This is the template that we use when we are creating any of the tools within the CICD Toolbox.
All of the tools have been tested against:
- GitHub Actions
- Travis CI
- CircleCI
- BitBucket pipelines
- Local command line
However due to the way that they are built they should work on most CICD platforms where you can run arbitrary scripts.
We provide a script which pulls the latest copy of all the CICD tools and places them in a local bin directory to allow them to be run any time locally for added validation.
The following environment variables can be set in order to customise the script.
| Name | Default Value | Purpose |
|---|---|---|
| INCLUDE_FILES | Unset | A comma separated list of files to include for being scanned. You can also use regex to do pattern matching. |
| EXCLUDE_FILES | Unset | A comma separated list of files to exclude from being scanned. You can also use regex to do pattern matching. |
| NO_COLOR | False | Turn off the color in the output. (It is turned off by default inside of pipelines) |
| REPORT_ONLY | False | Generate the report but do not fail the build even if an error occurred. |
| SHOW_ERRORS | True | Show the actual errors instead of just which files had errors. |
| SHOW_SKIPPED | False | Show which files are being skipped. |
| WHITELIST | Unset | A comma separated list of files to be excluded from being checked. |
If you set INCLUDE_FILES - it will skip ALL files that do not match, including anything in EXCLUDE_FILES.
Running the pipeline locally against this repository and using INCLUDE_FILES="tests" results in the follow:
--------------------------------------------------------------------- Stage 1: Parameters --
Included Files: tests
---------------------------------------------------------- Stage 2: Install Prerequisites --
[ OK ] file is already installed
--------------------------------------------------------------- Stage 3: Run file (v5.41) --
[ OK ] tests/test.py
------------------------------------------------------------------------- Stage 4: Report --
Total: 1, OK: 1, Failed: 0, Skipped: 0
----------------------------------------------------------------------- Stage 5: Complete --
Target files are identified using the following code:
file -b "${filename}" | grep -qE '^(REGEX)'
AND
[[ ${filename} =~ \.(REGEX)$ ]]| Name | Purpose |
|---|---|
| Action Lint | Validate your GitHub action files using actionlint. |
| Awesomebot | Link check your files with awesome_bot. |
| Bandit | Inspect your Python projects for security issues using bandit. |
| Hadolint | Validate your Dockerfiles using hadolint. |
| JSON Lint | Validate your JSON files using jq. |
| Markdown Lint | Validate your markdown files in using markdownlint-cli. |
| Perl Lint | Validate your Perl scripts using the native perl linter. |
| PHP Lint | Validate your PHP code using the native php linter. |
| Puppet Lint | Validate your Puppet files using puppet-lint. |
| Pur | Verify your Python projects requirements.txt for updates using pur. |
| PyCodeStyle | Inspect your Python projects for code smells using pycodestyle. |
| PyDocStyle | Validate your Python project documentation for compliance with pydocstyle. |
| Pylama | Validate your Python project documentation for compliance with pylama. |
| Pylint | Inspect your Python projects for code smells using pylint. |
| Reek | Inspect your Ruby code for code smells using reek. |
| Rubocop | Perform static code analysis on Ruby code using rubocop. |
| ShellCheck | Perform static code analysis on shell scripts using ShellCheck. |
| Validate Citations File | Validate CITATIONS.cff using cffconvert. |
| YAML Lint | Validate your yaml files in CI/CD pipelines using yamllint. |
