/ansible-lint/bin"
|
||||||
ENV PATH="${PATH}:/venvs/black/bin"
|
ENV PATH="${PATH}:/venvs/black/bin"
|
||||||
ENV PATH="${PATH}:/venvs/cfn-lint/bin"
|
ENV PATH="${PATH}:/venvs/cfn-lint/bin"
|
||||||
|
@ -366,55 +320,49 @@ ENV PATH="${PATH}:/venvs/snakemake/bin"
|
||||||
ENV PATH="${PATH}:/venvs/sqlfluff/bin"
|
ENV PATH="${PATH}:/venvs/sqlfluff/bin"
|
||||||
ENV PATH="${PATH}:/venvs/yamllint/bin"
|
ENV PATH="${PATH}:/venvs/yamllint/bin"
|
||||||
ENV PATH="${PATH}:/venvs/yq/bin"
|
ENV PATH="${PATH}:/venvs/yq/bin"
|
||||||
|
ENV PATH="${PATH}:/node_modules/.bin"
|
||||||
##################
|
|
||||||
# Add go to path #
|
|
||||||
##################
|
|
||||||
ENV PATH="${PATH}:/usr/lib/go/bin"
|
ENV PATH="${PATH}:/usr/lib/go/bin"
|
||||||
|
|
||||||
#############################
|
# Configure TFLint plugin folder
|
||||||
# Copy scripts to container #
|
ENV TFLINT_PLUGIN_DIR="/root/.tflint.d/plugins"
|
||||||
#############################
|
|
||||||
COPY lib /action/lib
|
|
||||||
|
|
||||||
##################################
|
# Initialize TFLint plugins so we get plugin versions listed when we ask for TFLint version
|
||||||
# Copy linter rules to container #
|
# Run to build version file and validate image
|
||||||
##################################
|
RUN tflint --init -c /action/lib/.automation/.tflint.hcl \
|
||||||
COPY TEMPLATES /action/lib/.automation
|
&& ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
||||||
|
|
||||||
################
|
|
||||||
# Pull in libs #
|
|
||||||
################
|
|
||||||
COPY --from=base_image /usr/libexec/ /usr/libexec/
|
|
||||||
|
|
||||||
################################################
|
|
||||||
# Run to build version file and validate image #
|
|
||||||
################################################
|
|
||||||
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
|
||||||
|
|
||||||
######################
|
|
||||||
# Set the entrypoint #
|
|
||||||
######################
|
|
||||||
ENTRYPOINT ["/action/lib/linter.sh"]
|
ENTRYPOINT ["/action/lib/linter.sh"]
|
||||||
|
|
||||||
################################################################################
|
# Initialize Terrascan
|
||||||
# Grab small clean image to build standard ###############################
|
# Initialize ChkTeX config file
|
||||||
################################################################################
|
RUN terrascan init \
|
||||||
|
&& touch ~/.chktexrc
|
||||||
|
|
||||||
|
# Set build metadata here so we don't invalidate the container image cache if we
|
||||||
|
# change the values of these arguments
|
||||||
|
ARG BUILD_DATE
|
||||||
|
ARG BUILD_REVISION
|
||||||
|
ARG BUILD_VERSION
|
||||||
|
|
||||||
|
LABEL org.opencontainers.image.created=$BUILD_DATE \
|
||||||
|
org.opencontainers.image.revision=$BUILD_REVISION \
|
||||||
|
org.opencontainers.image.version=$BUILD_VERSION
|
||||||
|
|
||||||
|
ENV BUILD_DATE=$BUILD_DATE
|
||||||
|
ENV BUILD_REVISION=$BUILD_REVISION
|
||||||
|
ENV BUILD_VERSION=$BUILD_VERSION
|
||||||
|
|
||||||
|
##############################
|
||||||
|
# Build the standard variant #
|
||||||
|
##############################
|
||||||
FROM slim as standard
|
FROM slim as standard
|
||||||
|
|
||||||
###############
|
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
||||||
# Set up args #
|
ARG TARGETARCH
|
||||||
###############
|
|
||||||
ARG GITHUB_TOKEN
|
|
||||||
ARG PWSH_VERSION='latest'
|
ARG PWSH_VERSION='latest'
|
||||||
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
|
ARG PWSH_DIRECTORY='/usr/lib/microsoft/powershell'
|
||||||
ARG PSSA_VERSION='1.21.0'
|
ARG PSSA_VERSION='1.21.0'
|
||||||
# https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
|
|
||||||
ARG TARGETARCH
|
|
||||||
|
|
