From 6775049a74c2162a638b237db751fbc8564f2325 Mon Sep 17 00:00:00 2001 From: Drew Minnear Date: Fri, 5 Sep 2025 18:48:22 -0400 Subject: [PATCH] use github actions library linter --- .github/linters/.hadolint.yaml | 2 +- .github/workflows/container-test.yml | 6 +- .github/workflows/docker-publish.yml | 31 ++++++---- .github/workflows/superlinter.yml | 45 +++----------- README.md | 91 +++++++++++++++------------- default-cmd.sh | 2 +- 6 files changed, 83 insertions(+), 94 deletions(-) diff --git a/.github/linters/.hadolint.yaml b/.github/linters/.hadolint.yaml index 78b22a8..6826e7f 100644 --- a/.github/linters/.hadolint.yaml +++ b/.github/linters/.hadolint.yaml @@ -8,6 +8,6 @@ ignored: # version explicitly to a release tag - DL3007 # Specify version with `dnf install -y -`. - - DL3041 + - DL3041 # Pin versions in pip. Instead of `pip install ` use `pip install - DL3013 diff --git a/.github/workflows/container-test.yml b/.github/workflows/container-test.yml index 919b60d..a0e955d 100644 --- a/.github/workflows/container-test.yml +++ b/.github/workflows/container-test.yml @@ -1,10 +1,10 @@ ---- name: "Container build and test" on: workflow_call: -permissions: read-all +permissions: + contents: read jobs: podman-build: @@ -13,6 +13,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v5 + with: + persist-credentials: false - name: Utility Container Build run: make manifest podman-build-amd64 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ffadb57..aebdfae 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,4 +1,3 @@ ---- name: Docker build and push to quay on: @@ -14,6 +13,9 @@ on: repository_dispatch: types: [dependency-updated] +permissions: + contents: read + env: # Use docker.io for Docker Hub if empty REGISTRY: quay.io @@ -49,6 +51,8 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v5 + with: + persist-credentials: false # Set up BuildKit Docker container builder for docker save functionality # https://github.com/docker/setup-buildx-action @@ -91,11 +95,9 @@ jobs: matrix: include: - image_name: validatedpatterns/utility-container - username_secret: QUAY_USERNAME - password_secret: QUAY_PASSWORD + registry_type: primary - image_name: hybridcloudpatterns/utility-container - username_secret: LEGACY_QUAY_USERNAME - password_secret: LEGACY_QUAY_PASSWORD + registry_type: legacy runs-on: ubuntu-latest permissions: @@ -140,10 +142,13 @@ jobs: - name: Log into registry ${{ env.REGISTRY }} uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + env: + REGISTRY_USERNAME: ${{ matrix.registry_type == 'primary' && secrets.QUAY_USERNAME || secrets.LEGACY_QUAY_USERNAME }} + REGISTRY_PASSWORD: ${{ matrix.registry_type == 'primary' && secrets.QUAY_PASSWORD || secrets.LEGACY_QUAY_PASSWORD }} with: registry: ${{ env.REGISTRY }} - username: ${{ secrets[matrix.username_secret] }} - password: ${{ secrets[matrix.password_secret] }} + username: ${{ env.REGISTRY_USERNAME }} + password: ${{ env.REGISTRY_PASSWORD }} # Push individual architecture images to registry - name: Push architecture-specific images @@ -164,12 +169,11 @@ jobs: # Create and push multi-arch manifest - name: Create and push multi-arch manifest id: push-manifest + env: + TAGS: ${{ steps.meta.outputs.tags }} run: | IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" - # Get the tags from metadata - TAGS="${{ steps.meta.outputs.tags }}" - for TAG in $TAGS; do echo "Creating manifest for: $TAG" @@ -201,14 +205,17 @@ jobs: # Clean up temporary architecture-specific images - name: Clean up temporary images if: always() + env: + REGISTRY_USERNAME: ${{ matrix.registry_type == 'primary' && secrets.QUAY_USERNAME || secrets.LEGACY_QUAY_USERNAME }} + REGISTRY_PASSWORD: ${{ matrix.registry_type == 'primary' && secrets.QUAY_PASSWORD || secrets.LEGACY_QUAY_PASSWORD }} run: | IMAGE_BASE="${{ env.REGISTRY }}/${{ matrix.image_name }}" # Try to delete temporary images, ignore errors if they don't exist docker run --rm quay.io/skopeo/stable delete \ - --creds "${{ secrets[matrix.username_secret] }}:${{ secrets[matrix.password_secret] }}" \ + --creds "${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}" \ docker://"${IMAGE_BASE}:build-${{ github.run_id }}-amd64" || true docker run --rm quay.io/skopeo/stable delete \ - --creds "${{ secrets[matrix.username_secret] }}:${{ secrets[matrix.password_secret] }}" \ + --creds "${REGISTRY_USERNAME}:${REGISTRY_PASSWORD}" \ docker://"${IMAGE_BASE}:build-${{ github.run_id }}-arm64" || true diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml index 502be1b..694d644 100644 --- a/.github/workflows/superlinter.yml +++ b/.github/workflows/superlinter.yml @@ -1,42 +1,15 @@ ---- name: Super linter on: pull_request: - branches: ["main"] + branches: [main] -jobs: - build: - # Name the Job - name: Super linter - # Set the agent to run on - runs-on: ubuntu-latest - - steps: - - name: Checkout Code - uses: actions/checkout@v5 - with: - # Full git history is needed to get a proper list of changed files - # within `super-linter` - fetch-depth: 0 +permissions: + contents: read - ################################ - # Run Linter against code base # - ################################ - - name: Lint Code Base - uses: super-linter/super-linter/slim@v8 - env: - VALIDATE_ALL_CODEBASE: true - VALIDATE_CHECKOV: false - VALIDATE_GITHUB_ACTIONS_ZIZMOR: false - VALIDATE_JSON_PRETTIER: false - VALIDATE_MARKDOWN_PRETTIER: false - VALIDATE_NATURAL_LANGUAGE: false - VALIDATE_PYTHON_PYLINT: false - VALIDATE_SHELL_SHFMT: false - VALIDATE_TRIVY: false - VALIDATE_YAML: false - VALIDATE_YAML_PRETTIER: false - DEFAULT_BRANCH: main - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # These are the validation we disable atm +jobs: + lint: + uses: validatedpatterns/github-actions-library/.github/workflows/superlinter.yml@v1 + with: + sl_env: | + VALIDATE_TRIVY=false diff --git a/README.md b/README.md index dad0b43..a0cd31f 100644 --- a/README.md +++ b/README.md @@ -12,48 +12,52 @@ This container provides a pre-configured environment with all the necessary tool ## Installed Software -| name | type | version | -|:---------------------------------:|:--------:|:------------:| -|ansible |pip |2.16.14 | -|ansible.posix |collection|2.1.0 | -|ansible-runner |pip |2.4.1 | -|ansible.utils |collection|6.0.0 | -|argocd |binary |v2.9.7+fbb6b20| -|awscli |pip |1.42.25 | -|awx.awx |collection|24.6.1 | -|awxkit |pip |24.6.1 | -|azure-cli |pip |2.77.0 | -|boto3 |pip |1.40.25 | -|botocore |pip |1.40.25 | -|community.general |collection|11.2.1 | -|community.okd |collection|5.0.0 | -|gcloud |pip |0.18.3 | -|gh |package |2.78.0 | -|git-core |package |2.47.3 | -|gzip |package |1.12 | -|hcp |binary |4.17.0 | -|helm |binary |v3.13.3 | -|infra.ah_configuration |collection|2.1.0 | -|infra.controller_configuration |collection|3.1.3 | -|infra.eda_configuration |collection|1.1.0 | -|jmespath |pip |1.0.1 | -|jq |package |1.6 | -|kubernetes.core |collection|6.1.0 | -|kubernetes |pip |33.1.0 | -|kustomize |binary |v5.0.1 | -|make |package |4.3 | -|openshift |binary |4.14.20 | -|pytest |pip |8.4.2 | -|python3-pip |package |21.3.1 | -|python |package |3.11.11 | -|redhat_cop.controller_configuration|collection|2.3.1 | -|rhvp.cluster_utils |collection|1.1.0 | -|sshpass |package |1.09 | -|tar |package |1.34 | -|tea |binary |0.9.2 | -|tekton |binary |0.35.2 | -|vi |package |8.2.2637 | -|vp-qe-test-common |pip |0.1.0 | + + +| name | type | version | +| :---------------------------------: | :--------: | :------------: | +| ansible | pip | 2.16.14 | +| ansible.posix | collection | 2.1.0 | +| ansible-runner | pip | 2.4.1 | +| ansible.utils | collection | 6.0.0 | +| argocd | binary | v2.9.7+fbb6b20 | +| awscli | pip | 1.42.25 | +| awx.awx | collection | 24.6.1 | +| awxkit | pip | 24.6.1 | +| azure-cli | pip | 2.77.0 | +| boto3 | pip | 1.40.25 | +| botocore | pip | 1.40.25 | +| community.general | collection | 11.2.1 | +| community.okd | collection | 5.0.0 | +| gcloud | pip | 0.18.3 | +| gh | package | 2.78.0 | +| git-core | package | 2.47.3 | +| gzip | package | 1.12 | +| hcp | binary | 4.17.0 | +| helm | binary | v3.13.3 | +| infra.ah_configuration | collection | 2.1.0 | +| infra.controller_configuration | collection | 3.1.3 | +| infra.eda_configuration | collection | 1.1.0 | +| jmespath | pip | 1.0.1 | +| jq | package | 1.6 | +| kubernetes.core | collection | 6.1.0 | +| kubernetes | pip | 33.1.0 | +| kustomize | binary | v5.0.1 | +| make | package | 4.3 | +| openshift | binary | 4.14.20 | +| pytest | pip | 8.4.2 | +| python3-pip | package | 21.3.1 | +| python | package | 3.11.11 | +| redhat_cop.controller_configuration | collection | 2.3.1 | +| rhvp.cluster_utils | collection | 1.1.0 | +| sshpass | package | 1.09 | +| tar | package | 1.34 | +| tea | binary | 0.9.2 | +| tekton | binary | 0.35.2 | +| vi | package | 8.2.2637 | +| vp-qe-test-common | pip | 0.1.0 | + + ## Usage @@ -103,14 +107,17 @@ podman run --rm -it --net=host \ ## Troubleshooting **Permission issues with volume mounts** + - Ensure the `--security-opt label=disable` flag is used when running the container. - Check that your user has read/write access to the mounted directories. **Network connectivity issues** + - Use `--net=host` for full network access. - For restricted environments, configure appropriate network policies. **Missing tools or outdated versions** + - Check the installed software table above for current versions. - Consider building a custom image if you need different tool versions. diff --git a/default-cmd.sh b/default-cmd.sh index 727abc1..3670eec 100755 --- a/default-cmd.sh +++ b/default-cmd.sh @@ -1,6 +1,6 @@ #!/bin/bash echo -e \ -" + " 1 Welcome to the Validate Pattern utility container 111 It contains all the needed components to install a pattern. 1 1