From 160766df2eaa7e47d43266d21ddbd7814472f059 Mon Sep 17 00:00:00 2001 From: Blaine Gardner Date: Tue, 10 Sep 2024 13:34:47 -0600 Subject: [PATCH] use megalinter Add megalinter config and tooling to run megalinter. Signed-off-by: Blaine Gardner --- .cspell.json | 50 +++++++++++++++++++ .github/workflows/mega-linter-action.yaml | 46 +++++++++++++++++ .gitignore | 5 +- .mega-linter.yml | 18 +++++++ .prow.sh | 6 --- .yamllint.yml | 7 +++ client/apis/objectstorage/v1alpha1/types.go | 4 +- .../objectstorage.k8s.io_bucketaccesses.yaml | 2 +- .../objectstorage.k8s.io_bucketclaims.yaml | 2 +- client/hack/update-codegen.sh | 2 + controller/Dockerfile | 5 +- controller/resources/deployment.yaml | 2 +- controller/resources/rbac.yaml | 37 +++++++------- hack/Dockerfile.in | 5 +- sidecar/Dockerfile | 5 +- 15 files changed, 162 insertions(+), 34 deletions(-) create mode 100644 .cspell.json create mode 100644 .github/workflows/mega-linter-action.yaml create mode 100644 .mega-linter.yml delete mode 100755 .prow.sh create mode 100644 .yamllint.yml diff --git a/.cspell.json b/.cspell.json new file mode 100644 index 00000000..ae0e3ce6 --- /dev/null +++ b/.cspell.json @@ -0,0 +1,50 @@ +// cSpell Settings +{ + // Version of the setting file. Always 0.2 + "version": "0.2", + // language - current active spelling language + "language": "en", + // words - list of words to be always considered correct + "words": [ + "apiextensions", + "bucketaccess", + "bucketaccessclass", + "bucketaccessclasses", + "bucketaccesses", + "bucketclaim", + "bucketclaims", + "bucketclass", + "bucketclasses", + "buildroot", + "buildx", + "CDPATH", + "cloudbuild", + "codegen", + "cosi", + "crds", + "devel", + "distroless", + "ghash", + "GOARCH", + "golangci", + "hadolint", + "healthz", + "HIGHCPU", + "klog", + "kubebuilder", + "kustomization", + "nonroot", + "objectstorage", + "readyz", + "rolebinding", + "serviceaccount", + "serviceaccounts", + "shellcheck", + ], + // flagWords - list of words to be always considered incorrect + // This is useful for offensive words and common spelling errors. + // For example "hte" should be "the" + "flagWords": [ + "hte" + ] +} diff --git a/.github/workflows/mega-linter-action.yaml b/.github/workflows/mega-linter-action.yaml new file mode 100644 index 00000000..b500d0b5 --- /dev/null +++ b/.github/workflows/mega-linter-action.yaml @@ -0,0 +1,46 @@ +name: MegaLinter + +on: + pull_request: + branches: + - main + - master + - monorepo + - release-* + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + steps: + + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Run MegaLinter + uses: oxsecurity/megalinter@v8 # More info at https://megalinter.io/flavors/ + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SECURED_ENV_VARIABLES: GITHUB_TOKEN # env vars hidden from sub-linters + VALIDATE_ALL_CODEBASE: true + FAIL_IF_MISSING_LINTER_IN_FLAVOR: true # if action can't run a desired linter, return err + SHOW_ELAPSED_TIME: true # for debugging any megalinter issues + PRINT_ALL_FILES: true # for debugging any megalinter issues + + - name: Upload MegaLinter artifacts + uses: actions/upload-artifact@v4 + if: success() || failure() + with: + name: MegaLinter reports + path: | + megalinter-reports + mega-linter.log diff --git a/.gitignore b/.gitignore index 590a65c1..63b74b47 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,11 @@ *.tmp .DS_Store .build +.cache *.swp release-tools .idea travis.yml - +megalinter-reports/ +mega-linter.log +*megalinter*.txt diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 00000000..e9cc32c5 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,18 @@ +# Configuration file for MegaLinter +# See all available variables at https://megalinter.io/configuration/ and in linters documentation + +ENABLE_LINTERS: # all other linters will be disabled by default + - BASH_SHELLCHECK + - YAML_YAMLLINT + - DOCKERFILE_HADOLINT + - SPELL_CSPELL + +DISABLE_LINTERS: + # golangci-lint can't lint the whole project and needs called one-by-one for each submodule + - GO_GOLANGCI_LINT + +FILTER_REGEX_INCLUDE: '(\.