||||||
################
|
|
||||||
# Set ENV vars #
|
|
||||||
################
|
|
||||||
ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1"
|
ENV ARM_TTK_PSD1="/usr/lib/microsoft/arm-ttk/arm-ttk.psd1"
|
||||||
ENV IMAGE="standard"
|
ENV IMAGE="standard"
|
||||||
ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet"
|
ENV PATH="${PATH}:/var/cache/dotnet/tools:/usr/share/dotnet"
|
||||||
|
@ -449,7 +397,5 @@ RUN --mount=type=secret,id=GITHUB_TOKEN /install-pwsh.sh && rm -rf /install-pwsh
|
||||||
COPY scripts/install-arm-ttk.sh /
|
COPY scripts/install-arm-ttk.sh /
|
||||||
RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-arm-ttk.sh
|
RUN --mount=type=secret,id=GITHUB_TOKEN /install-arm-ttk.sh && rm -rf /install-arm-ttk.sh
|
||||||
|
|
||||||
########################################################################################
|
# Run to build version file and validate image again because we installed more linters
|
||||||
# Run to build version file and validate image again because we installed more linters #
|
|
||||||
########################################################################################
|
|
||||||
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
RUN ACTIONS_RUNNER_DEBUG=true WRITE_LINTER_VERSIONS_FILE=true IMAGE="${IMAGE}" /action/lib/linter.sh
|
||||||
|
|
7
dependencies/phive.xml
vendored
7
dependencies/phive.xml
vendored
|
@ -1,7 +1,8 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<phive xmlns="https://phar.io/phive">
|
<phive xmlns="https://phar.io/phive">
|
||||||
<!-- When adding new linter, do not forget to add its GPG key ID to Dockerfile -->
|
<!-- When adding new linter, do not forget to add its GPG key ID to Dockerfile -->
|
||||||
<phar name="phpcs" version="^3.6" installed="3.6.2" location="/usr/local/bin/phpcs" copy="true"/>
|
<phar name="composer" version="^2.6.6" installed="2.6.6" location="./usr/bin/composer" copy="false"/>
|
||||||
<phar name="phpstan" version="^3.6" installed="3.6.2" location="/usr/local/bin/phpstan" copy="true"/>
|
<phar name="phpcs" version="^3.8.0" installed="3.8.0" location="/usr/local/bin/phpcs" copy="true"/>
|
||||||
<phar name="psalm" version="^4.18" installed="4.18.1" location="./usr/local/bin/psalm" copy="true"/>
|
<phar name="phpstan" version="^1.10.48" installed="1.10.48" location="/usr/local/bin/phpstan" copy="true"/>
|
||||||
|
<phar name="psalm" version="^5.17.0" installed="4.18.1" location="./usr/local/bin/psalm" copy="true"/>
|
||||||
</phive>
|
</phive>
|
||||||
|
|
|
@ -6,10 +6,13 @@ set -euo pipefail
|
||||||
# Reference https://github.com/Azure/arm-ttk
|
# Reference https://github.com/Azure/arm-ttk
|
||||||
# Reference https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit
|
# Reference https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit
|
||||||
|
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
https://api.github.com/repos/Azure/arm-ttk/releases/latest | jq -r '.tarball_url')
|
https://api.github.com/repos/Azure/arm-ttk/releases/latest | jq -r '.tarball_url'
|
||||||
|
)
|
||||||
mkdir -p /usr/lib/microsoft
|
mkdir -p /usr/lib/microsoft
|
||||||
curl --retry 5 --retry-delay 5 -sL \
|
curl --retry 5 --retry-delay 5 -sL \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
|
|
|
@ -2,14 +2,20 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
CHECKSTYLE_VERSION="$(grep <"checkstyle/build.gradle" "checkstyle" | awk -F ':' '{print $3}' | tr -d "'")"
|
CHECKSTYLE_VERSION="$(
|
||||||
|
set -euo pipefail
|
||||||
|
grep <"checkstyle/build.gradle" "checkstyle" | awk -F ':' '{print $3}' | tr -d "'"
|
||||||
|
)"
|
||||||
echo "Installing Checkstyle: ${CHECKSTYLE_VERSION}"
|
echo "Installing Checkstyle: ${CHECKSTYLE_VERSION}"
|
||||||
|
