From dfedd306f3b42f345740544a8cbff4e9f7c595fc Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Fri, 20 Oct 2023 00:03:14 +0300 Subject: [PATCH] Use the same image tags in CI and CD (#4778) * Use the same image tags in CI and CD * Define image tag once per workflow * Fix yq tag * Don't quote yq to avoid literal interpretation * yq version * Fix yq tag * Reduce duplication * Fix workflow env var * Don't remove an already removed container --- .github/workflows/cd.yml | 17 ++++----- .github/workflows/ci.yml | 28 ++++++++------ Makefile | 77 ++++++++++++-------------------------- docs/run-linter-locally.md | 29 +++++++++++++- 4 files changed, 76 insertions(+), 75 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 56dfa47b..c931ca77 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -28,6 +28,9 @@ jobs: prefix: "" image-id: standard timeout-minutes: 60 + env: + CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" + CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" steps: - name: Free Disk space shell: bash @@ -55,11 +58,11 @@ jobs: secrets: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} tags: | - ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest + ${{ env.CONTAINER_IMAGE_ID }} target: "${{ matrix.images.target }}" - name: Run Test Suite - run: make IMAGE=${{ matrix.images.target }} test + run: make test - name: Run Super-Linter Tests run: | @@ -71,9 +74,7 @@ jobs: -e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \ -e ERROR_ON_MISSING_EXEC_BIT=true \ -v "${GITHUB_WORKSPACE}:/tmp/lint" \ - "ghcr.io/super-linter/super-linter:${tag}" - env: - tag: ${{ matrix.images.target }} + "${CONTAINER_IMAGE_ID}" - name: Lint Entire Codebase run: | @@ -84,9 +85,7 @@ jobs: -e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \ -e ERROR_ON_MISSING_EXEC_BIT=true \ -v "${GITHUB_WORKSPACE}:/tmp/lint" \ - "ghcr.io/super-linter/super-linter:${tag}" - env: - tag: ${{ matrix.images.target }} + "${CONTAINER_IMAGE_ID}" - name: Login to GHCR uses: docker/login-action@v3.0.0 @@ -117,7 +116,7 @@ jobs: secrets: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} tags: | - ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest + ${{ env.CONTAINER_IMAGE_ID }} target: "${{ matrix.images.target }}" - name: Update ${{ matrix.images.environment }} Deployment diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1952fb4f..9bc88f9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,9 +18,14 @@ jobs: fail-fast: false matrix: images: - - target: slim - - target: standard + - prefix: slim- + target: slim + - prefix: "" + target: standard timeout-minutes: 60 + env: + CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest" + CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}" steps: - name: Free Disk space shell: bash @@ -34,7 +39,11 @@ jobs: fetch-depth: 0 - name: Update action.yml - run: yq '.runs.image = "docker://ghcr.io/super-linter/super-linter:${{ matrix.images.target }}"' -i action.yml + run: | + echo "yq version: $(yq --version)" + yq '.runs.image = env(CONTAINER_IMAGE_ID)' -i action.yml + echo "Action file contents:" + cat action.yml - name: Retrieve Datetime run: echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "${GITHUB_ENV}" @@ -52,7 +61,8 @@ jobs: push: false secrets: | GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} - tags: ghcr.io/super-linter/super-linter:${{ matrix.images.target }} + tags: | + ${{ env.CONTAINER_IMAGE_ID }} target: "${{ matrix.images.target }}" - name: Test Local Action @@ -67,7 +77,7 @@ jobs: RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json" - name: Run Test Suite - run: make