From e6d2c4e30e6f97dda82e94b249a16b96138b7d75 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Thu, 22 Aug 2024 19:48:57 +0200 Subject: [PATCH] refactor(lefthook): slice config file into dedicated config files --- .commitlintrc.js | 6 ++- .gitignore | 1 + .lefthook.yml | 95 ++++++----------------------------------- Makefile | 6 ++- lefthook/ansible.yml | 32 ++++++++++++++ lefthook/commitlint.yml | 28 ++++++++++++ lefthook/docker.yml | 22 ++++++++++ lefthook/json.yml | 24 +++++++++++ lefthook/kics.yml | 20 +++++++++ lefthook/markdown.yml | 27 ++++++++++++ lefthook/yaml.yml | 43 +++++++++++++++++++ package.json | 2 +- requirements.txt | 2 +- 13 files changed, 223 insertions(+), 85 deletions(-) create mode 100644 lefthook/ansible.yml create mode 100644 lefthook/commitlint.yml create mode 100644 lefthook/docker.yml create mode 100644 lefthook/json.yml create mode 100644 lefthook/kics.yml create mode 100644 lefthook/markdown.yml create mode 100644 lefthook/yaml.yml diff --git a/.commitlintrc.js b/.commitlintrc.js index 28fe5c5..e4a28e0 100644 --- a/.commitlintrc.js +++ b/.commitlintrc.js @@ -1 +1,5 @@ -module.exports = {extends: ['@commitlint/config-conventional']} +module.exports = { + extends: [ + '@commitlint/config-conventional' + ] +} diff --git a/.gitignore b/.gitignore index 5f034ab..fb65048 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ /node_modules/ /package-lock.json +venv/ .venv/ __pycache__/ diff --git a/.lefthook.yml b/.lefthook.yml index b47836c..60a160c 100644 --- a/.lefthook.yml +++ b/.lefthook.yml @@ -6,104 +6,37 @@ skip_output: - skips +extends: + - lefthook/ansible.yml + - lefthook/commitlint.yml + - lefthook/docker.yml + - lefthook/json.yml + - lefthook/kics.yml + - lefthook/markdown.yml + - lefthook/yaml.yml + + bootstrap: parallel: true commands: - commitlint: - run: npm install --save-dev '@commitlint/cli' '@commitlint/config-conventional' venv: run: make create-venv debug: parallel: true - commands: - commitlint-config: - glob: '.commitlintrc.js' - run: node_modules/.bin/commitlint --print-config - lint: parallel: true - commands: - ansible: &ansible-lint - files: find . -type f -path "*ansible*" -not -path "*venv*" - glob: '*.{yaml,yml}' - run: .venv/bin/ansible-lint {files} - docker: &hadolint - # The official docker image is based on scratch and only takes only one - # input file at a time. I have no clue how to fix that for now so let's - # just use the local command. - glob: "*Dockerfile*" - run: hadolint {all_files} - # ini: &pyinilint # FIXME - # run: pyinilint 'file' - md: &markdownlint - files: >- - find . -type 'f' - \( -name '*.md' -or -name '*.markdown' \) - -not \( -path '*/node_modules/*' -or -path '*/venv/*' \) - run: >- - docker run --rm -v "$PWD:/workdir" 'ghcr.io/igorshubovych/markdownlint-cli:latest' - {files} - yaml: &yamllint - glob: "*.{yaml,yml}" - run: >- - docker run --rm -v "$PWD:/code" 'registry.gitlab.com/pipeline-components/yamllint:latest' - yamllint {all_files} + # commands: + # ini: &pyinilint # FIXME + # run: pyinilint 'file' validate: parallel: true commands: - ansible-playbook: &ansible-playbook-syntax-check + ansible-playbook: glob: "*ansible*/play*.{yaml,yml}" - run: .venv/bin/ansible-playbook -i localhost, --syntax-check {all_files} - json: &jq - # No official docker image available for now, falling back to the local - # command. - glob: '*.json' - run: jq -r 'input_filename' {all_files} - yaml: &yq - # Python's one, not mikefarah's. - # No official docker image available for now, falling back to the local - # command. - glob: '*.