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
"https://api.github.com/repos/checkstyle/checkstyle/releases/tags/checkstyle-${CHECKSTYLE_VERSION}" |
|
"https://api.github.com/repos/checkstyle/checkstyle/releases/tags/checkstyle-${CHECKSTYLE_VERSION}" |
|
||||||
jq --arg name "checkstyle-${CHECKSTYLE_VERSION}-all.jar" -r '.assets | .[] | select(.name==$name) | .url')
|
jq --arg name "checkstyle-${CHECKSTYLE_VERSION}-all.jar" -r '.assets | .[] | select(.name==$name) | .url'
|
||||||
|
)
|
||||||
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/checkstyle \
|
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/checkstyle \
|
||||||
-H "Accept: application/octet-stream" \
|
-H "Accept: application/octet-stream" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
|
|
@ -15,19 +15,10 @@ arm64)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
url=$(curl -s \
|
|
||||||
-H "Accept: application/vnd.github+json" \
|
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
|
||||||
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
|
|
||||||
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url')
|
|
||||||
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
|
|
||||||
-H "Accept: application/octet-stream" \
|
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
|
||||||
"${url}"
|
|
||||||
apk add --no-cache --force-overwrite "glibc-${GLIBC_VERSION}.apk"
|
|
||||||
rm "glibc-${GLIBC_VERSION}.apk"
|
|
||||||
|
|
||||||
curl --retry 5 --retry-delay 5 -sO "https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${target}-release.zip"
|
curl --retry 5 --retry-delay 5 -sO "https://storage.googleapis.com/dart-archive/channels/stable/release/${DART_VERSION}/sdk/dartsdk-linux-${target}-release.zip"
|
||||||
unzip -q dartsdk-linux-${target}-release.zip
|
unzip -q dartsdk-linux-${target}-release.zip
|
||||||
chmod +x dart-sdk/bin/dart* && mv dart-sdk/bin/* /usr/bin/ && mv dart-sdk/lib/* /usr/lib/ && mv dart-sdk/include/* /usr/include/
|
chmod +x dart-sdk/bin/dart*
|
||||||
rm -r dart-sdk/ dartsdk-linux-${target}-release.zip
|
mv -v dart-sdk/bin/* /usr/bin/
|
||||||
|
mv -v dart-sdk/lib/* /usr/lib/
|
||||||
|
mv -v dart-sdk/include/* /usr/include/
|
||||||
|
rm -rv dart-sdk/ dartsdk-linux-${target}-release.zip
|
||||||
|
|
37
scripts/install-glibc.sh
Executable file
37
scripts/install-glibc.sh
Executable file
|
@ -0,0 +1,37 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
case $TARGETARCH in
|
||||||
|
amd64)
|
||||||
|
target=x86_64
|
||||||
|
;;
|
||||||
|
arm64)
|
||||||
|
target=arm64
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "$TARGETARCH is not supported"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
|
-H "Accept: application/vnd.github+json" \
|
||||||
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
|
||||||
|
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url'
|
||||||
|
)
|
||||||
|
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
|
||||||
|
-H "Accept: application/octet-stream" \
|
||||||
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
"${url}"
|
||||||
|
apk add --no-cache --force-overwrite "glibc-${GLIBC_VERSION}.apk"
|
||||||
|
rm "glibc-${GLIBC_VERSION}.apk"
|
||||||
|
|
||||||
|
# Install zlib
|
||||||
|
mkdir /tmp/libz
|
||||||
|
curl --retry 5 --retry-delay 5 -sL https://www.archlinux.org/packages/core/${target}/zlib/download | tar -x --zstd -C /tmp/libz
|
||||||
|
mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib
|
||||||
|
rm -rf /tmp/libz
|
|
@ -2,14 +2,20 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
GOOGLE_JAVA_FORMAT_VERSION="$(grep <"google-java-format/build.gradle" "google-java-format" | awk -F ':' '{print $3}' | tr -d "'")"
|
GOOGLE_JAVA_FORMAT_VERSION="$(
|
||||||
|
set -euo pipefail
|
||||||
|
