From 64e6204fc4ff1d91ad29514b07bfb50a433971e6 Mon Sep 17 00:00:00 2001 From: iggy Date: Mon, 15 Jul 2024 23:46:58 +0000 Subject: [PATCH] [MegaLinter] Apply linters fixes --- megalinter-reports/IDE-config.txt | 196 +++++++ megalinter-reports/IDE-config/.bandit.yml | 302 +++++++++++ megalinter-reports/IDE-config/.checkov.yml | 6 + megalinter-reports/IDE-config/.devskim.json | 3 + megalinter-reports/IDE-config/.flake8 | 3 + megalinter-reports/IDE-config/.gitleaks.toml | 21 + megalinter-reports/IDE-config/.grype.yaml | 151 ++++++ megalinter-reports/IDE-config/.hadolint.yaml | 6 + .../IDE-config/.idea/externalDependencies.xml | 8 + megalinter-reports/IDE-config/.isort.cfg | 8 + .../IDE-config/.markdown-link-check.json | 5 + .../IDE-config/.markdownlint.json | 16 + megalinter-reports/IDE-config/.mypy.ini | 4 + megalinter-reports/IDE-config/.pylintrc | 470 +++++++++++++++++ megalinter-reports/IDE-config/.ruff.toml | 1 + .../IDE-config/.secretlintrc.json | 7 + megalinter-reports/IDE-config/.yamllint.yml | 19 + megalinter-reports/IDE-config/pyproject.toml | 2 + .../linters_logs/SUCCESS-BASH_EXEC.log | 6 + .../linters_logs/SUCCESS-BASH_SHELLCHECK.log | 5 + .../linters_logs/SUCCESS-BASH_SHFMT.log | 5 + .../SUCCESS-DOCKERFILE_HADOLINT.log | 5 + .../SUCCESS-MARKDOWN_MARKDOWNLINT.log | 5 + .../SUCCESS-MARKDOWN_MARKDOWN_LINK_CHECK.log | 5 + ...CESS-MARKDOWN_MARKDOWN_TABLE_FORMATTER.log | 5 + .../linters_logs/SUCCESS-PYTHON_BANDIT.log | 5 + .../linters_logs/SUCCESS-PYTHON_BLACK.log | 5 + .../linters_logs/SUCCESS-PYTHON_FLAKE8.log | 5 + .../linters_logs/SUCCESS-PYTHON_ISORT.log | 5 + .../linters_logs/SUCCESS-PYTHON_MYPY.log | 5 + .../linters_logs/SUCCESS-PYTHON_RUFF.log | 5 + .../SUCCESS-REPOSITORY_DUSTILOCK.log | 5 + .../SUCCESS-REPOSITORY_GITLEAKS.log | 5 + .../SUCCESS-REPOSITORY_GIT_DIFF.log | 5 + .../linters_logs/SUCCESS-REPOSITORY_GRYPE.log | 5 + .../SUCCESS-REPOSITORY_SECRETLINT.log | 5 + .../linters_logs/SUCCESS-REPOSITORY_SYFT.log | 5 + .../linters_logs/SUCCESS-REPOSITORY_TRIVY.log | 5 + .../SUCCESS-REPOSITORY_TRIVY_SBOM.log | 5 + .../SUCCESS-REPOSITORY_TRUFFLEHOG.log | 5 + .../linters_logs/SUCCESS-YAML_PRETTIER.log | 5 + .../linters_logs/SUCCESS-YAML_V8R.log | 5 + .../linters_logs/SUCCESS-YAML_YAMLLINT.log | 5 + .../WARNING-ACTION_ACTIONLINT.log | 11 + .../linters_logs/WARNING-PYTHON_PYLINT.log | 10 + .../linters_logs/WARNING-PYTHON_PYRIGHT.log | 42 ++ .../WARNING-REPOSITORY_CHECKOV.log | 32 ++ .../WARNING-REPOSITORY_DEVSKIM.log | 8 + .../linters_logs/WARNING-REPOSITORY_KICS.log | 116 ++++ megalinter-reports/megalinter.log | 495 ++++++++++++++++++ .../updated_sources/scripts/check_updates.sh | 48 ++ scripts/check_updates.sh | 64 +-- 52 files changed, 2148 insertions(+), 32 deletions(-) create mode 100644 megalinter-reports/IDE-config.txt create mode 100644 megalinter-reports/IDE-config/.bandit.yml create mode 100644 megalinter-reports/IDE-config/.checkov.yml create mode 100644 megalinter-reports/IDE-config/.devskim.json create mode 100644 megalinter-reports/IDE-config/.flake8 create mode 100644 megalinter-reports/IDE-config/.gitleaks.toml create mode 100644 megalinter-reports/IDE-config/.grype.yaml create mode 100644 megalinter-reports/IDE-config/.hadolint.yaml create mode 100644 megalinter-reports/IDE-config/.idea/externalDependencies.xml create mode 100644 megalinter-reports/IDE-config/.isort.cfg create mode 100644 megalinter-reports/IDE-config/.markdown-link-check.json create mode 100644 megalinter-reports/IDE-config/.markdownlint.json create mode 100644 megalinter-reports/IDE-config/.mypy.ini create mode 100644 megalinter-reports/IDE-config/.pylintrc create mode 100644 megalinter-reports/IDE-config/.ruff.toml create mode 100644 megalinter-reports/IDE-config/.secretlintrc.json create mode 100644 megalinter-reports/IDE-config/.yamllint.yml create mode 100644 megalinter-reports/IDE-config/pyproject.toml create mode 100644 megalinter-reports/linters_logs/SUCCESS-BASH_EXEC.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-BASH_SHELLCHECK.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-BASH_SHFMT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-DOCKERFILE_HADOLINT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWNLINT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_LINK_CHECK.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_TABLE_FORMATTER.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_BANDIT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_BLACK.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_FLAKE8.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_ISORT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_MYPY.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-PYTHON_RUFF.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_DUSTILOCK.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GITLEAKS.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GIT_DIFF.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GRYPE.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SECRETLINT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SYFT.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY_SBOM.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRUFFLEHOG.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-YAML_PRETTIER.