ci: add validation with yamllint

goss-org · Jul 13, 2024 · d45722e · d45722e
1 parent db068fe
commit d45722e
Show file tree

Hide file tree

Showing 21 changed files with 541 additions and 520 deletions.
diff --git a/.github/workflows/docker-goss.yaml b/.github/workflows/docker-goss.yaml
@@ -1,98 +1,98 @@
-name: Docker image for Goss
-
-on:
-  push:
-    branches:
-      - master
-    tags:
-      - "v*"
-  workflow_dispatch:
-
-env:
-  PLATFORMS: "linux/amd64,linux/arm64"
-
-jobs:
-  goss:
-    name: Build and push Docker image
-    runs-on: ubuntu-latest
-    permissions:
-      packages: write
-      contents: read
-      security-events: write # To upload Trivy sarif files
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GHCR
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/${{ github.repository_owner }}/goss
-
-      - name: Get latest git tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
-        id: get-latest-tag
-
-      - name: Set short git commit SHA
-        run: |
-          calculatedSha=$(git rev-parse --short ${{ github.sha }})
-          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
-
-      - name: Get the current version of Go from project.
-        run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
-
-      - name: Build master goss image
-        if: github.ref_name == 'master'
-        uses: docker/build-push-action@v5
-        with:
-          build-args: |
-            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
-            GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }}
-          context: .
-          push: true
-          tags: |
-            ghcr.io/${{ github.repository_owner }}/goss:master
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: ${{ env.PLATFORMS }}
-
-      - name: Build release goss image
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
-        uses: docker/build-push-action@v5
-        with:
-          build-args: |
-            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
-            GOSS_VERSION=${{ github.ref_name }}
-          context: .
-          push: true
-          tags: |
-            ghcr.io/${{ github.repository_owner }}/goss:latest
-            ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }}
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: ${{ env.PLATFORMS }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
-          format: "sarif"
-          output: "trivy-results.sarif"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: "trivy-results.sarif"
+name: Docker image for Goss
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+env:
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+jobs:
+  goss:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      security-events: write  # To upload Trivy sarif files
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/goss
+
+      - name: Get latest git tag
+        uses: actions-ecosystem/action-get-latest-tag@v1
+        id: get-latest-tag
+
+      - name: Set short git commit SHA
+        run: |
+          calculatedSha=$(git rev-parse --short ${{ github.sha }})
+          echo "COMMIT_SHORT_SHA=$calculatedSha" >> $GITHUB_ENV
+
+      - name: Get the current version of Go from project.
+        run: echo "GO_VERSION_FROM_PROJECT=$(go mod edit -json | jq -r .Go)" >> $GITHUB_ENV
+
+      - name: Build master goss image
+        if: github.ref_name == 'master'
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ steps.get-latest-tag.outputs.tag }}-${{ github.ref_name }}+${{ env.COMMIT_SHORT_SHA }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:master
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Build release goss image
+        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+        uses: docker/build-push-action@v5
+        with:
+          build-args: |
+            GO_VERSION=${{ env.GO_VERSION_FROM_PROJECT }}
+            GOSS_VERSION=${{ github.ref_name }}
+          context: .
+          push: true
+          tags: |
+            ghcr.io/${{ github.repository_owner }}/goss:latest
+            ghcr.io/${{ github.repository_owner }}/goss:${{ github.ref_name }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ghcr.io/${{ github.repository_owner }}/goss:master
+          format: "sarif"
+          output: "trivy-results.sarif"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml
@@ -0,0 +1,17 @@
+name: Validate YAML
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths:
+      - "**/*.ya?ml"
+
+jobs:
+  validate-yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Validate YAML file
+        run: yamllint -c .yamllint .
diff --git a/.yamllint b/.yamllint
@@ -1,8 +1,26 @@
 ---
 extends: default
 
+ignore:
+  # uses go templates (these are invalid yaml files)
+  - integration-tests/goss/goss-service.yaml
+  - integration-tests/goss/goss-shared.yaml
+  - docs/goss.yaml
+
 rules:
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1  # required for schema.yaml
+  brackets:
+    min-spaces-inside: 0
+    max-spaces-inside: 1  # required for schema.yaml
+  indentation:
+    spaces: consistent
+    indent-sequences: consistent
   line-length: disable
+  document-start: disable
   truthy:
     allowed-values:
-      - on
+      - "on"  # required for github workflows
+      - "false"
+      - "true"
diff --git a/docs/goss.yaml b/docs/goss.yaml
@@ -16,7 +16,7 @@ command:
     stdout:
       - go version go1.6 linux/amd64
     stderr: []
-    timeout: 10000 # in milliseconds
+    timeout: 10000  # in milliseconds
     skip: false
 
 dns:
@@ -64,7 +64,7 @@ group:
     gid: 65534
   nobody:
     exists: true
-    
+
 
 http:
   https://www.google.com:
@@ -190,14 +190,14 @@ user:
       home: /var/lib/nfs
       shell: /sbin/nologin
       skip: false
-    
+
     nobody:
       exists: true
       uid:
         lt: 500
       groups:
         consist-of: [nobody]
-    
+
     sshd:
       title: UID must be between 50-100, GID doesn't matter. home is flexible
       meta:
@@ -216,7 +216,3 @@ user:
           - /var/run/sshd
 
 # https://github.com/goss-org/goss/blob/master/README.md#manually-editing-goss-files
-
-
-
-
diff --git a/docs/myapp_gossfile.yaml b/docs/myapp_gossfile.yaml
@@ -1,2 +1,2 @@
 # This is a sample file referenced by goss.yaml
-# Used for render test and Json schema validation.
+# Used for render test and Json schema validation.