grep <"google-java-format/build.gradle" "google-java-format" | awk -F ':' '{print $3}' | tr -d "'"
|
||||||
|
)"
|
||||||
echo "Installing Google Java Format: ${GOOGLE_JAVA_FORMAT_VERSION}"
|
echo "Installing Google Java Format: ${GOOGLE_JAVA_FORMAT_VERSION}"
|
||||||
|
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
"https://api.github.com/repos/google/google-java-format/releases/tags/v${GOOGLE_JAVA_FORMAT_VERSION}" |
|
"https://api.github.com/repos/google/google-java-format/releases/tags/v${GOOGLE_JAVA_FORMAT_VERSION}" |
|
||||||
jq --arg name "google-java-format-${GOOGLE_JAVA_FORMAT_VERSION}-all-deps.jar" -r '.assets | .[] | select(.name==$name) | .url')
|
jq --arg name "google-java-format-${GOOGLE_JAVA_FORMAT_VERSION}-all-deps.jar" -r '.assets | .[] | select(.name==$name) | .url'
|
||||||
|
)
|
||||||
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/google-java-format \
|
curl --retry 5 --retry-delay 5 -sL -o /usr/bin/google-java-format \
|
||||||
-H "Accept: application/octet-stream" \
|
-H "Accept: application/octet-stream" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
|
|
@ -2,15 +2,16 @@
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
"https://api.github.com/repos/pinterest/ktlint/releases/tags/${KTLINT_VERSION}" |
|
"https://api.github.com/repos/pinterest/ktlint/releases/tags/${KTLINT_VERSION}" |
|
||||||
jq -r '.assets | .[] | select(.name=="ktlint") | .url')
|
jq -r '.assets | .[] | select(.name=="ktlint") | .url'
|
||||||
|
)
|
||||||
curl --retry 5 --retry-delay 5 -sL -o "/usr/bin/ktlint" \
|
curl --retry 5 --retry-delay 5 -sL -o "/usr/bin/ktlint" \
|
||||||
-H "Accept: application/octet-stream" \
|
-H "Accept: application/octet-stream" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
"${url}"
|
"${url}"
|
||||||
chmod a+x /usr/bin/ktlint
|
chmod a+x /usr/bin/ktlint
|
||||||
terrascan init
|
|
||||||
cd ~ && touch .chktexrc
|
|
||||||
|
|
|
@ -8,10 +8,14 @@ make linux
|
||||||
make install
|
make install
|
||||||
cd .. && rm -r lua-5.3.5/
|
cd .. && rm -r lua-5.3.5/
|
||||||
|
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
https://api.github.com/repos/cvega/luarocks/releases/latest | jq -r '.tarball_url')
|
https://api.github.com/repos/cvega/luarocks/releases/latest |
|
||||||
|
jq -r '.tarball_url'
|
||||||
|
)
|
||||||
curl --retry 5 --retry-delay 5 -sL \
|
curl --retry 5 --retry-delay 5 -sL \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
|
|
@ -1,44 +1,13 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
set -x
|
|
||||||
|
|
||||||
case $TARGETARCH in
|
# Install PHP
|
||||||
amd64)
|
apk add --no-cache \
|
||||||
target=x86_64
|
|
||||||
;;
|
|
||||||
arm64)
|
|
||||||
target=aarch64
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "$TARGETARCH is not supported"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
apk add curl jq
|
|
||||||
url=$(curl -s \
|
|
||||||
-H "Accept: application/vnd.github+json" \
|
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
|
||||||
"https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/tags/${GLIBC_VERSION}" |
|
|
||||||
jq --arg name "glibc-${GLIBC_VERSION}.apk" -r '.assets | .[] | select(.name | contains($name)) | .url')
|
|
||||||
curl --retry 5 --retry-delay 5 -sL -o "glibc-${GLIBC_VERSION}.apk" \
|
|
||||||
-H "Accept: application/octet-stream" \
|
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
|
||||||
"${url}"
|
|
||||||
apk add --no-cache --force-overwrite \
|
|
||||||
bash \
|
|
||||||
ca-certificates \
|
|
||||||
"glibc-${GLIBC_VERSION}.apk" \
|
|
||||||
gnupg \
|
|
||||||
php82 php82-curl php82-ctype php82-dom php82-iconv php82-mbstring \
|
php82 php82-curl php82-ctype php82-dom php82-iconv php82-mbstring \
|
||||||
