Reviewdog container image #9082

.github/workflows/build-and-release-container.yaml → .github/workflows/build-and-release.yaml

@@ -1,4 +1,4 @@
-name: Build & Release container
+name: Build & Release
 
 on:
   push:
@@ -10,7 +10,7 @@ permissions:
   contents: write
 
 jobs:
-  build-and-release-container:
+  repo-ansible-container:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -60,3 +60,47 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-to: type=gha
           cache-from: type=gha
+
+  reviewdog-container:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          # moby/buildkit v0.11.0 causes untagged images to appear in github
+          # packages and the workaround does not seem to have any effect
+          # (set provenance=false in docker/build-push-action@v4)
+          driver-opts: network=host,image=moby/buildkit:v0.10.5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}/reviewdog
+          tags: |
+            type=sha
+            type=raw,value=latest,enable=true
+            type=raw,value=${{ github.ref_name }}
+
+      - name: Login to Container Registry ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: ./docker/reviewdog/
+          provenance: false
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-to: type=gha
+          cache-from: type=gha

README.md

@@ -107,6 +107,7 @@ your repository.
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| reviewdog<br>platforms `array` |-| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
 | devcontainer<br>postStartCommand `string` |-| Additional (shell) commands to run when the container is started. This event takes place after the create event, but opposed to the create event it's triggered every time the container is started (including when it's resumed from a suspended state). In a typical JavaScript application you might set it to run a `npm run dev` or equivalent step.|

docker/reviewdog/Dockerfile

@@ -0,0 +1,31 @@
+FROM php:8.4
+
+RUN apt-get -y update && apt-get install -y ansible wget
+
+ARG phpstan_version=2.0.1
+RUN wget "https://github.com/phpstan/phpstan/releases/download/$phpstan_version/phpstan.phar" \
+&& chmod +x phpstan.phar \
+&& mv phpstan.phar /usr/local/bin/phpstan
+
+ARG php_cs_fixer_version=v3.64.0
+RUN wget "https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/download/$php_cs_fixer_version/php-cs-fixer.phar" \
+&& chmod +x php-cs-fixer.phar \
+&& mv php-cs-fixer.phar /usr/local/bin/php-cs-fixer
+
+ARG twig_cs_fixer_version=3.3.1
+RUN wget "https://github.com/VincentLanglet/Twig-CS-Fixer/releases/download/$twig_cs_fixer_version/twig-cs-fixer.phar" \
+&& chmod +x twig-cs-fixer.phar \
+&& mv twig-cs-fixer.phar /usr/local/bin/twig-cs-fixer
+
+ARG reviewdog_version=0.20.2
+RUN wget "https://github.com/reviewdog/reviewdog/releases/download/v$reviewdog_version/reviewdog_${reviewdog_version}_Linux_x86_64.tar.gz" \
+&& tar xf "reviewdog_${reviewdog_version}_Linux_x86_64.tar.gz" \
+&& mv reviewdog /usr/local/bin/reviewdog
+
+WORKDIR /app
+
+# php-cs-fixer throws an incompatibility error when PHP 8.4 is used, this flag prevents that behaviour
+ENV PHP_CS_FIXER_IGNORE_ENV=1
+
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

docker/reviewdog/entrypoint.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# TODO add in at a later time
+#fix          - automatically fix coding style when possible (WILL ATTEMPT TO FIX ALL FILES, NOT ONLY THOSE CHANGED)
+
+help=$(cat <<'EOQ'
+all          - run checks for all files (DEFAULT)
+pull-request - run checks for the latest changes (based on diff and pull request branch) - for CI use
+...          - all other unknown arguments are passed to reviewdog
+EOQ
+)
+
+fix=0
+reviewdog_args='-filter-mode=nofilter'
+
+for arg in "$@"; do
+    if [ "$arg" = "help" ]; then
+      echo "$help"; exit 0;
+    elif [ "$arg" = "fix" ]; then
+      fix=1
+    elif [ "$arg" = "pull-request" ]; then
+      reviewdog_args='-diff="git diff FETCH_HEAD" -reporter=github-pr-check'
+    else
+      reviewdog_args="$reviewdog_args $arg"
+    fi
+done
+
+reviewdog_args="$reviewdog_args"
+echo reviewdog $reviewdog_args >&2
+exec reviewdog $reviewdog_args