*\.go)' + +FILTER_REGEX_EXCLUDE: '(\.github/workflows|.*/vendor|pkg/imported-.*)' + +# MARKDOWN_FILTER_REGEX_EXCLUDE: '(license\.md|docs/licenses)' diff --git a/.prow.sh b/.prow.sh deleted file mode 100755 index 682601dd..00000000 --- a/.prow.sh +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/bash - -. release-tools/prow.sh - -main - diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100644 index 00000000..259a95df --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,7 @@ +extends: default +rules: + document-start: disable # don't care if doc doesn't start with --- + line-length: + level: warning + indentation: # kubebuilder generator uses non-recommended indentation, but it's consistent + indent-sequences: consistent diff --git a/client/apis/objectstorage/v1alpha1/types.go b/client/apis/objectstorage/v1alpha1/types.go index 1519ccc9..df159398 100644 --- a/client/apis/objectstorage/v1alpha1/types.go +++ b/client/apis/objectstorage/v1alpha1/types.go @@ -162,7 +162,7 @@ type BucketClaimSpec struct { } type BucketClaimStatus struct { - // BucketReady indicates that the bucket is ready for consumpotion + // BucketReady indicates that the bucket is ready for consumption // by workloads BucketReady bool `json:"bucketReady"` @@ -287,7 +287,7 @@ type BucketAccessSpec struct { // CredentialsSecretName is the name of the secret that COSI should populate // with the credentials. If a secret by this name already exists, then it is // assumed that credentials have already been generated. It is not overridden. - // This secret is deleted when the BucketAccess is delted. + // This secret is deleted when the BucketAccess is deleted. CredentialsSecretName string `json:"credentialsSecretName"` // ServiceAccountName is the name of the serviceAccount that COSI will map diff --git a/client/config/crd/objectstorage.k8s.io_bucketaccesses.yaml b/client/config/crd/objectstorage.k8s.io_bucketaccesses.yaml index 09cd7d0a..a2338c8c 100644 --- a/client/config/crd/objectstorage.k8s.io_bucketaccesses.yaml +++ b/client/config/crd/objectstorage.k8s.io_bucketaccesses.yaml @@ -48,7 +48,7 @@ spec: CredentialsSecretName is the name of the secret that COSI should populate with the credentials. If a secret by this name already exists, then it is assumed that credentials have already been generated. It is not overridden. - This secret is deleted when the BucketAccess is delted. + This secret is deleted when the BucketAccess is deleted. type: string protocol: description: |- diff --git a/client/config/crd/objectstorage.k8s.io_bucketclaims.yaml b/client/config/crd/objectstorage.k8s.io_bucketclaims.yaml index 12d6a648..b0cf3e10 100644 --- a/client/config/crd/objectstorage.k8s.io_bucketclaims.yaml +++ b/client/config/crd/objectstorage.k8s.io_bucketclaims.yaml @@ -69,7 +69,7 @@ spec: type: string bucketReady: description: |- - BucketReady indicates that the bucket is ready for consumpotion + BucketReady indicates that the bucket is ready for consumption by workloads type: boolean required: diff --git a/client/hack/update-codegen.sh b/client/hack/update-codegen.sh index e5307fc9..983aeb63 100755 --- a/client/hack/update-codegen.sh +++ b/client/hack/update-codegen.sh @@ -18,8 +18,10 @@ set -o errexit set -o nounset set -o pipefail +# shellcheck