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-YAML_V8R.log create mode 100644 megalinter-reports/linters_logs/SUCCESS-YAML_YAMLLINT.log create mode 100644 megalinter-reports/linters_logs/WARNING-ACTION_ACTIONLINT.log create mode 100644 megalinter-reports/linters_logs/WARNING-PYTHON_PYLINT.log create mode 100644 megalinter-reports/linters_logs/WARNING-PYTHON_PYRIGHT.log create mode 100644 megalinter-reports/linters_logs/WARNING-REPOSITORY_CHECKOV.log create mode 100644 megalinter-reports/linters_logs/WARNING-REPOSITORY_DEVSKIM.log create mode 100644 megalinter-reports/linters_logs/WARNING-REPOSITORY_KICS.log create mode 100644 megalinter-reports/megalinter.log create mode 100755 megalinter-reports/updated_sources/scripts/check_updates.sh diff --git a/megalinter-reports/IDE-config.txt b/megalinter-reports/IDE-config.txt new file mode 100644 index 0000000..846ce98 --- /dev/null +++ b/megalinter-reports/IDE-config.txt @@ -0,0 +1,196 @@ +MegaLinter can help you to define the same linter configuration locally + +INSTRUCTIONS + +- Copy the content of IDE-config folder at the root of your repository +- if you are using Visual Studio Code, just reopen your project after the copy, and you will be prompted to install recommended extensions +- If not, you can install extensions manually using the following links. + +IDE EXTENSIONS APPLICABLE TO YOUR PROJECT + +shellcheck (BASH) + - atom: + - linter-shellcheck: https://github.com/AtomLinter/linter-shellcheck + - emacs: + - flycheck: https://github.com/flycheck/flycheck + - flymake-shellcheck: https://github.com/federicotdn/flymake-shellcheck + - sublime: + - SublimeLinter-shellcheck: https://github.com/SublimeLinter/SublimeLinter-shellcheck + - vim: + - ale: https://github.com/w0rp/ale + - neomake: https://github.com/neomake/neomake + - syntastic: https://github.com/scrooloose/syntastic + - vscode: + - vscode-shellcheck: https://marketplace.visualstudio.com/items?itemName=timonwong.shellcheck + +shfmt (BASH) + - atom: + - format-shell: https://atom.io/packages/format-shell + - emacs: + - emacs-shfmt: https://github.com/purcell/emacs-shfmt/ + - idea: + - shell-scripts: https://www.jetbrains.com/help/idea/shell-scripts.html + - micro: + - micro: https://micro-editor.github.io/ + - sublime: + - Sublime-Pretty-Shell: https://github.com/aerobounce/Sublime-Pretty-Shell + - vim: + - vim-shfmt: https://github.com/z0mbix/vim-shfmt + - vscode: + - shell-format: https://marketplace.visualstudio.com/items?itemName=foxundermoon.shell-format + +hadolint (DOCKERFILE) + - atom: + - linter-hadolint: https://atom.io/packages/linter-hadolint + - vscode: + - hadolint: https://marketplace.visualstudio.com/items?itemName=exiasr.hadolint + +markdownlint (MARKDOWN) + - atom: + - linter-node-markdownlint: https://atom.io/packages/linter-node-markdownlint + - sublime: + - SublimeLinter-contrib-markdownlint: https://packagecontrol.io/packages/SublimeLinter-contrib-markdownlint + - vim: + - coc-markdownlint: https://github.com/fannheyward/coc-markdownlint + - vscode: + - vscode-markdownlint: https://marketplace.visualstudio.com/items/DavidAnson.vscode-markdownlint + +markdown-table-formatter (MARKDOWN) + - vscode: + - Markdown Table Prettify Extension: https://github.com/darkriszty/MarkdownTablePrettify-VSCodeExt + +bandit (PYTHON) + - atom: + - bandit-lint: https://atom.io/packages/bandit-lint + - sublime: + - SublimeLinter-bandit: https://github.com/SublimeLinter/SublimeLinter-bandit + - vscode: + - Native Support: https://code.visualstudio.com/docs/python/linting#_bandit + +black (PYTHON) + - atom: + - python-black: https://atom.io/packages/python-black + - emacs: + - blacken: https://github.com/pythonic-emacs/blacken + - reformatter.el: https://github.com/purcell/reformatter.el + - elpy: https://github.com/jorgenschaefer/elpy + - idea: + - black: https://black.readthedocs.io/en/stable/integrations/editors.html#pycharm-intellij-idea + - sublime: + - sublack: https://github.com/jgirardet/sublack + - vscode: + - VSCode Python Extension: https://marketplace.visualstudio.com/items?itemName=ms-python.python + +flake8 (PYTHON) + - atom: + - linter-flake8: https://atom.io/packages/linter-flake8 + - idea: + - flake8-support: https://plugins.jetbrains.com/plugin/11563-flake8-support + - vscode: + - Native Support: https://code.visualstudio.com/docs/python/linting#_flake8 + +isort (PYTHON) + - atom: + - atom-python-isort: https://github.com/bh/atom-python-isort + - atom-isort: https://atom.io/packages/atom-isort + - emacs: + - py-isort.el: https://github.com/paetzke/py-isort.el + - vim: + - ale: https://github.com/w0rp/ale + - vim-isort: https://github.com/fisadev/vim-isort#installation + - vscode: + - VSCode Python Extension: https://github.com/Microsoft/vscode-python + +mypy (PYTHON) + - atom: + - linter-mypy: https://atom.io/packages/linter-mypy + - emacs: + - Flycheck mypy: https://github.com/lbolla/emacs-flycheck-mypy + - idea: + - mypy-official: https://plugins.jetbrains.com/plugin/13348-mypy-official-/ + - sublime: + - SublimeLinter-contrib-mypy: https://github.com/fredcallaway/SublimeLinter-contrib-mypy + - vim: + - Ale: https://github.com/dense-analysis/ale + - Syntastic: https://github.com/vim-syntastic/syntastic + - vscode: + - Mypy: https://marketplace.visualstudio.com/items?itemName=matangover.mypy + +pylint (PYTHON) + - eclipse: + - PyLint: https://pydev.org/manual_adv_pylint.html + - idea: + - PyCharm (Native Support): https://www.jetbrains.com/pycharm/ + - visual_studio: + - Native Support: https://docs.microsoft.com/fr-fr/visualstudio/python/linting-python-code?view=vs-2019 + - vscode: + - Native Support: https://code.visualstudio.com/docs/python/linting#_pylint + +pyright (PYTHON) + - emacs: + - LSP-pyright: https://github.com/emacs-lsp/lsp-pyright + - sublime: + - LSP-pyright: https://packagecontrol.io/packages/LSP-pyright + - vim: + - Ale: https://github.com/dense-analysis/ale + - coc-pyright: https://github.com/fannheyward/coc-pyright + - vscode: + - PyRight: https://marketplace.visualstudio.com/items?itemName=ms-pyright.pyright + +ruff (PYTHON) + - idea: + - Ruff: https://plugins.jetbrains.com/plugin/20574-ruff + - vscode: + - Ruff: https://marketplace.visualstudio.com/items?itemName=charliermarsh.ruff + +checkov (REPOSITORY) + - vscode: + - Checkov: https://marketplace.visualstudio.com/items?itemName=Bridgecrew.checkov + +devskim (REPOSITORY) + - vscode: + - VSCode DevSkim: https://marketplace.visualstudio.com/items?itemName=MS-CST-E.vscode-devskim + +trivy (REPOSITORY) + - vscode: + - VSCode Trivy: https://marketplace.visualstudio.com/items?itemName=AquaSecurityOfficial.trivy-vulnerability-scanner + +trivy-sbom (REPOSITORY) + - vscode: + - VSCode Trivy: https://marketplace.visualstudio.com/items?itemName=AquaSecurityOfficial.trivy-vulnerability-scanner + +prettier (YAML) + - atom: + - prettier-atom: https://github.com/prettier/prettier-atom + - atom-mprettier: https://github.com/t9md/atom-mprettier + - atom-miniprettier: https://github.com/duailibe/atom-miniprettier + - emacs: + - prettier-emacs: https://github.com/prettier/prettier-emacs + - prettier.el: https://github.com/jscheid/prettier.el + - apheleia: https://github.com/raxod502/apheleia + - idea: + - Prettier: https://plugins.jetbrains.com/plugin/10456-prettier + - sublime: + - JsPrettier: https://packagecontrol.io/packages/JsPrettier + - vim: + - vim-prettier: https://github.com/prettier/vim-prettier + - visual_studio: + - JavaScriptPrettier: https://github.com/madskristensen/JavaScriptPrettier + - vscode: + - prettier-vscode: https://marketplace.visualstudio.com/items?itemName=esbenp.prettier-vscode + +v8r (YAML) + - eclipse: + - native support: https://www.eclipse.org/ + - idea: + - native support: https://www.jetbrains.com/products/#type=ide + - vim: + - vison: https://github.com/Quramy/vison + - vscode: + - native support: https://code.visualstudio.com/ + +yamllint (YAML) + - emacs: + - flycheck: https://github.com/krzysztof-magosa/flycheck-yamllint + - vim: + - ale: https://github.com/w0rp/ale diff --git a/megalinter-reports/IDE-config/.bandit.yml b/megalinter-reports/IDE-config/.bandit.yml new file mode 100644 index 0000000..667e49d --- /dev/null +++ b/megalinter-reports/IDE-config/.bandit.yml @@ -0,0 +1,302 @@ +any_other_function_with_shell_equals_true: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +assert_used: + skips: [] +hardcoded_tmp_directory: + tmp_dirs: + - /tmp + - /var/tmp + - /dev/shm +linux_commands_wildcard_injection: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +ssl_with_bad_defaults: + bad_protocol_versions: + - PROTOCOL_SSLv2 + - SSLv2_METHOD + - SSLv23_METHOD + - PROTOCOL_SSLv3 + - PROTOCOL_TLSv1 + - SSLv3_METHOD + - TLSv1_METHOD +ssl_with_bad_version: + bad_protocol_versions: + - PROTOCOL_SSLv2 + - SSLv2_METHOD + - SSLv23_METHOD + - PROTOCOL_SSLv3 + - PROTOCOL_TLSv1 + - SSLv3_METHOD + - TLSv1_METHOD +start_process_with_a_shell: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +start_process_with_no_shell: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +start_process_with_partial_path: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +subprocess_popen_with_shell_equals_true: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +subprocess_without_shell_equals_true: + no_shell: + - os.execl + - os.execle + - os.execlp + - os.execlpe + - os.execv + - os.execve + - os.execvp + - os.execvpe + - os.spawnl + - os.spawnle + - os.spawnlp + - os.spawnlpe + - os.spawnv + - os.spawnve + - os.spawnvp + - os.spawnvpe + - os.startfile + shell: + - os.system + - os.popen + - os.popen2 + - os.popen3 + - os.popen4 + - popen2.popen2 + - popen2.popen3 + - popen2.popen4 + - popen2.Popen3 + - popen2.Popen4 + - commands.getoutput + - commands.getstatusoutput + subprocess: + - subprocess.Popen + - subprocess.call + - subprocess.check_call + - subprocess.check_output + - subprocess.run +try_except_continue: + check_typed_exception: false +try_except_pass: + check_typed_exception: false +weak_cryptographic_key: + weak_key_size_dsa_high: 1024 + weak_key_size_dsa_medium: 2048 + weak_key_size_ec_high: 160 + weak_key_size_ec_medium: 224 + weak_key_size_rsa_high: 1024 + weak_key_size_rsa_medium: 2048 diff --git a/megalinter-reports/IDE-config/.checkov.yml b/megalinter-reports/IDE-config/.checkov.yml new file mode 100644 index 0000000..5f8d74a --- /dev/null +++ b/megalinter-reports/IDE-config/.checkov.yml @@ -0,0 +1,6 @@ +# You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file +quiet: true +skip-check: + - CKV_DOCKER_2 + + diff --git a/megalinter-reports/IDE-config/.devskim.json b/megalinter-reports/IDE-config/.devskim.json new file mode 100644 index 0000000..5124f89 --- /dev/null +++ b/megalinter-reports/IDE-config/.devskim.json @@ -0,0 +1,3 @@ +{ + "Globs": ["**/.git/**", "**/megalinter-reports/**"] +} diff --git a/megalinter-reports/IDE-config/.flake8 