docs/partials/readme.configuration.md

@@ -29,6 +29,7 @@
 | github<br>features<br>wiki `boolean` |false| Enable Wiki tab.|
 | github<br>features<br>issues `boolean` |false| Enable issues tab.|
 | github<br>features<br>projects `boolean` |false| Enable projects tab.|
+| reviewdog<br>platforms `array` |-| A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external tool we can use to assure code quality during review.&nbsp; Accepted values:`php`,`twig`,||
 | devcontainer<br>custom_docker_compose_yaml `boolean` |false| When enabled the compose file located at .devcontainer/docker-compose.yaml will no longer get automatically updated. Allowing users to customize their docker-compose setup.|
 | devcontainer<br>postCreateCommand `string` |-| Additional (shell) commands to run when the containers is created. For a typical project you would specify commands that only need to run once when the project is setup. For example you might add a command in here to load database fixtures for your project.|
 | devcontainer<br>postStartCommand `string` |-| Additional (shell) commands to run when the container is started. This event takes place after the create event, but opposed to the create event it's triggered every time the container is started (including when it's resumed from a suspended state). In a typical JavaScript application you might set it to run a `npm run dev` or equivalent step.|

repo.schema.yaml

@@ -194,6 +194,23 @@ properties:
             type: boolean
             default: false
 
+  reviewdog:
+    type: object
+    description: Reviewdog configuration. Used during repo-ansible/reviewdog container execution
+    additionalProperties: false
+    properties:
+      platforms:
+        description: >
+          A broad way to categorize programming languages, libraries, and frameworks, and for which we have an external
+          tool we can use to assure code quality during review.
+        type: array
+        default: []
+        items:
+          type: string
+          enum:
+            - php
+            - twig
+
   php:
     type: object
     description: PHP specific values

tasks/migrations/migration-v0.9.3.yaml

@@ -0,0 +1,10 @@
+- name: remove QA configuration files generated unconditionally
+  ansible.builtin.file:
+    path: "{{ repo_path }}/{{ item }}"
+    state: absent
+  loop:
+    - .twigcs.yaml
+    - .yamllint.yaml
+    - .reviewdog.yaml
+    - php-cs-fixer.dist.php
+    - phpstan.neon

tasks/php-qa.yaml

@@ -1,8 +1,3 @@
-- name: Check if directory exists
-  stat:
-    path: "{{ repo_path + '/.github/' }}"
-  register: directory_exists
-
 - name: Ensure composer-unused.php is absent
   ansible.builtin.file:
     path: "{{ repo_path + '/composer-unused.php' }}"
@@ -13,28 +8,40 @@
 #  ansible.builtin.template:
 #    src: "{{ './templates/php-qa/composer-unused.php.j2' }}"
 #    dest: "{{ repo_path + '/composer-unused.php' }}"
+- when: enable_reviewdog
+  block:
+  - name: Generate .reviewdog.yaml
+    ansible.builtin.template:
+      src: "{{ './templates/php-qa/reviewdog.yaml.j2' }}"
+      dest: "{{ repo_path + '/.reviewdog.yaml' }}"
 
-- name: Generate .php-cs-fixer.dist.php file
-  ansible.builtin.template:
-    src: "{{ './templates/php-qa/php-cs-fixer.dist.php.j2' }}"
-    dest: "{{ repo_path + '/.php-cs-fixer.dist.php' }}"
-
-- name: Generate phpstan.neon file
-  ansible.builtin.template:
-    src: "{{ './templates/php-qa/phpstan.neon.j2' }}"
-    dest: "{{ repo_path + '/phpstan.neon' }}"
+  - when: "'php' in repo.reviewdog.platforms"
+    block:
+    - name: Generate .php-cs-fixer.dist.php
+      ansible.builtin.template:
+        src: ./templates/php-qa/php-cs-fixer.dist.php.j2
+        dest: "{{ repo_path }}/.php-cs-fixer.dist.php"
 
-- name: Generate reviewdog.yaml for GitHub actions file
-  ansible.builtin.template:
-    src: "{{ './templates/php-qa/reviewdog.yaml.j2' }}"
-    dest: "{{ repo_path + '/.reviewdog.yaml' }}"
+    - name: gitignore .php-cs-fixer.cache
+      ansible.builtin.blockinfile:
+        path: "{{ repo_path }}/.gitignore"
+        create: yes # file if missing
+        state: present
+        marker: "# {mark} repo-ansible reviewdog php"
+        block: |
+          .php-cs-fixer.cache
 