php82-openssl php82-phar php82-simplexml php82-tokenizer php82-xmlwriter \
|
php82-openssl php82-phar php82-simplexml php82-tokenizer php82-xmlwriter
|
||||||
tar zstd
|
|
||||||
rm "glibc-${GLIBC_VERSION}.apk"
|
# Install phive
|
||||||
mkdir /tmp/libz
|
|
||||||
curl --retry 5 --retry-delay 5 -sL https://www.archlinux.org/packages/core/${target}/zlib/download | tar -x --zstd -C /tmp/libz
|
|
||||||
mv /tmp/libz/usr/lib/libz.so* /usr/glibc-compat/lib
|
|
||||||
rm -rf /tmp/libz
|
|
||||||
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar
|
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar
|
||||||
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar.asc
|
curl --retry 5 --retry-delay 5 -sLO https://phar.io/releases/phive.phar.asc
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "0x9D8A98B29B2D5D79"
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys "0x9D8A98B29B2D5D79"
|
||||||
|
@ -47,10 +16,7 @@ chmod +x phive.phar
|
||||||
mv phive.phar /usr/local/bin/phive
|
mv phive.phar /usr/local/bin/phive
|
||||||
rm phive.phar.asc
|
rm phive.phar.asc
|
||||||
|
|
||||||
# Install PHARs
|
# Install the PHARs listed in phive.xml
|
||||||
phive --no-progress install \
|
phive --no-progress install \
|
||||||
--trust-gpg-keys 31C7E470E2138192,CF1A108D0E7AE720,8A03EA3B385DBAA1,12CE0F1D262429A5,5E6DDE998AB73B8E,51C67305FFC2E5C0 \
|
--trust-gpg-keys 31C7E470E2138192,CF1A108D0E7AE720,8A03EA3B385DBAA1,12CE0F1D262429A5,5E6DDE998AB73B8E,51C67305FFC2E5C0,CBB3D576F2A0946F \
|
||||||
--target /usr/bin \
|
--target /usr/bin
|
||||||
phpstan@^1.10.48 \
|
|
||||||
psalm@^5.17.0 \
|
|
||||||
phpcs@^3.8.0
|
|
||||||
|
|
|
@ -10,8 +10,6 @@ case $TARGETARCH in
|
||||||
amd64)
|
amd64)
|
||||||
target=x64
|
target=x64
|
||||||
;;
|
;;
|
||||||
# arm64)
|
|
||||||
# only on ubuntu
|
|
||||||
*)
|
*)
|
||||||
echo "$TARGETARCH is not supported"
|
echo "$TARGETARCH is not supported"
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -19,11 +17,14 @@ amd64)
|
||||||
esac
|
esac
|
||||||
|
|
||||||
mkdir -p "${PWSH_DIRECTORY}"
|
mkdir -p "${PWSH_DIRECTORY}"
|
||||||
url=$(curl -s \
|
url=$(
|
||||||
|
set -euo pipefail
|
||||||
|
curl -s \
|
||||||
-H "Accept: application/vnd.github+json" \
|
-H "Accept: application/vnd.github+json" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
"https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" |
|
"https://api.github.com/repos/powershell/powershell/releases/${PWSH_VERSION}" |
|
||||||
jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url')
|
jq --arg target "${target}" -r '.assets | .[] | select(.name | contains("linux-musl-" + $target)) | .url'
|
||||||
|
)
|
||||||
curl --retry 5 --retry-delay 5 -sL \
|
curl --retry 5 --retry-delay 5 -sL \
|
||||||
-H "Accept: application/octet-stream" \
|
-H "Accept: application/octet-stream" \
|
||||||
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
-H "Authorization: Bearer $(cat /run/secrets/GITHUB_TOKEN)" \
|
||||||
|
|
|
@ -14,8 +14,12 @@ control "super-linter-installed-packages" do
|
||||||
packages = [
|
packages = [
|
||||||
"bash",
|
"bash",
|
||||||
"ca-certificates",
|
"ca-certificates",
|
||||||
|
"cargo",
|
||||||
|
"cmake",
|
||||||
"coreutils",
|
"coreutils",
|
||||||
"curl",
|
"curl",
|
||||||
|
"file",
|
||||||
|
"g++",
|
||||||
"gcc",
|
"gcc",
|
||||||
"git-lfs",
|
"git-lfs",
|
||||||
"git",
|
"git",
|
||||||
|
@ -23,6 +27,7 @@ control "super-linter-installed-packages" do
|
||||||
"gnupg",
|
"gnupg",
|
||||||
"go",
|
"go",
|
||||||
"icu-libs",
|
"icu-libs",
|
||||||
|
"jpeg-dev",
|
||||||
"jq",
|
"jq",
|
||||||
"krb5-libs",
|
"krb5-libs",
|
||||||
"libc-dev",
|
"libc-dev",
|
||||||
|
@ -30,7 +35,7 @@ control "super-linter-installed-packages" do
|
||||||
"libffi-dev",
|
"libffi-dev",
|
||||||
