diff --git a/.github/workflows/cluster_recreate.yml b/.github/workflows/cluster_recreate.yml index d8a4865026..6c04a345c9 100644 --- a/.github/workflows/cluster_recreate.yml +++ b/.github/workflows/cluster_recreate.yml @@ -21,7 +21,7 @@ jobs: creds: ${{ secrets.CONTRAST_CI_INFRA_AZURE }} - name: Cleanup .azure dir run: | - rm $HOME/.azure/{commandIndex.json,versionCheck.json} + rm "$HOME/.azure/{commandIndex.json,versionCheck.json}" - name: Destroy existing CI cluster continue-on-error: true run: | @@ -40,6 +40,6 @@ jobs: echo "SYNC_IP=$SYNC_IP" | tee -a "$GITHUB_ENV" - name: Create fifo run: | - fifoUUID=$(curl -fsSL http://$SYNC_IP:8080/fifo/new | jq -r '.uuid') + fifoUUID=$(curl -fsSL "http://$SYNC_IP:8080/fifo/new" | jq -r '.uuid') echo "Fifo UUID: $fifoUUID" - kubectl create configmap sync-server-fifo --from-literal=uuid=$fifoUUID + kubectl create configmap sync-server-fifo "--from-literal=uuid=$fifoUUID" diff --git a/.github/workflows/e2e_openssl.yml b/.github/workflows/e2e_openssl.yml index e3303080fe..e08255d78d 100644 --- a/.github/workflows/e2e_openssl.yml +++ b/.github/workflows/e2e_openssl.yml @@ -54,9 +54,9 @@ jobs: - name: Set sync environemnt run: | sync_ip=$(kubectl get svc sync -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a $GITHUB_ENV + echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a "$GITHUB_ENV" sync_uuid=$(kubectl get configmap sync-server-fifo -o jsonpath='{.data.uuid}') - echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a $GITHUB_ENV + echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a "$GITHUB_ENV" - name: Build and prepare deployments run: | just coordinator initializer openssl port-forwarder node-installer @@ -69,4 +69,4 @@ jobs: - name: Cleanup if: cancelled() && !inputs.skip-undeploy run: | - kubectl delete ns $(cat workspace/e2e.namespace) --timeout 5m + kubectl delete ns "$(cat workspace/e2e.namespace)" --timeout 5m diff --git a/.github/workflows/e2e_policy.yml b/.github/workflows/e2e_policy.yml index 6c8d48f12c..9ca6aad9d8 100644 --- a/.github/workflows/e2e_policy.yml +++ b/.github/workflows/e2e_policy.yml @@ -54,9 +54,9 @@ jobs: - name: Set sync environemnt run: | sync_ip=$(kubectl get svc sync -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a $GITHUB_ENV + echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a "$GITHUB_ENV" sync_uuid=$(kubectl get configmap sync-server-fifo -o jsonpath='{.data.uuid}') - echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a $GITHUB_ENV + echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a "$GITHUB_ENV" - name: Build and prepare deployments run: | just coordinator initializer openssl port-forwarder node-installer @@ -69,4 +69,4 @@ jobs: - name: Undeploy if: always() && inputs.skip-undeploy != 'true' run: | - kubectl delete ns $(cat workspace/e2e.namespace) --timeout 5m + kubectl delete ns "$(cat workspace/e2e.namespace)" --timeout 5m diff --git a/.github/workflows/e2e_regression.yml b/.github/workflows/e2e_regression.yml index a43ea423bc..6df7ad97d8 100644 --- a/.github/workflows/e2e_regression.yml +++ b/.github/workflows/e2e_regression.yml @@ -70,4 +70,4 @@ jobs: - name: Cleanup if: cancelled() && !inputs.skip-undeploy run: | - kubectl delete ns $(cat workspace/e2e.namespace) --timeout 5m + kubectl delete ns "$(cat workspace/e2e.namespace)" --timeout 5m diff --git a/.github/workflows/e2e_runtime-reproducibility.yml b/.github/workflows/e2e_runtime-reproducibility.yml index e4eaa17907..22c3a31ca5 100644 --- a/.github/workflows/e2e_runtime-reproducibility.yml +++ b/.github/workflows/e2e_runtime-reproducibility.yml @@ -27,16 +27,17 @@ jobs: - uses: ./.github/actions/setup_nix with: githubToken: ${{ secrets.GITHUB_TOKEN }} + cachixToken: "" # Don't use the cachix cache - uses: nicknovitski/nix-develop@a2060d116a50b36dfab02280af558e73ab52427d # v1.1.0 - name: Build id: build run: | nix build .