From 2f2e1cd6dd65afea6eb3e03c900a56e3411caffd Mon Sep 17 00:00:00 2001 From: John Bampton Date: Thu, 17 Dec 2020 11:55:48 +1000 Subject: [PATCH] feat(CI): add a GitHub Action to lint the YAML - add a `.yamllint` config file - lint some YAML --- .github/dependabot.yml | 8 +-- .github/workflows/codeql-analysis.yml | 56 ++++++++++----------- .github/workflows/gitleaks.yml | 18 +++---- .github/workflows/lint.yml | 7 +++ .github/workflows/markdown-link-checker.yml | 12 ++--- .yamllint | 8 +++ api/conf/conf.yaml | 6 +-- api/test/docker-deploy/docker-compose.yaml | 4 +- api/test/docker/apisix_config.yaml | 24 ++++----- api/test/docker/docker-compose.yaml | 4 +- api/test/docker/manager-api-conf.yaml | 5 +- 11 files changed, 83 insertions(+), 69 deletions(-) create mode 100644 .yamllint diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 4e5e45b9b5..d183b6d0ad 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,12 +10,12 @@ updates: schedule: interval: "daily" - - package-ecosystem: "npm" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "npm" # See documentation for possible values + directory: "/" # Location of package manifests schedule: interval: "daily" - - package-ecosystem: "gomod" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "gomod" # See documentation for possible values + directory: "/" # Location of package manifests schedule: interval: "daily" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 133705ea5d..04e2699f01 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ master ] + branches: [master] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [master] schedule: - cron: '18 23 * * 0' @@ -28,40 +28,40 @@ jobs: strategy: fail-fast: false matrix: - language: [ 'go', 'javascript' ] + language: ['go', 'javascript'] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] # Learn more: # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed steps: - - name: Checkout repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v2 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 - # โ„น๏ธ Command-line programs to run using the OS shell. - # ๐Ÿ“š https://git.io/JvXDl + # โ„น๏ธ Command-line programs to run using the OS shell. + # ๐Ÿ“š https://git.io/JvXDl - # โœ๏ธ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # โœ๏ธ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language - #- run: | - # make bootstrap - # make release + # - run: | + # make bootstrap + # make release - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml index 29fe5becf1..ad9fd414c2 100644 --- a/.github/workflows/gitleaks.yml +++ b/.github/workflows/gitleaks.yml @@ -14,12 +14,12 @@ jobs: gitleaks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - with: - fetch-depth: '1' - - name: wget - uses: wei/wget@v1.1.1 - with: - args: -O .gitleaks.toml https://raw.githubusercontent.com/ycjcl868/gitleaks/master/.gitleaks.toml - - name: gitleaks-action - uses: zricethezav/gitleaks-action@master + - uses: actions/checkout@v2 + with: + fetch-depth: '1' + - name: wget + uses: wei/wget@v1.1.1 + with: + args: -O .gitleaks.toml https://raw.githubusercontent.com/ycjcl868/gitleaks/master/.gitleaks.toml + - name: gitleaks-action + uses: zricethezav/gitleaks-action@master diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 3a283bb613..618187fc66 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,3 +14,10 @@ jobs: node-version: '12.x' - run: npm install -g markdownlint-cli@0.25.0 - run: markdownlint '**/*.md' --ignore node_modules + yamllint: + name: ๐Ÿ YAML + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: ๐Ÿงน YAML Lint + uses: ibiqlik/action-yamllint@v3 diff --git a/.github/workflows/markdown-link-checker.yml b/.github/workflows/markdown-link-checker.yml index c89a81e32a..a1604f3827 100644 --- a/.github/workflows/markdown-link-checker.yml +++ b/.github/workflows/markdown-link-checker.yml @@ -6,9 +6,9 @@ jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - check-modified-files-only: 'yes' + - uses: actions/checkout@master + - uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: + use-quiet-mode: 'yes' + use-verbose-mode: 'yes' + check-modified-files-only: 'yes' diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000000..8a9f034306 --- /dev/null +++ b/.yamllint @@ -0,0 +1,8 @@ +--- + +extends: default + +rules: + document-start: false + line-length: false + truthy: false diff --git a/api/conf/conf.yaml b/api/conf/conf.yaml index c3d6760ec3..75e1c27311 100644 --- a/api/conf/conf.yaml +++ b/api/conf/conf.yaml @@ -22,8 +22,8 @@ conf: etcd: endpoints: # supports defining multiple etcd host addresses for an etcd cluster - 127.0.0.1:2379 - - # etcd basic auth info + # yamllint disable rule:comments-indentation + # etcd basic auth info # username: "root" # ignore etcd username if not enable etcd auth # password: "123456" # ignore etcd password if not enable etcd auth log: @@ -43,7 +43,7 @@ authentication: # NOTE: Highly recommended to modify this value to protect `manager api`. # if it's default value, when `manager api` start , it will generate a random string to replace it. expire_time: 3600 # jwt token expire time, in second - users: + users: # yamllint enable rule:comments-indentation - username: admin # username and password for login `manager api` password: admin - username: user diff --git a/api/test/docker-deploy/docker-compose.yaml b/api/test/docker-deploy/docker-compose.yaml index 39e91d6eaf..8f7e8000f0 100644 --- a/api/test/docker-deploy/docker-compose.yaml +++ b/api/test/docker-deploy/docker-compose.yaml @@ -62,5 +62,5 @@ networks: ipam: driver: default config: - - - subnet: 172.16.238.0/24 + - + subnet: 172.16.238.0/24 diff --git a/api/test/docker/apisix_config.yaml b/api/test/docker/apisix_config.yaml index 540cacd23f..4758397686 100644 --- a/api/test/docker/apisix_config.yaml +++ b/api/test/docker/apisix_config.yaml @@ -18,26 +18,26 @@ # in this file. For example if you want to specify the etcd address: # etcd: - host: - - "http://172.16.238.10:2379" - - "http://172.16.238.11:2379" - - "http://172.16.238.12:2379" + host: + - "http://172.16.238.10:2379" + - "http://172.16.238.11:2379" + - "http://172.16.238.12:2379" apisix: admin_key: - - name: "admin" - key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please - # update it when you deploy to production environment - role: admin + name: "admin" # yamllint disable rule:comments-indentation + key: edd1c9f034335f136f87ad84b625c8f1 # using fixed API token has security risk, please + # update it when you deploy to production environment + role: admin # yamllint enable rule:comments-indentation - allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow + allow_admin: # http://nginx.org/en/docs/http/ngx_http_access_module.html#allow - 0.0.0.0/0 # If we don't set any IP list, then any IP access is allowed by default. ssl: - enable: true - ssl_cert: "/usr/local/apisix/certs/apisix.crt" - ssl_cert_key: "/usr/local/apisix/certs/apisix.key" + enable: true + ssl_cert: "/usr/local/apisix/certs/apisix.crt" + ssl_cert_key: "/usr/local/apisix/certs/apisix.key" nginx_config: error_log_level: "debug" diff --git a/api/test/docker/docker-compose.yaml b/api/test/docker/docker-compose.yaml index e17405685d..410a078a72 100644 --- a/api/test/docker/docker-compose.yaml +++ b/api/test/docker/docker-compose.yaml @@ -203,5 +203,5 @@ networks: ipam: driver: default config: - - - subnet: 172.16.238.0/24 + - + subnet: 172.16.238.0/24 diff --git a/api/test/docker/manager-api-conf.yaml b/api/test/docker/manager-api-conf.yaml index 3e9c9f0ffa..ee1f78398b 100644 --- a/api/test/docker/manager-api-conf.yaml +++ b/api/test/docker/manager-api-conf.yaml @@ -26,7 +26,7 @@ conf: - 172.16.238.11:2379 - 172.16.238.12:2379 log: - error_log: + error_log: # yamllint disable rule:comments-indentation level: warn # supports levels, lower to higher: debug, info, warn, error, panic, fatal file_path: logs/error.log # supports relative path, absolute path, standard output # such as: logs/error.log, /tmp/logs/error.log, /dev/stdout, /dev/stderr @@ -35,9 +35,8 @@ authentication: # *NOTE*: Highly recommended to modify this value to protect `manager api`. # if it's default value, when `manager api` start , it will generate a random string to replace it. expire_time: 3600 # jwt token expire time, in second - users: + users: # yamllint enable rule:comments-indentation - username: admin # username and password for login `manager api` password: admin - username: user password: user -