"libgcc",
|
"libgcc",
|
||||||
"libintl",
|
"libintl",
|
||||||
"libssl1.1",
|
"libssl3",
|
||||||
"libstdc++",
|
"libstdc++",
|
||||||
"libxml2-dev",
|
"libxml2-dev",
|
||||||
"libxml2-utils",
|
"libxml2-utils",
|
||||||
|
@ -38,28 +43,44 @@ control "super-linter-installed-packages" do
|
||||||
"lttng-ust-dev",
|
"lttng-ust-dev",
|
||||||
"make",
|
"make",
|
||||||
"musl-dev",
|
"musl-dev",
|
||||||
"npm",
|
|
||||||
"nodejs-current",
|
"nodejs-current",
|
||||||
|
"npm",
|
||||||
|
"net-snmp-dev",
|
||||||
"openjdk17-jre",
|
"openjdk17-jre",
|
||||||
|
"openssh-client",
|
||||||
"openssl-dev",
|
"openssl-dev",
|
||||||
|
"parallel",
|
||||||
"perl-dev",
|
"perl-dev",
|
||||||
"perl",
|
"perl",
|
||||||
|
"php82",
|
||||||
|
"php82-ctype",
|
||||||
|
"php82-curl",
|
||||||
|
"php82-dom",
|
||||||
|
"php82-iconv",
|
||||||
|
"php82-mbstring",
|
||||||
|
"php82-openssl",
|
||||||
|
"php82-phar",
|
||||||
|
"php82-simplexml",
|
||||||
|
"php82-tokenizer",
|
||||||
|
"php82-xmlwriter",
|
||||||
"py3-pyflakes",
|
"py3-pyflakes",
|
||||||
"py3-setuptools",
|
"py3-setuptools",
|
||||||
"python3-dev",
|
"python3-dev",
|
||||||
"rakudo",
|
|
||||||
"R-dev",
|
"R-dev",
|
||||||
"R-doc",
|
"R-doc",
|
||||||
"R",
|
"R",
|
||||||
|
"rakudo",
|
||||||
"readline-dev",
|
"readline-dev",
|
||||||
"ruby-bundler",
|
"ruby-bundler",
|
||||||
"ruby-dev",
|
"ruby-dev",
|
||||||
"ruby-rdoc",
|
"ruby-rdoc",
|
||||||
"ruby",
|
"ruby",
|
||||||
"rustup",
|
"rustup",
|
||||||
|
"tar",
|
||||||
"zef",
|
"zef",
|
||||||
"zlib-dev",
|
"zlib-dev",
|
||||||
"zlib"
|
"zlib",
|
||||||
|
"zstd"
|
||||||
]
|
]
|
||||||
|
|
||||||
# Removed linters from slim image
|
# Removed linters from slim image
|
||||||
|
@ -94,26 +115,28 @@ control "super-linter-installed-commands" do
|
||||||
{ linter_name: "actionlint"},
|
{ linter_name: "actionlint"},
|
||||||
{ linter_name: "ansible-lint", expected_stdout_regex: /(.*)/},
|
{ linter_name: "ansible-lint", expected_stdout_regex: /(.*)/},
|
||||||
{ linter_name: "arm-ttk", version_command: "grep -iE 'version' '/usr/bin/arm-ttk' | xargs"},
|
{ linter_name: "arm-ttk", version_command: "grep -iE 'version' '/usr/bin/arm-ttk' | xargs"},
|
||||||
{ linter_name: "asl-validator", expected_exit_status: 0},
|
{ linter_name: "asl-validator"},
|
||||||
{ linter_name: "bash-exec", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
|
{ linter_name: "bash-exec", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
|
||||||
{ linter_name: "black"},
|
{ linter_name: "black"},
|
||||||
{ linter_name: "clang-format"},
|
|
||||||
{ linter_name: "cfn-lint"},
|
{ linter_name: "cfn-lint"},
|
||||||
{ linter_name: "checkstyle", version_command: "java -jar /usr/bin/checkstyle --version"},
|
{ linter_name: "checkstyle", version_command: "java -jar /usr/bin/checkstyle --version"},
|
||||||
{ linter_name: "google-java-format", version_command: "java -jar /usr/bin/google-java-format --version"},
|
|
||||||
{ linter_name: "chktex"},
|
{ linter_name: "chktex"},
|
||||||
|
{ linter_name: "clang-format"},
|
||||||
{ linter_name: "clippy", linter_command: "clippy", version_command: "cargo-clippy --version"},
|
{ linter_name: "clippy", linter_command: "clippy", version_command: "cargo-clippy --version"},
|
||||||
{ linter_name: "clj-kondo"},
|
{ linter_name: "clj-kondo"},
|
||||||
{ linter_name: "coffeelint"},
|
{ linter_name: "coffeelint"},
|
||||||
|
{ linter_name: "composer"},
|
||||||
{ linter_name: "cpplint"},
|
{ linter_name: "cpplint"},
|
||||||
{ linter_name: "dart"},
|
{ linter_name: "dart"},
|
||||||
{ linter_name: "dotnet"},
|
|
||||||
{ linter_name: "dotenv-linter"},
|
{ linter_name: "dotenv-linter"},
|
||||||
|
{ linter_name: "dotnet"},
|
||||||
{ linter_name: "editorconfig-checker", version_option: "-version"},