IMAGE=${{ matrix.images.target }} test + run: make test - name: Run Super-Linter Tests run: | @@ -79,9 +89,7 @@ jobs: -e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \ -e ERROR_ON_MISSING_EXEC_BIT=true \ -v "${GITHUB_WORKSPACE}:/tmp/lint" \ - "ghcr.io/super-linter/super-linter:${tag}" - env: - tag: ${{ matrix.images.target }} + "${CONTAINER_IMAGE_ID}" - name: Lint Entire Codebase run: | @@ -92,6 +100,4 @@ jobs: -e RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES="default.json,hoge.json" \ -e ERROR_ON_MISSING_EXEC_BIT=true \ -v "${GITHUB_WORKSPACE}:/tmp/lint" \ - "ghcr.io/super-linter/super-linter:${tag}" - env: - tag: ${{ matrix.images.target }} + "${CONTAINER_IMAGE_ID}" diff --git a/Makefile b/Makefile index 5f0ed663..cf328c52 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Inspired by https://github.com/jessfraz/dotfiles .PHONY: all -all: info test ## Run all targets. +all: info docker test ## Run all targets. .PHONY: test -test: info clean inspec kcov prepare-test-reports ## Run tests +test: inspec ## Run tests # if this session isn't interactive, then we don't want to allocate a # TTY, which would fail, but if it is interactive, we do want to attach @@ -22,40 +22,6 @@ info: ## Gather information about the runtime environment docker images; \ docker ps -.PHONY: kcov -kcov: ## Run kcov - docker run --rm $(DOCKER_FLAGS) \ - --user "$$(id -u)":"$$(id -g)" \ - -v "$(CURDIR)":/workspace \ - -w="/workspace" \ - kcov/kcov \ - kcov \ - --bash-parse-files-in-dir=/workspace \ - --clean \ - --exclude-pattern=.coverage,.git \ - --include-pattern=.sh \ - /workspace/test/.coverage \ - /workspace/test/runTests.sh - -COBERTURA_REPORTS_DESTINATION_DIRECTORY := "$(CURDIR)/test/reports/cobertura" - -.PHONY: prepare-test-reports -prepare-test-reports: ## Prepare the test reports for consumption - mkdir -p $(COBERTURA_REPORTS_DESTINATION_DIRECTORY); \ - COBERTURA_REPORTS="$$(find "$$(pwd)" -name 'cobertura.xml')"; \ - for COBERTURA_REPORT_FILE_PATH in $$COBERTURA_REPORTS ; do \ - COBERTURA_REPORT_DIRECTORY_PATH="$$(dirname "$$COBERTURA_REPORT_FILE_PATH")"; \ - COBERTURA_REPORT_DIRECTORY_NAME="$$(basename "$$COBERTURA_REPORT_DIRECTORY_PATH")"; \ - COBERTURA_REPORT_DIRECTORY_NAME_NO_SUFFIX="$${COBERTURA_REPORT_DIRECTORY_NAME%.*}"; \ - mkdir -p "$(COBERTURA_REPORTS_DESTINATION_DIRECTORY)"/"$$COBERTURA_REPORT_DIRECTORY_NAME_NO_SUFFIX"; \ - cp "$$COBERTURA_REPORT_FILE_PATH" "$(COBERTURA_REPORTS_DESTINATION_DIRECTORY)"/"$$COBERTURA_REPORT_DIRECTORY_NAME_NO_SUFFIX"/cobertura.xml; \ - done - -.PHONY: clean -clean: ## Clean the workspace - rm -rf $(CURDIR)/test/.coverage; \ - rm -rf $(CURDIR)/test/reports - .PHONY: help help: ## Show help @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' @@ -71,25 +37,26 @@ inspec-check: ## Validate inspec profiles test/inspec/super-linter SUPER_LINTER_TEST_CONTAINER_NAME := "super-linter-test" -SUPER_LINTER_TEST_CONTINER_URL := '' +SUPER_LINTER_TEST_CONTAINER_URL := $(CONTAINER_IMAGE_ID) DOCKERFILE := '' -IMAGE := '' -ifeq ($(IMAGE),slim) - SUPER_LINTER_TEST_CONTINER_URL := "ghcr.io/super-linter/super-linter:slim" - IMAGE := "slim" -else - SUPER_LINTER_TEST_CONTINER_URL := "ghcr.io/super-linter/super-linter:standard" - IMAGE := "standard" +IMAGE := $(CONTAINER_IMAGE_TARGET) + +# Default to stadard +ifeq ($(IMAGE),) +IMAGE := "standard" +endif + +# Default to latest +ifeq ($(SUPER_LINTER_TEST_CONTAINER_URL),) +SUPER_LINTER_TEST_CONTAINER_URL := "ghcr.io/super-linter/super-linter:latest" endif .PHONY: inspec inspec: inspec-check ## Run InSpec tests - LOCAL_IMAGE="$$(docker images $(SUPER_LINTER_TEST_CONTINER_URL) |grep 