-- name: Generate yamllint.yaml file
-  ansible.builtin.template:
-    src: "{{ './templates/php-qa/yamllint.yaml.j2' }}"
-    dest: "{{ repo_path + '/.yamllint.yaml' }}"
+    - name: Generate phpstan.neon
+      ansible.builtin.template:
+        src: ./templates/php-qa/phpstan.neon.j2
+        dest: "{{ repo_path }}/phpstan.neon"
 
-- name: Generate twigcs.yaml file
-  ansible.builtin.template:
-    src: "{{ './templates/php-qa/twigcs.yaml.j2' }}"
-    dest: "{{ repo_path + '/.twigcs.yaml' }}"
+  - when: "'twig' in repo.reviewdog.platforms"
+    name: gitignore .twig-cs-fixer.cache
+    ansible.builtin.blockinfile:
+      path: "{{ repo_path }}/.gitignore"
+      create: yes # file if missing
+      state: present
+      marker: "# {mark} repo-ansible reviewdog twig"
+      block: |
+        .twig-cs-fixer.cache

tasks/retrieve-validate-repo-data.yaml

@@ -1,14 +1,18 @@
-- name: merge repo.yaml data with defaults
+- name: read repo.yaml data with defaults
   ansible.builtin.command: "./library/repo_data.py '{{ repo_path }}/repo.yaml'"
   register: repo_data
   changed_when: false
 
-- name: 'set variables: repo, criteria, repo_managed'
+- name: "set variables: repo, criteria, repo_managed"
   ansible.builtin.set_fact:
     repo: "{{ repo_data.stdout | from_json }}"
     criteria: "{{ lookup('ansible.builtin.file', './repo.schema.yaml') | from_yaml }}"
     repo_managed: 'Managed by https://github.com/linkorb/repo-ansible. Manual changes will be overwritten.'
 
+- name: set other global variables
+  ansible.builtin.set_fact:
+    enable_reviewdog: "{{ repo.reviewdog.platforms|length > 0 }}"
+
 - name: validate repo config in json format using jsonschema by passing plugin configuration variable as key/value pairs
   ansible.builtin.set_fact:
     config_validity: "{{ repo|ansible.utils.validate(criteria, engine='ansible.utils.jsonschema', draft='draft7') }}"

templates/.github/workflows/10-review.yaml.j2

@@ -53,6 +53,16 @@ jobs:
           excludeTitle: 'true' # optional: this excludes the title of a pull request
           checkAllCommitMessages: 'true' # optional: this checks all commits associated with a pull request
           accessToken: ${{ secrets.GITHUB_TOKEN }} # github access token is only required if checkAllCommitMessages is true
+{% if enable_reviewdog %}
+  code-quality:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: latest repo-ansible/reviewdog container
+        run: docker pull ghcr.io/linkorb/repo-ansible/reviewdog:latest
+      - name: run reviewdog checks
+        run: docker run --rm -v "$PWD":/app:z ghcr.io/linkorb/repo-ansible/reviewdog:latest pull-request
+{% endif %}
 {% if workflow_group in followup_workflows %}
 {% for followup_workflow in followup_workflows[workflow_group] %}
 

templates/php-qa/reviewdog.yaml.j2

@@ -1,27 +1,21 @@
-# .reviewdog.yml
 # {{ repo_managed }}
-# Configure the tools
 runner:
+{% if 'php' in repo.reviewdog.platforms %}
   phpstan:
+    name: phpstan
     cmd: phpstan analyze --configuration=phpstan.neon --error-format=checkstyle --memory-limit=-1
-    format: checkstyle # format to be parsed by reviewdog
-    name: phpstan # output in logs
+    format: checkstyle
     level: error
 
   php-cs-fixer:
     name: php-cs-fixer
     cmd: php-cs-fixer fix --dry-run --diff .php-cs-fixer.dist.php --ansi --format checkstyle
     format: checkstyle
     level: error
-
-  yamllint:
-    name: yamllint
-    cmd: yamllint -c .yamllint.yaml . --format "parsable"
-    errorformat:
-      - "%f:%l:%c: %m"
-    level: error
-
-  twigcs:
-    cmd: "twigcs **/*.twig --reporter checkstyle"
+{% endif %}
+{% if 'twig' in repo.reviewdog.platforms %}
+  twig-cs-fixer:
+    cmd: "twig-cs-fixer --report=checkstyle"
     format: checkstyle
-    level: "warning"
+    level: error
+{% endif %}