From dac6600a2382156570d37ed2fab757636661af58 Mon Sep 17 00:00:00 2001 From: Nathan Weinberg Date: Thu, 25 Apr 2024 12:11:17 -0500 Subject: [PATCH 1/5] ci: add GitHub Action linter Signed-off-by: Nathan Weinberg --- .github/workflows/actionlint.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/actionlint.yml diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml new file mode 100644 index 0000000..55b6377 --- /dev/null +++ b/.github/workflows/actionlint.yml @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint GitHub Actions workflows +on: + push: + branches: + - "main" + paths: + - '.github/**' + pull_request: + branches: + - "main" + paths: + - '.github/**' + +defaults: + run: + shell: bash + +jobs: + actionlint: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Download actionlint + id: get_actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.27 + - name: Check workflow files + run: PATH=".:$PATH" actionlint -color From d959c5cae4ea4a76d03b85a51b75ac7b57f2651d Mon Sep 17 00:00:00 2001 From: Nathan Weinberg Date: Thu, 25 Apr 2024 15:53:33 -0500 Subject: [PATCH 2/5] ci: add markdown linter and fix all linting errors Signed-off-by: Nathan Weinberg --- .github/workflows/docs.yml | 23 +++++++++++++++++++++++ .markdownlint-cli2.yaml | 13 +++++++++++++ Makefile | 22 ++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 .github/workflows/docs.yml create mode 100644 .markdownlint-cli2.yaml create mode 100644 Makefile diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..ecb12dd --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,23 @@ +name: docs + +on: + push: + branches: ["main"] + paths: + - '**/*.md' + - '.markdownlint-cli2.yaml' + pull_request: + branches: ["main"] + paths: + - '**/*.md' + - '.markdownlint-cli2.yaml' + +jobs: + markdown-lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: markdownlint-cli2-action + uses: DavidAnson/markdownlint-cli2-action@v15 + with: + globs: '**/*.md' diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml new file mode 100644 index 0000000..1104379 --- /dev/null +++ b/.markdownlint-cli2.yaml @@ -0,0 +1,13 @@ +config: + line-length: false + no-emphasis-as-header: false + first-line-heading: false + code-block-style: false + no-duplicate-header: false + single-trailing-newline: false +globs: + - "**/*.md" +ignores: + - ".tox/**" + - "venv/**" + - ".venv/**" diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..82a3aa8 --- /dev/null +++ b/Makefile @@ -0,0 +1,22 @@ +.PHONY: help +help: + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-18s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +# +# If you want to see the full commands, run: +# NOISY_BUILD=y make +# +ifeq ($(NOISY_BUILD),) + ECHO_PREFIX=@ + CMD_PREFIX=@ + PIPE_DEV_NULL=> /dev/null 2> /dev/null +else + ECHO_PREFIX=@\# + CMD_PREFIX= + PIPE_DEV_NULL= +endif + +.PHONY: md-lint +md-lint: ## Lint markdown files + $(ECHO_PREFIX) printf " %-12s ./...\n" "[MD LINT]" + $(CMD_PREFIX) podman run --rm -v $(CURDIR):/workdir --security-opt label=disable docker.io/davidanson/markdownlint-cli2:v0.12.1 > /dev/null From e3a4165f5b4f4e33b8cd3c729b61ca3a22175f6a Mon Sep 17 00:00:00 2001 From: Nathan Weinberg Date: Thu, 16 May 2024 13:21:02 -0400 Subject: [PATCH 3/5] Harden actions Signed-off-by: Nathan Weinberg --- .github/workflows/actionlint.yml | 34 ++++++++++++++++----- .github/workflows/docs.yml | 35 ++++++++++++++++++---- .github/workflows/matchers/actionlint.json | 18 +++++++++++ 3 files changed, 73 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/matchers/actionlint.json diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index 55b6377..6fad273 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -6,25 +6,43 @@ on: branches: - "main" paths: - - '.github/**' + - '.github/workflows/*.ya?ml' pull_request: branches: - "main" paths: - - '.github/**' + - '.github/workflows/*.ya?ml' + +env: + LC_ALL: en_US.UTF-8 defaults: run: shell: bash +permissions: + contents: read + jobs: actionlint: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Download