'ghcr.io/super-linter/super-linter')"; \ - if [ "$$?" -ne 0 ]; then docker build -t $(SUPER_LINTER_TEST_CONTINER_URL) -f Dockerfile .; fi && \ - DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" "$(SUPER_LINTER_TEST_CONTAINER_NAME)" 2>/dev/null || echo "")"; \ - if [ "$$DOCKER_CONTAINER_STATE" = "true" ]; then docker kill "$(SUPER_LINTER_TEST_CONTAINER_NAME)"; fi && \ - docker tag $(SUPER_LINTER_TEST_CONTINER_URL) $(SUPER_LINTER_TEST_CONTAINER_NAME) && \ - SUPER_LINTER_TEST_CONTAINER_ID="$$(docker run -d --name "$(SUPER_LINTER_TEST_CONTAINER_NAME)" --rm -it --entrypoint /bin/ash "$(SUPER_LINTER_TEST_CONTAINER_NAME)" -c "while true; do sleep 1; done")" \ + DOCKER_CONTAINER_STATE="$$(docker inspect --format "{{.State.Running}}" $(SUPER_LINTER_TEST_CONTAINER_NAME) 2>/dev/null || echo "")"; \ + if [ "$$DOCKER_CONTAINER_STATE" = "true" ]; then docker kill $(SUPER_LINTER_TEST_CONTAINER_NAME); fi && \ + docker tag $(SUPER_LINTER_TEST_CONTAINER_URL) $(SUPER_LINTER_TEST_CONTAINER_NAME) && \ + SUPER_LINTER_TEST_CONTAINER_ID="$$(docker run -d --name $(SUPER_LINTER_TEST_CONTAINER_NAME) --rm -it --entrypoint /bin/ash $(SUPER_LINTER_TEST_CONTAINER_NAME) -c "while true; do sleep 1; done")" \ && docker run $(DOCKER_FLAGS) \ --rm \ -v "$(CURDIR)":/workspace \ @@ -102,14 +69,18 @@ inspec: inspec-check ## Run InSpec tests --log-level=debug \ -t "docker://$${SUPER_LINTER_TEST_CONTAINER_ID}" \ && docker ps \ - && docker kill "$(SUPER_LINTER_TEST_CONTAINER_NAME)" + && docker kill $(SUPER_LINTER_TEST_CONTAINER_NAME) .phony: docker -docker: +docker: ## Build the container image @if [ -z "${GITHUB_TOKEN}" ]; then echo "GITHUB_TOKEN environment variable not set. Please set your GitHub Personal Access Token."; exit 1; fi DOCKER_BUILDKIT=1 docker buildx build --load \ --build-arg BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ') \ --build-arg BUILD_REVISION=$(shell git rev-parse --short HEAD) \ --build-arg BUILD_VERSION=$(shell git rev-parse --short HEAD) \ --secret id=GITHUB_TOKEN,env=GITHUB_TOKEN \ - -t ghcr.io/super-linter/super-linter . + -t $(SUPER_LINTER_TEST_CONTAINER_URL) . + +.phony: docker-pull +docker-pull: ## Pull the container image from registry + docker pull $(SUPER_LINTER_TEST_CONTAINER_URL) diff --git a/docs/run-linter-locally.md b/docs/run-linter-locally.md index 4df6921d..8217e001 100644 --- a/docs/run-linter-locally.md +++ b/docs/run-linter-locally.md @@ -5,8 +5,9 @@ If you want to test locally against the **Super-Linter** to test your branch of - Clone your testing source code to your local environment - Install Docker to your local environment - Pull the container down -- Run the container -- Debug/Troubleshoot +- Run the container locally +- Run the test suite locally +- Troubleshoot ## Install Docker to your local machine @@ -97,6 +98,30 @@ jobs: DEFAULT_BRANCH: develop ``` +## Build the container image and run the test suite locally + +You can run the test suite locally with the following command: + +```shell +make +``` + +The test suite will build the container image and run the test suite against a +a container that is an instance of that container image. + +### Run the test suite against an arbitrary super-linter container image + +You can run the test suite against an arbitrary super-linter container image. + +Here is an example that runs the test suite against the `standard` flavor of the +`v5.4.3` image. + +```shell +CONTAINER_IMAGE_ID="ghcr.io/super-linter/super-linter:v5.4.3" \ +CONTAINER_IMAGE_TARGET="standard" \ +make docker-pull test +``` + ## Troubleshooting ### Run container and gain access to the command-line