#${{ matrix.build-target }} --option substituters https://cache.nixos.org --builders "" - reference_checksum="$(cat result/index.json | jq -r '.manifests[0].digest')" + reference_checksum="$(jq -r '.manifests[0].digest' result/index.json)" echo "reference-checksum-${{ matrix.os }}-${{ matrix.build-target}}=$reference_checksum" >> "$GITHUB_OUTPUT" nix build .#${{ matrix.build-target }} --rebuild --option substituters https://cache.nixos.org --builders "" -o rebuild - rebuild_checksum="$(cat rebuild/index.json | jq -r '.manifests[0].digest')" + rebuild_checksum="$(jq -r '.manifests[0].digest' rebuild/index.json)" echo "rebuild-checksum-${{ matrix.os }}-${{ matrix.build-target}}=$rebuild_checksum" >> "$GITHUB_OUTPUT" - name: Upload Build Artifacts uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 diff --git a/.github/workflows/e2e_servicemesh.yml b/.github/workflows/e2e_servicemesh.yml index c68a60df35..c62c68e50c 100644 --- a/.github/workflows/e2e_servicemesh.yml +++ b/.github/workflows/e2e_servicemesh.yml @@ -54,9 +54,9 @@ jobs: - name: Set sync environemnt run: | sync_ip=$(kubectl get svc sync -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a $GITHUB_ENV + echo "SYNC_ENDPOINT=http://$sync_ip:8080" | tee -a "$GITHUB_ENV" sync_uuid=$(kubectl get configmap sync-server-fifo -o jsonpath='{.data.uuid}') - echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a $GITHUB_ENV + echo "SYNC_FIFO_UUID=$sync_uuid" | tee -a "$GITHUB_ENV" - name: Build and prepare deployments run: | just coordinator initializer port-forwarder service-mesh-proxy node-installer @@ -69,4 +69,4 @@ jobs: - name: Cleanup if: cancelled() && !inputs.skip-undeploy run: | - kubectl delete ns $(cat workspace/e2e.namespace) --timeout 5m + kubectl delete ns "$(cat workspace/e2e.namespace)" --timeout 5m diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 230578e9c5..85e577a5f2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -260,10 +260,12 @@ jobs: echo "serviceMeshImgTagged=$(tag "$serviceMeshImg")" | tee -a "$GITHUB_ENV" - name: Create file with image replacements run: | - echo "ghcr.io/edgelesssys/contrast/coordinator:latest=$coordinatorImgTagged" > image-replacements.txt - echo "ghcr.io/edgelesssys/contrast/initializer:latest=$initializerImgTagged" >> image-replacements.txt - echo "ghcr.io/edgelesssys/contrast/service-mesh-proxy:latest=$serviceMeshImgTagged" >> image-replacements.txt - echo "ghcr.io/edgelesssys/contrast/node-installer-microsoft:latest=$nodeInstallerImgTagged" >> image-replacements.txt + { + echo "ghcr.io/edgelesssys/contrast/coordinator:latest=$coordinatorImgTagged" + echo "ghcr.io/edgelesssys/contrast/initializer:latest=$initializerImgTagged" + echo "ghcr.io/edgelesssys/contrast/service-mesh-proxy:latest=$serviceMeshImgTagged" + echo "ghcr.io/edgelesssys/contrast/node-installer-microsoft:latest=$nodeInstallerImgTagged" + } > image-replacements.txt - name: Upload image replacements file (for main branch PR) uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: diff --git a/treefmt.nix b/treefmt.nix index da177b2911..2c27d10c98 100644 --- a/treefmt.nix +++ b/treefmt.nix @@ -6,6 +6,7 @@ projectRootFile = "flake.nix"; programs = { # keep-sorted start block=true + actionlint.enable = true; deadnix.enable = true; formatjson5 = { enable = true;