|
{ linter_name: "editorconfig-checker", version_option: "-version"},
|
||||||
{ linter_name: "eslint"},
|
{ linter_name: "eslint"},
|
||||||
{ linter_name: "flake8"},
|
{ linter_name: "flake8"},
|
||||||
{ linter_name: "gherkin-lint", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
|
{ linter_name: "gherkin-lint", expected_exit_status: 1}, # expect a return code = 1 because this linter doesn't support a "get linter version" command
|
||||||
|
{ linter_name: "gitleaks", version_option: "version"},
|
||||||
{ linter_name: "golangci-lint"},
|
{ linter_name: "golangci-lint"},
|
||||||
|
{ linter_name: "google-java-format", version_command: "java -jar /usr/bin/google-java-format --version"},
|
||||||
{ linter_name: "hadolint"},
|
{ linter_name: "hadolint"},
|
||||||
{ linter_name: "htmlhint"},
|
{ linter_name: "htmlhint"},
|
||||||
{ linter_name: "isort"},
|
{ linter_name: "isort"},
|
||||||
|
@ -128,6 +151,7 @@ control "super-linter-installed-commands" do
|
||||||
{ linter_name: "php"},
|
{ linter_name: "php"},
|
||||||
{ linter_name: "phpcs"},
|
{ linter_name: "phpcs"},
|
||||||
{ linter_name: "phpstan"},
|
{ linter_name: "phpstan"},
|
||||||
|
{ linter_name: "prettier"},
|
||||||
{ linter_name: "protolint", version_option: "version"},
|
{ linter_name: "protolint", version_option: "version"},
|
||||||
{ linter_name: "psalm"},
|
{ linter_name: "psalm"},
|
||||||
{ linter_name: "pwsh"},
|
{ linter_name: "pwsh"},
|
||||||
|
@ -136,6 +160,7 @@ control "super-linter-installed-commands" do
|
||||||
lintr_ver <- packageVersion('lintr'); \
|
lintr_ver <- packageVersion('lintr'); \
|
||||||
glue::glue('lintr { lintr_ver } on { r_ver }')\""},
|
glue::glue('lintr { lintr_ver } on { r_ver }')\""},
|
||||||
{ linter_name: "raku", version_command: "raku --version | strings -n 8"},
|
{ linter_name: "raku", version_command: "raku --version | strings -n 8"},
|
||||||
|
{ linter_name: "renovate-config-validator", version_command: "renovate --version"},
|
||||||
{ linter_name: "rubocop"},
|
{ linter_name: "rubocop"},
|
||||||
{ linter_name: "rustfmt"},
|
{ linter_name: "rustfmt"},
|
||||||
{ linter_name: "scalafmt"},
|
{ linter_name: "scalafmt"},
|
||||||
|
@ -152,7 +177,9 @@ control "super-linter-installed-commands" do
|
||||||
{ linter_name: "terraform"},
|
{ linter_name: "terraform"},
|
||||||
{ linter_name: "terragrunt"},
|
{ linter_name: "terragrunt"},
|
||||||
{ linter_name: "terrascan", version_option: "version"},
|
{ linter_name: "terrascan", version_option: "version"},
|
||||||
|
{ linter_name: "textlint"},
|
||||||
{ linter_name: "tflint"},
|
{ linter_name: "tflint"},
|
||||||
|
{ linter_name: "ts-standard"},
|
||||||
{ linter_name: "xmllint"},
|
{ linter_name: "xmllint"},
|
||||||
{ linter_name: "yamllint"},
|
{ linter_name: "yamllint"},
|
||||||
]
|
]
|
||||||
|
@ -242,9 +269,12 @@ control "super-linter-installed-ruby-gems" do
|
||||||
gems = [
|
gems = [
|
||||||
"rubocop",
|
"rubocop",
|
||||||
"rubocop-github",
|
"rubocop-github",
|
||||||
|
"rubocop-minitest",
|
||||||
"rubocop-performance",
|
"rubocop-performance",
|
||||||
"rubocop-rails",
|
"rubocop-rails",
|
||||||
"rubocop-rspec"
|
"rubocop-rake",
|
||||||
|
"rubocop-rspec",
|
||||||
|
"standard"
|
||||||
]
|
]
|
||||||
|
|
||||||
gems.each do |item|
|
gems.each do |item|
|
||||||
|
@ -252,7 +282,6 @@ control "super-linter-installed-ruby-gems" do
|
||||||
it { should be_installed }
|
it { should be_installed }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
###############################################
|
###############################################
|
||||||
|
@ -268,38 +297,61 @@ control "super-linter-installed-npm-packages" do
|
||||||
"@babel/preset-react",
|
"@babel/preset-react",