disable=SC1091 # Not following: (with below) this is working to load the right path CLIENT_ROOT=$(unset CDPATH && cd "$(dirname "${BASH_SOURCE[0]}")"/.. && pwd) +# shellcheck disable=SC1091 # Not following: (with above) this is working to load the right path source "${CLIENT_ROOT}/vendor/k8s.io/code-generator/kube_codegen.sh" kube::codegen::gen_helpers \ diff --git a/controller/Dockerfile b/controller/Dockerfile index cd96dd26..ea80bd99 100644 --- a/controller/Dockerfile +++ b/controller/Dockerfile @@ -16,7 +16,10 @@ COPY internal/ internal/ COPY controller/go.mod controller/go.mod COPY controller/go.sum controller/go.sum -RUN cd controller && go mod download +WORKDIR /buildroot/controller +RUN go mod download + +WORKDIR /buildroot COPY controller/cmd/ controller/cmd/ COPY controller/pkg/ controller/pkg/ diff --git a/controller/resources/deployment.yaml b/controller/resources/deployment.yaml index e222fa60..503b6c66 100644 --- a/controller/resources/deployment.yaml +++ b/controller/resources/deployment.yaml @@ -34,4 +34,4 @@ spec: image: gcr.io/k8s-staging-sig-storage/objectstorage-controller:v20221027-v0.1.1-8-g300019f imagePullPolicy: Always args: - - "--v=5" + - "--v=5" diff --git a/controller/resources/rbac.yaml b/controller/resources/rbac.yaml index 8123e1aa..a27237e3 100644 --- a/controller/resources/rbac.yaml +++ b/controller/resources/rbac.yaml @@ -10,22 +10,21 @@ metadata: app.kubernetes.io/version: main app.kubernetes.io/name: container-object-storage-interface-controller rules: -- apiGroups: ["objectstorage.k8s.io"] - resources: ["bucketclaims", "bucketaccesses", "bucketclaims/status", "bucketaccesses/status"] - verbs: ["get", "list", "watch", "update"] -- apiGroups: ["objectstorage.k8s.io"] - resources: ["buckets"] - verbs: ["get", "list", "watch", "update", "create", "delete"] -- apiGroups: ["objectstorage.k8s.io"] - resources: ["bucketclasses","bucketaccessclasses"] - verbs: ["get", "list"] -- apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -- apiGroups: [""] - resources: ["configmaps", "serviceaccounts"] - verbs: ["list", "get"] - + - apiGroups: ["objectstorage.k8s.io"] + resources: ["bucketclaims", "bucketaccesses", "bucketclaims/status", "bucketaccesses/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["objectstorage.k8s.io"] + resources: ["buckets"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: ["objectstorage.k8s.io"] + resources: ["bucketclasses", "bucketaccessclasses"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps", "serviceaccounts"] + verbs: ["list", "get"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -57,9 +56,9 @@ metadata: app.kubernetes.io/version: main app.kubernetes.io/name: container-object-storage-interface-controller rules: -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/hack/Dockerfile.in b/hack/Dockerfile.in index 7b8206f2..71bec7ad 100644 --- a/hack/Dockerfile.in +++ b/hack/Dockerfile.in @@ -14,7 +14,10 @@ COPY internal/ internal/ COPY {{COMPONENT}}/go.mod {{COMPONENT}}/go.mod COPY {{COMPONENT}}/go.sum {{COMPONENT}}/go.sum -RUN cd {{COMPONENT}} && go mod download +WORKDIR /buildroot/{{COMPONENT}} +RUN go mod download + +WORKDIR /buildroot COPY {{COMPONENT}}/cmd/ {{COMPONENT}}/cmd/ COPY {{COMPONENT}}/pkg/ {{COMPONENT}}/pkg/ diff --git a/sidecar/Dockerfile b/sidecar/Dockerfile index 3952564d..f0f78133 100644 --- a/sidecar/Dockerfile +++ b/sidecar/Dockerfile @@ -16,7 +16,10 @@ COPY internal/ internal/ COPY sidecar/go.mod sidecar/go.mod COPY sidecar/go.sum sidecar/go.sum -RUN cd sidecar && go mod download +WORKDIR /buildroot/sidecar +RUN go mod download + +WORKDIR /buildroot COPY sidecar/cmd/ sidecar/cmd/ COPY sidecar/pkg/ sidecar/pkg/