b/megalinter-reports/IDE-config/.flake8 new file mode 100644 index 0000000..e0ea542 --- /dev/null +++ b/megalinter-reports/IDE-config/.flake8 @@ -0,0 +1,3 @@ +[flake8] +max-line-length = 88 +extend-ignore = E203 \ No newline at end of file diff --git a/megalinter-reports/IDE-config/.gitleaks.toml b/megalinter-reports/IDE-config/.gitleaks.toml new file mode 100644 index 0000000..6e3de8c --- /dev/null +++ b/megalinter-reports/IDE-config/.gitleaks.toml @@ -0,0 +1,21 @@ + +title = "gitleaks config" + +[extend] +# useDefault will extend the base configuration with the default gitleaks config: +# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml +useDefault = true + +[allowlist] + description = "Allowlisted files" + paths = [ + '''.automation/test''', + '''megalinter-reports''', + '''.github/linters''', + '''node_modules''', + '''.mypy_cache''', + '''(.*?)gitleaks\.toml$''', + '''(?i)(.*?)(png|jpeg|jpg|gif|doc|docx|pdf|bin|xls|xlsx|pyc|zip)$''', + '''(go.mod|go.sum)$'''] + + diff --git a/megalinter-reports/IDE-config/.grype.yaml b/megalinter-reports/IDE-config/.grype.yaml new file mode 100644 index 0000000..8ba6649 --- /dev/null +++ b/megalinter-reports/IDE-config/.grype.yaml @@ -0,0 +1,151 @@ +# enable/disable checking for application updates on startup +# same as GRYPE_CHECK_FOR_APP_UPDATE env var +# check-for-app-update: true + +# allows users to specify which image source should be used to generate the sbom +# valid values are: registry, docker, podman +# same as GRYPE_DEFAULT_IMAGE_PULL_SOURCE env var +# default-image-pull-source: "" + +# same as --name; set the name of the target being analyzed +# name: "" + +# upon scanning, if a severity is found at or above the given severity then the return code will be 1 +# default is unset which will skip this validation (options: negligible, low, medium, high, critical) +# same as --fail-on ; GRYPE_FAIL_ON_SEVERITY env var +fail-on-severity: "high" + +# the output format of the vulnerability report (options: table, json, cyclonedx) +# same as -o ; GRYPE_OUTPUT env var +# output: "table" + +# suppress all output (except for the vulnerability list) +# same as -q ; GRYPE_QUIET env var +# quiet: false + +# write output report to a file (default is to write to stdout) +# same as --file; GRYPE_FILE env var +# file: "" + +# a list of globs to exclude from scanning, for example: +# exclude: +# - '/etc/**' +# - './out/**/*.json' +# same as --exclude ; GRYPE_EXCLUDE env var +# exclude: [] + +# os and/or architecture to use when referencing container images (e.g. "windows/armv6" or "arm64") +# same as --platform; GRYPE_PLATFORM env var +# platform: "" + +# If using SBOM input, automatically generate CPEs when packages have none +# add-cpes-if-none: false + +# Explicitly specify a linux distribution to use as : like alpine:3.10 +# distro: + +# external-sources: +# enable: false +# maven: +# search-upstream-by-sha1: true +# base-url: https://search.maven.org/solrsearch/select + +# db: + # check for database updates on execution + # same as GRYPE_DB_AUTO_UPDATE env var + # auto-update: true + + # location to write the vulnerability database cache + # same as GRYPE_DB_CACHE_DIR env var + # cache-dir: "$XDG_CACHE_HOME/grype/db" + + # URL of the vulnerability database + # same as GRYPE_DB_UPDATE_URL env var + # update-url: "https://toolbox-data.anchore.io/grype/databases/listing.json" + + # it ensures db build is no older than the max-allowed-built-age + # set to false to disable check + # validate-age: true + + # Max allowed age for vulnerability database, + # age being the time since it was built + # Default max age is 120h (or five days) + # max-allowed-built-age: "120h" + +# search: + # the search space to look for packages (options: all-layers, squashed) + # same as -s ; GRYPE_SEARCH_SCOPE env var + # scope: "squashed" + + # search within archives that do contain a file index to search against (zip) + # note: for now this only applies to the java package cataloger + # same as GRYPE_PACKAGE_SEARCH_INDEXED_ARCHIVES env var + # indexed-archives: true + + # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) + # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed + # note: for now this only applies to the java package cataloger + # same as GRYPE_PACKAGE_SEARCH_UNINDEXED_ARCHIVES env var + # unindexed-archives: false + +# options when pulling directly from a registry via the "registry:" scheme +# registry: + # skip TLS verification when communicating with the registry + # same as GRYPE_REGISTRY_INSECURE_SKIP_TLS_VERIFY env var + # insecure-skip-tls-verify: false + # use http instead of https when connecting to the registry + # same as GRYPE_REGISTRY_INSECURE_USE_HTTP env var + # insecure-use-http: false + + # credentials for specific registries + # auth: + # - # the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) + # same as GRYPE_REGISTRY_AUTH_AUTHORITY env var + # authority: "" + # same as GRYPE_REGISTRY_AUTH_USERNAME env var + # username: "" + # same as GRYPE_REGISTRY_AUTH_PASSWORD env var + # password: "" + # note: token and username/password are mutually exclusive + # same as GRYPE_REGISTRY_AUTH_TOKEN env var + # token: "" + # - ... # note, more credentials can be provided via config file only + +# log: + # use structured logging + # same as GRYPE_LOG_STRUCTURED env var + # structured: false + + # the log level; note: detailed logging suppress the ETUI + # same as GRYPE_LOG_LEVEL env var + # Uses logrus logging levels: https://github.com/sirupsen/logrus#level-logging + # level: "error" + + # location to write the log file (default is not to have a log file) + # same as GRYPE_LOG_FILE env var + # file: "" + +# match: + # sets the matchers below to use cpes when trying to find + # vulnerability matches. The stock matcher is the default + # when no primary matcher can be identified + # java: + # using-cpes: true + # python: + # using-cpes: true + # javascript: + # using-cpes: true + # ruby: + # using-cpes: true + # dotnet: + # using-cpes: true + # golang: + # using-cpes: true + # stock: + # using-cpes: true + +ignore: + + # Ignored by default; disputed and unwarranted CVE that causes Megalinter to fail + # @link https://nvd.nist.gov/vuln/detail/CVE-2018-20225 + - vulnerability: CVE-2018-20225 diff --git a/megalinter-reports/IDE-config/.hadolint.yaml b/megalinter-reports/IDE-config/.hadolint.yaml new file mode 100644 index 0000000..4c62277 --- /dev/null +++ b/megalinter-reports/IDE-config/.hadolint.yaml @@ -0,0 +1,6 @@ +--- +########################## +## Hadolint config file ## +########################## +ignored: + - DL3018 diff --git a/megalinter-reports/IDE-config/.idea/externalDependencies.xml b/megalinter-reports/IDE-config/.idea/externalDependencies.xml new file mode 100644 index 0000000..8d6ad5b --- /dev/null +++ b/megalinter-reports/IDE-config/.idea/externalDependencies.xml @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/megalinter-reports/IDE-config/.isort.cfg b/megalinter-reports/IDE-config/.isort.cfg new file mode 100644 index 0000000..aea6856 --- /dev/null +++ b/megalinter-reports/IDE-config/.isort.cfg @@ -0,0 +1,8 @@ +[settings] +profile= + +; vertical hanging indent mode also used in black configuration +multi_line_output = 3 + +; necessary because black expect the trailing comma +include_trailing_comma = true diff --git a/megalinter-reports/IDE-config/.markdown-link-check.json b/megalinter-reports/IDE-config/.markdown-link-check.json new file mode 100644 index 0000000..00bcdf4 --- /dev/null +++ b/megalinter-reports/IDE-config/.markdown-link-check.json @@ -0,0 +1,5 @@ +{ + "retryOn429": true, + "retryCount": 5, + "aliveStatusCodes": [ 200, 203 ] +} diff --git a/megalinter-reports/IDE-config/.markdownlint.json b/megalinter-reports/IDE-config/.markdownlint.json new file mode 100644 index 0000000..3ffa116 --- /dev/null +++ b/megalinter-reports/IDE-config/.markdownlint.json @@ -0,0 +1,16 @@ +{ + "MD004": false, + "MD007": { + "indent": 2 + }, + "MD013": { + "line_length": 400 + }, + "MD026": { + "punctuation": ".,;:!。,;:" + }, + "MD029": false, + "MD033": false, + "MD036": false, + "blank_lines": false +} diff --git a/megalinter-reports/IDE-config/.mypy.ini b/megalinter-reports/IDE-config/.mypy.ini new file mode 100644 index 0000000..dd1ccba --- /dev/null +++ b/megalinter-reports/IDE-config/.mypy.ini @@ -0,0 +1,4 @@ +# Global options: + +[mypy] +ignore_missing_imports = True diff --git a/megalinter-reports/IDE-config/.pylintrc b/megalinter-reports/IDE-config/.pylintrc new file mode 100644 index 0000000..6e05e42 --- /dev/null +++ b/megalinter-reports/IDE-config/.pylintrc @@ -0,0 +1,470 @@ +[MASTER] +errors-only= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist= + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. +jobs=1 + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Specify a configuration file. +#rcfile= + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" +# disable= + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[REPORTS] + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio).You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Activate the evaluation score. +score=no + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=optparse.Values,sys.exit + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis. It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + + +[BASIC] + +# Naming style matching correct argument names +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style +#argument-rgx= + +# Naming style matching correct attribute names +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Naming style matching correct class attribute names +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style +#class-attribute-rgx= + +# Naming style matching correct class names +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming-style +#class-rgx= + +# Naming style matching correct constant names +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma +good-names=i, + j, + k, + ex, + Run, + _ + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Naming style matching correct inline iteration names +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style +#inlinevar-rgx= + +# Naming style matching correct method names +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style +#method-rgx= + +# Naming style matching correct module names +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +property-classes=abc.abstractproperty + +# Naming style matching correct variable names +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style +#variable-rgx= + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module +max-module-lines=1000 + +# List of optional constructs for which whitespace checking is