|
||||||
"@babel/preset-typescript",
|
"@babel/preset-typescript",
|
||||||
"@coffeelint/cli",
|
"@coffeelint/cli",
|
||||||
|
"@react-native-community/eslint-config",
|
||||||
|
"@react-native-community/eslint-plugin",
|
||||||
"@stoplight/spectral-cli",
|
"@stoplight/spectral-cli",
|
||||||
"@typescript-eslint/eslint-plugin",
|
"@typescript-eslint/eslint-plugin",
|
||||||
"@typescript-eslint/parser",
|
"@typescript-eslint/parser",
|
||||||
"asl-validator",
|
"asl-validator",
|
||||||
#"axios",
|
"axios",
|
||||||
#"eslint",
|
"eslint",
|
||||||
"eslint-config-airbnb",
|
"eslint-config-airbnb",
|
||||||
|
"eslint-config-airbnb-typescript",
|
||||||
"eslint-config-prettier",
|
"eslint-config-prettier",
|
||||||
"eslint-plugin-jest",
|
"eslint-plugin-jest",
|
||||||
"eslint-plugin-json",
|
"eslint-plugin-json",
|
||||||
"eslint-plugin-jsonc",
|
"eslint-plugin-jsonc",
|
||||||
"eslint-plugin-jsx-a11y",
|
"eslint-plugin-jsx-a11y",
|
||||||
"eslint-plugin-prettier",
|
"eslint-plugin-prettier",
|
||||||
|
"eslint-plugin-react",
|
||||||
|
"eslint-plugin-react-hooks",
|
||||||
|
"eslint-plugin-vue",
|
||||||
"gherkin-lint",
|
"gherkin-lint",
|
||||||
"htmlhint",
|
"htmlhint",
|
||||||
#"immer",
|
"immer",
|
||||||
#"ini",
|
"ini",
|
||||||
"jscpd",
|
"jscpd",
|
||||||
#"lodash",
|
"lodash",
|
||||||
"markdownlint-cli",
|
"markdownlint-cli",
|
||||||
#"node-fetch",
|
"next",
|
||||||
|
"next-pwa",
|
||||||
|
"node-fetch",
|
||||||
"npm-groovy-lint",
|
"npm-groovy-lint",
|
||||||
|
"postcss-less",
|
||||||
"prettier",
|
"prettier",
|
||||||
"prettyjson",
|
"prettyjson",
|
||||||
#"pug",
|
"pug",
|
||||||
|
"react",
|
||||||
|
"react-dom",
|
||||||
|
"react-intl",
|
||||||
|
"react-redux",
|
||||||
|
"react-router-dom",
|
||||||
|
"renovate",
|
||||||
"sql-lint",
|
"sql-lint",
|
||||||
"standard",
|
"standard",
|
||||||
"stylelint",
|
"stylelint",
|
||||||
|
"stylelint-config-recommended-scss",
|
||||||
"stylelint-config-sass-guidelines",
|
"stylelint-config-sass-guidelines",
|
||||||
"stylelint-config-standard",
|
"stylelint-config-standard",
|
||||||
#"stylelint-scss",
|
"stylelint-config-standard-scss",
|
||||||
|
"stylelint-prettier",
|
||||||
|
"stylelint-scss",
|
||||||
"tekton-lint",
|
"tekton-lint",
|
||||||
|
"textlint",
|
||||||
|
"textlint-filter-rule-allowlist",
|
||||||
|
"textlint-filter-rule-comments",
|
||||||
|
"textlint-rule-terminology",
|
||||||
|
"ts-standard",
|
||||||
"typescript"
|
"typescript"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -308,7 +360,37 @@ control "super-linter-installed-npm-packages" do
|
||||||
it { should be_installed }
|
it { should be_installed }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
###############################################
|
||||||
|
# Check to see if PyPi packages are installed #
|
||||||
|
###############################################
|
||||||
|
control "super-linter-installed-pypi-packages" do
|
||||||
|
impact 1
|
||||||
|
title "Super-Linter installed PyPi packages check"
|
||||||
|
desc "Check that PyPi packages that Super-Linter needs are installed."
|
||||||
|
|
||||||
|
pypi_packages = [
|
||||||
|
"ansible-lint",
|
||||||
|
"black",
|
||||||
|
"cfn-lint",
|
||||||
|
"cpplint",
|
||||||
|
"flake8",
|
||||||
|
"isort",
|
||||||
|
"mypy",
|
||||||
|
"pylint",
|
||||||
|
"snakefmt",
|
||||||
|
"snakemake",
|
||||||
|
"sqlfluff",
|
||||||
|
"yamllint",
|
||||||
|
"yq"
|
||||||
|
]
|
||||||
|
|
||||||
|
pypi_packages.each do |item|
|
||||||
|
describe pip(item, "/venvs/#{item}/bin/pip") do
|
||||||
|
it { should be_installed }
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
#####################################
|
#####################################
|
||||||
|
|
Loading…
Reference in a new issue