{yaml,yml}' - run: >- - echo '{all_files}' - | xargs -t .venv/bin/yq '.' pre-commit: parallel: true - commands: - validate-json: - <<: *jq - run: jq -r 'input_filename' {staged_files} - validate-yaml: - <<: *yq - run: >- - .venv/bin/yq '.' {staged_files} > /dev/null - && echo 'All YAML files are readable' - validate-ansible-playbooks: - <<: *ansible-playbook-syntax-check - lint-ansible: - <<: *ansible-lint - lint-docker: - <<: *hadolint - run: hadolint {staged_files} - lint-md: - glob: '*.{markdown,md}' - run: >- - docker run --rm -v "$PWD:/workdir" 'ghcr.io/igorshubovych/markdownlint-cli:latest' - {staged_files} - lint-yaml: - <<: *yamllint - run: >- - docker run --rm -v "$PWD:/code" 'registry.gitlab.com/pipeline-components/yamllint:latest' - yamllint {staged_files} - -commit-msg: - commands: - lint: &commitlint - # No official docker image available for now, falling back to the local - # command. - run: node_modules/.bin/commitlint --edit diff --git a/Makefile b/Makefile index 506bef9..dc00154 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,11 @@ override venv ?= ${shell git rev-parse --show-toplevel}/.venv create-venv: override python_version ?= 3.11 -create-venv: override python_executable ?= ${shell which --tty-only --show-dot --show-tilde 'python${python_version}'} +ifeq "${shell uname}" "Darwin" +create-venv: python_executable = ${shell which 'python${python_version}'} +else +create-venv: python_executable = ${shell which --tty-only --show-dot --show-tilde 'python${python_version}'} +endif create-venv: ${python_executable} @${python_executable} -m 'venv' '${venv}' @${venv}/bin/pip --require-virtualenv install -r 'requirements.txt' diff --git a/lefthook/ansible.yml b/lefthook/ansible.yml new file mode 100644 index 0000000..5547252 --- /dev/null +++ b/lefthook/ansible.yml @@ -0,0 +1,32 @@ +--- +# No official docker images are available at the time of writing, falling back to the local command. + + +bootstrap: + commands: + ansible-lint: + run: >- + python3 -m 'venv' '.venv' + && .venv/bin/pip install --require-virtualenv 'ansible-lint' + +lint: + commands: + ansible: &ansible-lint + files: find . -type f -path "*ansible*" -not -path "*venv*" + glob: '*.{yaml,yml}' + run: .venv/bin/ansible-lint {files} + +validate: + commands: + ansible-playbook: &ansible-playbook-syntax-check + glob: "*.{yaml,yml}" + run: .venv/bin/ansible-playbook -i 'localhost,' --syntax-check {all_files} + + +pre-commit: + commands: + lint-ansible: + <<: *ansible-lint + validate-ansible: + <<: *ansible-playbook-syntax-check + run: .venv/bin/ansible-playbook -i 'localhost,' --syntax-check {staged_files} diff --git a/lefthook/commitlint.yml b/lefthook/commitlint.yml new file mode 100644 index 0000000..88652c3 --- /dev/null +++ b/lefthook/commitlint.yml @@ -0,0 +1,28 @@ +--- +# No official docker images are available at the time of writing, falling back to the local command. + + +bootstrap: + commands: + commitlint: + run: |- + npm install --save-dev '@commitlint/cli' '@commitlint/config-conventional' + cat < '.commitlintrc.js' + module.exports = { + extends: [ + '@commitlint/config-conventional' + ] + } + EOF + +debug: + commands: + commitlint-config: + glob: '.commitlintrc.js' + run: node_modules/.bin/commitlint --print-config + + +commit-msg: + commands: + lint: &commitlint + run: node_modules/.bin/commitlint --edit diff --git a/lefthook/docker.yml b/lefthook/docker.yml new file mode 100644 index 0000000..a2e587e --- /dev/null +++ b/lefthook/docker.yml @@ -0,0 +1,22 @@ +--- +# Hadolint's official docker image is based on 'scratch', and takes only one input file at a time. +# I have no clue how to fix that at the time of writing so let's just use the local command. + + +bootstrap: + commands: + hadolint: + run: brew install 'hadolint' + +lint: + commands: + docker: &hadolint + glob: "*[Dd]ockerfile*" + run: hadolint {all_files} + + +pre-commit: + commands: + lint-docker: + <<: *hadolint + run: hadolint {staged_files} diff --git a/lefthook/json.yml b/lefthook/json.yml new file mode 100644 index 0000000..49c6a14 --- /dev/null +++ b/lefthook/json.yml @@ -0,0 +1,24 @@ +--- + + +bootstrap: + commands: + jq: + run: docker pull 'ghcr.io/jqlang/jq' + +validate: + commands: + json: &jq + glob: '*.json' + run: >- + docker run -i --rm -v "${PWD}:/workdir:ro" --workdir '/workdir' 'ghcr.io/jqlang/jq' + -r 'input_filename' {all_files} + + +pre-commit: + commands: + validate-json: + <<: *jq + run: >- + docker run -i --rm -v "${PWD}:/workdir:ro" --workdir '/workdir' 'ghcr.io/jqlang/jq' + -r 'input_filename' {staged_files} diff --git a/lefthook/kics.yml b/lefthook/kics.yml new file mode 100644 index 0000000..3ab8acc --- /dev/null +++ b/lefthook/kics.yml @@ -0,0 +1,20 @@ +--- + + +bootstrap: + commands: + kics: + run: docker pull 'checkmarx/kics' + +check-compliance: + commands: + kics: &kics + run: >- + docker run --rm --name 'kics' -v "$PWD:/app/bin/repository" 'checkmarx/kics' + scan -p 'repository' + + +pre-commit: + commands: + check-compliance: + <<: *kics diff --git a/lefthook/markdown.yml b/lefthook/markdown.yml new file mode 100644 index 0000000..fa21b78 --- /dev/null +++ b/lefthook/markdown.yml @@ -0,0 +1,27 @@ +--- + + +bootstrap: + commands: + markdownlint: + run: docker pull 'ghcr.io/igorshubovych/markdownlint-cli:latest' + +lint: + commands: + md: &markdownlint + files: >- + find . -type 'f' + \( -name '*.md' -or -name '*.markdown' \) + -not \( -path '*/node_modules/*' -or -path '*/*venv/*' \) + run: >- + docker run --rm -v "$PWD:/workdir:ro" 'ghcr.io/igorshubovych/markdownlint-cli:latest' + {files} + + +pre-commit: + commands: + lint-md: + glob: '*.{markdown,md}' + run: >- + docker run --rm -v "$PWD:/workdir:ro" 'ghcr.io/igorshubovych/markdownlint-cli:latest' + {staged_files} diff --git a/lefthook/yaml.yml b/lefthook/yaml.yml new file mode 100644 index 0000000..b0a39da --- /dev/null +++ b/lefthook/yaml.yml @@ -0,0 +1,43 @@ +--- +# Using the 'yq' flavour available from Python's Pipy, not mikefarah's. +# No official docker images are available for 'yq' at the time of writing, falling back to the local command. + + +bootstrap: + commands: + yamllint: + run: docker pull 'registry.gitlab.com/pipeline-components/yamllint:latest' + yq: + run: >- + python3 -m 'venv' '.venv' + && .venv/bin/pip install --require-virtualenv 'yq' + +lint: + commands: + yaml: &yamllint + glob: '*.{yaml,yml}' + run: >- + docker run --rm -v "$PWD:/code:ro" 'registry.gitlab.com/pipeline-components/yamllint:latest' + yamllint {all_files} + +validate: + commands: + yaml: &yq + glob: '*.{yaml,yml}' + run: >- + echo '{all_files}' + | xargs -t .venv/bin/yq '.' + + +pre-commit: + commands: + validate-yaml: + <<: *yq + run: >- + .venv/bin/yq '.' {staged_files} > /dev/null + && echo 'All YAML files are readable' + lint-yaml: + <<: *yamllint + run: >- + docker run --rm -v "$PWD:/code:ro" 'registry.gitlab.com/pipeline-components/yamllint:latest' + yamllint {staged_files} diff --git a/package.json b/package.json index a968875..983a257 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "devDependencies": { - "@commitlint/cli": "^19.3.0", + "@commitlint/cli": "^19.4.0", "@commitlint/config-conventional": "^19.2.2" } } diff --git a/requirements.txt b/requirements.txt index d1acb6e..1f7b13b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -ansible==10.1.0 +ansible==10.3.0 ansible-lint==24.7.0 click==8.1.7 pyinilint==0.17