disabled. `dict- +# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}. +# `trailing-comma` allows a space between comma and closing bracket: (a, ). +# `empty-line` allows space-only lines. +# no-space-check=trailing-comma, dict-separator # Deprecated since pylint 2.6 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in a if statement +max-bool-expr=5 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of statements in function / method body +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[IMPORTS] + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub, + TERMIOS, + Bastion, + rexec + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=builtins.Exception diff --git a/megalinter-reports/IDE-config/.ruff.toml b/megalinter-reports/IDE-config/.ruff.toml new file mode 100644 index 0000000..903c5a7 --- /dev/null +++ b/megalinter-reports/IDE-config/.ruff.toml @@ -0,0 +1 @@ +line-length = 88 diff --git a/megalinter-reports/IDE-config/.secretlintrc.json b/megalinter-reports/IDE-config/.secretlintrc.json new file mode 100644 index 0000000..c9bad1c --- /dev/null +++ b/megalinter-reports/IDE-config/.secretlintrc.json @@ -0,0 +1,7 @@ +{ + "rules": [ + { + "id": "@secretlint/secretlint-rule-preset-recommend" + } + ] + } \ No newline at end of file diff --git a/megalinter-reports/IDE-config/.yamllint.yml b/megalinter-reports/IDE-config/.yamllint.yml new file mode 100644 index 0000000..764bc64 --- /dev/null +++ b/megalinter-reports/IDE-config/.yamllint.yml @@ -0,0 +1,19 @@ +--- +########################################### +# These are the rules used for # +# linting all the yaml files in the stack # +# NOTE: # +# You can disable line with: # +# # yamllint disable-line # +########################################### +extends: default +rules: + braces: + max-spaces-inside: 1 + new-lines: + level: warning + type: unix + line-length: + max: 500 + comments: + min-spaces-from-content: 1 # Used to follow prettier standard: https://github.com/prettier/prettier/pull/10926 diff --git a/megalinter-reports/IDE-config/pyproject.toml b/megalinter-reports/IDE-config/pyproject.toml new file mode 100644 index 0000000..c6862f3 --- /dev/null +++ b/megalinter-reports/IDE-config/pyproject.toml @@ -0,0 +1,2 @@ +[tool.black] +# line-length = 88 diff --git a/megalinter-reports/linters_logs/SUCCESS-BASH_EXEC.log b/megalinter-reports/linters_logs/SUCCESS-BASH_EXEC.log new file mode 100644 index 0000000..06fc70c --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-BASH_EXEC.log @@ -0,0 +1,6 @@ +Results of bash-exec linter (version 5.2.26) +See documentation on https://megalinter.io/7.13.0/descriptors/bash_bash_exec/ +----------------------------------------------- + +✅ [SUCCESS] entrypoint.sh +✅ [SUCCESS] scripts/check_updates.sh diff --git a/megalinter-reports/linters_logs/SUCCESS-BASH_SHELLCHECK.log b/megalinter-reports/linters_logs/SUCCESS-BASH_SHELLCHECK.log new file mode 100644 index 0000000..05fa85a --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-BASH_SHELLCHECK.log @@ -0,0 +1,5 @@ +Results of shellcheck linter (version 0.10.0) +See documentation on https://megalinter.io/7.13.0/descriptors/bash_shellcheck/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-BASH_SHFMT.log b/megalinter-reports/linters_logs/SUCCESS-BASH_SHFMT.log new file mode 100644 index 0000000..9281256 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-BASH_SHFMT.log @@ -0,0 +1,5 @@ +Results of shfmt linter (version 3.8.0) +See documentation on https://megalinter.io/7.13.0/descriptors/bash_shfmt/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-DOCKERFILE_HADOLINT.log b/megalinter-reports/linters_logs/SUCCESS-DOCKERFILE_HADOLINT.log new file mode 100644 index 0000000..c266877 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-DOCKERFILE_HADOLINT.log @@ -0,0 +1,5 @@ +Results of hadolint linter (version 2.12.0) +See documentation on https://megalinter.io/7.13.0/descriptors/dockerfile_hadolint/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWNLINT.log b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWNLINT.log new file mode 100644 index 0000000..e707fc0 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWNLINT.log @@ -0,0 +1,5 @@ +Results of markdownlint linter (version 0.41.0) +See documentation on https://megalinter.io/7.13.0/descriptors/markdown_markdownlint/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_LINK_CHECK.log b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_LINK_CHECK.log new file mode 100644 index 0000000..6447fd9 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_LINK_CHECK.log @@ -0,0 +1,5 @@ +Results of markdown-link-check linter (version 3.12.2) +See documentation on https://megalinter.io/7.13.0/descriptors/markdown_markdown_link_check/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_TABLE_FORMATTER.log b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_TABLE_FORMATTER.log new file mode 100644 index 0000000..46e6665 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-MARKDOWN_MARKDOWN_TABLE_FORMATTER.log @@ -0,0 +1,5 @@ +Results of markdown-table-formatter linter (version 1.6.1) +See documentation on https://megalinter.io/7.13.0/descriptors/markdown_markdown_table_formatter/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_BANDIT.