actionlint + - name: "Harden Runner" + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: "Checkout" + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + with: + fetch-depth: 0 + + - name: "Download actionlint" id: get_actionlint - run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.6.27 - - name: Check workflow files - run: PATH=".:$PATH" actionlint -color + run: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/2d26fef7e97b8ab345791f5ade3252da47d083e3/scripts/download-actionlint.bash) + + - name: "Check workflow files" + run: | + echo "::add-matcher::.github/workflows/matchers/actionlint.json" + ${{ steps.get_actionlint.outputs.executable }} -color diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index ecb12dd..77db9a2 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -1,23 +1,46 @@ -name: docs +# SPDX-License-Identifier: Apache-2.0 + +name: Lint Markdown documents on: push: - branches: ["main"] + branches: + - "main" paths: - '**/*.md' - '.markdownlint-cli2.yaml' + - '.github/workflows/docs.yml' # This workflow pull_request: - branches: ["main"] + branches: + - "main" paths: - '**/*.md' - '.markdownlint-cli2.yaml' + - '.github/workflows/docs.yml' # This workflow + +env: + LC_ALL: en_US.UTF-8 + +defaults: + run: + shell: bash + +permissions: + contents: read jobs: markdown-lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: markdownlint-cli2-action - uses: DavidAnson/markdownlint-cli2-action@v15 + - name: "Harden Runner" + uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: "Checkout" + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + with: + fetch-depth: 0 + - name: "Check Markdown documents" + uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0 with: globs: '**/*.md' diff --git a/.github/workflows/matchers/actionlint.json b/.github/workflows/matchers/actionlint.json new file mode 100644 index 0000000..a618c81 --- /dev/null +++ b/.github/workflows/matchers/actionlint.json @@ -0,0 +1,18 @@ +{ + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] + } + \ No newline at end of file From 19026fe42ec31aa1e9ad8824481f9111a8205156 Mon Sep 17 00:00:00 2001 From: Nathan Weinberg Date: Thu, 16 May 2024 14:47:57 -0400 Subject: [PATCH 4/5] Set makrdownlint container image to latest Signed-off-by: Nathan Weinberg --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 82a3aa8..c33811f 100644 --- a/Makefile +++ b/Makefile @@ -19,4 +19,4 @@ endif .PHONY: md-lint md-lint: ## Lint markdown files $(ECHO_PREFIX) printf " %-12s ./...\n" "[MD LINT]" - $(CMD_PREFIX) podman run --rm -v $(CURDIR):/workdir --security-opt label=disable docker.io/davidanson/markdownlint-cli2:v0.12.1 > /dev/null + $(CMD_PREFIX) podman run --rm -v $(CURDIR):/workdir --security-opt label=disable docker.io/davidanson/markdownlint-cli2:latest > /dev/null From 5656ff5cde62fdc7a5e9fffa802c85269468c2a8 Mon Sep 17 00:00:00 2001 From: Nathan Weinberg Date: Thu, 16 May 2024 14:53:40 -0400 Subject: [PATCH 5/5] Add dependabot Signed-off-by: Nathan Weinberg --- .github/dependabot.yml | 17 +++++++++++ .github/workflows/matchers/actionlint.json | 33 +++++++++++----------- 2 files changed, 33 insertions(+), 17 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a17e0a4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: Apache-2.0 + +# GitHub Dependabot configuration file +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + + # Maintain dependencies for JS/yarn + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/matchers/actionlint.json b/.github/workflows/matchers/actionlint.json index a618c81..4613e16 100644 --- a/.github/workflows/matchers/actionlint.json +++ b/.github/workflows/matchers/actionlint.json @@ -1,18 +1,17 @@ { - "problemMatcher": [ - { - "owner": "actionlint", - "pattern": [ - { - "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", - "file": 1, - "line": 2, - "column": 3, - "message": 4, - "code": 5 - } - ] - } - ] - } - \ No newline at end of file + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] +}