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_BANDIT.log new file mode 100644 index 0000000..41cb6a5 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_BANDIT.log @@ -0,0 +1,5 @@ +Results of bandit linter (version 1.7.9) +See documentation on https://megalinter.io/7.13.0/descriptors/python_bandit/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_BLACK.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_BLACK.log new file mode 100644 index 0000000..16b9fbd --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_BLACK.log @@ -0,0 +1,5 @@ +Results of black linter (version 24.4.2) +See documentation on https://megalinter.io/7.13.0/descriptors/python_black/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_FLAKE8.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_FLAKE8.log new file mode 100644 index 0000000..ddc4d08 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_FLAKE8.log @@ -0,0 +1,5 @@ +Results of flake8 linter (version 7.1.0) +See documentation on https://megalinter.io/7.13.0/descriptors/python_flake8/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_ISORT.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_ISORT.log new file mode 100644 index 0000000..d80994a --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_ISORT.log @@ -0,0 +1,5 @@ +Results of isort linter (version 5.13.2) +See documentation on https://megalinter.io/7.13.0/descriptors/python_isort/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_MYPY.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_MYPY.log new file mode 100644 index 0000000..c04bed3 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_MYPY.log @@ -0,0 +1,5 @@ +Results of mypy linter (version 1.10.1) +See documentation on https://megalinter.io/7.13.0/descriptors/python_mypy/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-PYTHON_RUFF.log b/megalinter-reports/linters_logs/SUCCESS-PYTHON_RUFF.log new file mode 100644 index 0000000..157338c --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-PYTHON_RUFF.log @@ -0,0 +1,5 @@ +Results of ruff linter (version 0.5.1) +See documentation on https://megalinter.io/7.13.0/descriptors/python_ruff/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_DUSTILOCK.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_DUSTILOCK.log new file mode 100644 index 0000000..343666b --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_DUSTILOCK.log @@ -0,0 +1,5 @@ +Results of dustilock linter (version 1.2.0) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_dustilock/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GITLEAKS.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GITLEAKS.log new file mode 100644 index 0000000..5fc40e1 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GITLEAKS.log @@ -0,0 +1,5 @@ +Results of gitleaks linter (version 8.18.4) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_gitleaks/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GIT_DIFF.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GIT_DIFF.log new file mode 100644 index 0000000..d1a16c7 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GIT_DIFF.log @@ -0,0 +1,5 @@ +Results of git_diff linter (version 2.45.2) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_git_diff/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GRYPE.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GRYPE.log new file mode 100644 index 0000000..e23701e --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_GRYPE.log @@ -0,0 +1,5 @@ +Results of grype linter (version 0.79.2) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_grype/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SECRETLINT.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SECRETLINT.log new file mode 100644 index 0000000..e641f96 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SECRETLINT.log @@ -0,0 +1,5 @@ +Results of secretlint linter (version 8.2.4) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_secretlint/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SYFT.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SYFT.log new file mode 100644 index 0000000..e3f5f7f --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_SYFT.log @@ -0,0 +1,5 @@ +Results of syft linter (version 1.8.0) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_syft/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY.log new file mode 100644 index 0000000..ebbce24 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY.log @@ -0,0 +1,5 @@ +Results of trivy linter (version 0.53.0) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_trivy/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY_SBOM.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY_SBOM.log new file mode 100644 index 0000000..74b0e5e --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRIVY_SBOM.log @@ -0,0 +1,5 @@ +Results of trivy-sbom linter (version 0.53.0) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_trivy_sbom/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRUFFLEHOG.log b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRUFFLEHOG.log new file mode 100644 index 0000000..4f59f74 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-REPOSITORY_TRUFFLEHOG.log @@ -0,0 +1,5 @@ +Results of trufflehog linter (version 3.79.0) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_trufflehog/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-YAML_PRETTIER.log b/megalinter-reports/linters_logs/SUCCESS-YAML_PRETTIER.log new file mode 100644 index 0000000..c11e06c --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-YAML_PRETTIER.log @@ -0,0 +1,5 @@ +Results of prettier linter (version 3.3.2) +See documentation on https://megalinter.io/7.13.0/descriptors/yaml_prettier/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-YAML_V8R.log b/megalinter-reports/linters_logs/SUCCESS-YAML_V8R.log new file mode 100644 index 0000000..ac2b403 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-YAML_V8R.log @@ -0,0 +1,5 @@ +Results of v8r linter (version 3.1.0) +See documentation on https://megalinter.io/7.13.0/descriptors/yaml_v8r/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/SUCCESS-YAML_YAMLLINT.log b/megalinter-reports/linters_logs/SUCCESS-YAML_YAMLLINT.log new file mode 100644 index 0000000..6916ec2 --- /dev/null +++ b/megalinter-reports/linters_logs/SUCCESS-YAML_YAMLLINT.log @@ -0,0 +1,5 @@ +Results of yamllint linter (version 1.35.1) +See documentation on https://megalinter.io/7.13.0/descriptors/yaml_yamllint/ +----------------------------------------------- + +✅ [SUCCESS] for workspace /github/workspace diff --git a/megalinter-reports/linters_logs/WARNING-ACTION_ACTIONLINT.log b/megalinter-reports/linters_logs/WARNING-ACTION_ACTIONLINT.log new file mode 100644 index 0000000..23ddb95 --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-ACTION_ACTIONLINT.log @@ -0,0 +1,11 @@ +Results of actionlint linter (version 1.7.1) +See documentation on https://megalinter.io/7.13.0/descriptors/action_actionlint/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: +.github/workflows/build.yaml:49:9: shellcheck reported issue in this script: SC2044:warning:3:12: For loops over find output are fragile. Use find -exec or a while read loop [shellcheck] + | +49 | run: | + | ^~~~ + diff --git a/megalinter-reports/linters_logs/WARNING-PYTHON_PYLINT.log b/megalinter-reports/linters_logs/WARNING-PYTHON_PYLINT.log new file mode 100644 index 0000000..1a6450b --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-PYTHON_PYLINT.log @@ -0,0 +1,10 @@ +Results of pylint linter (version 3.2.5) +See documentation on https://megalinter.io/7.13.0/descriptors/python_pylint/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: +************* Module utils +checkers/utils.py:3:0: E0401: Unable to import 'requests' (import-error) +checkers/utils.py:6:0: E0401: Unable to import 'packaging' (import-error) + diff --git a/megalinter-reports/linters_logs/WARNING-PYTHON_PYRIGHT.log b/megalinter-reports/linters_logs/WARNING-PYTHON_PYRIGHT.log new file mode 100644 index 0000000..966d8d8 --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-PYTHON_PYRIGHT.log @@ -0,0 +1,42 @@ +Results of pyright linter (version 1.1.370) +See documentation on https://megalinter.io/7.13.0/descriptors/python_pyright/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: + +added 1 package, and audited 2 packages in 4s + +found 0 vulnerabilities +checkers/utils.py + checkers/utils.py:24:14 - error: Cannot access attribute "get" for class "str" +   Attribute "get" is unknown (reportAttributeAccessIssue) + checkers/utils.py:24:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + checkers/utils.py:26:38 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + checkers/utils.py:31:37 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + checkers/utils.py:34:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + checkers/utils.py:39:12 - error: Expression of type "Version" is incompatible with return type "str" +   "Version" is incompatible with "str" (reportReturnType) + checkers/utils.py:72:12 - error: Expression of type "Version" is incompatible with return type "str" +   "Version" is incompatible with "str" (reportReturnType) +7 errors, 0 warnings, 0 informations +WARNING: there is a new pyright version available (v1.1.370 -> v1.1.371). +Please install the new version or set PYRIGHT_PYTHON_FORCE_VERSION to `latest` + + diff --git a/megalinter-reports/linters_logs/WARNING-REPOSITORY_CHECKOV.log b/megalinter-reports/linters_logs/WARNING-REPOSITORY_CHECKOV.log new file mode 100644 index 0000000..96e366c --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-REPOSITORY_CHECKOV.log @@ -0,0 +1,32 @@ +Results of checkov linter (version 3.2.174) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_checkov/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: +dockerfile scan results: + +Passed checks: 62, Failed checks: 1, Skipped checks: 0 + +Check: CKV2_DOCKER_1: "Ensure that sudo isn't used" + FAILED for resource: /Dockerfile.RUN + File: /Dockerfile:13-13 + Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo.html + + 13 | RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + +github_actions scan results: + +Passed checks: 77, Failed checks: 3, Skipped checks: 0 + +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(build packages) + File: /.github/workflows/build.yaml:0-1 +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(MegaLinter) + File: /.github/workflows/megalinter.yml:26-27 +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(check package versions for upgrades) + File: /.github/workflows/check-package-versions.yaml:0-1 + + diff --git a/megalinter-reports/linters_logs/WARNING-REPOSITORY_DEVSKIM.log b/megalinter-reports/linters_logs/WARNING-REPOSITORY_DEVSKIM.log new file mode 100644 index 0000000..4b1277f --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-REPOSITORY_DEVSKIM.log @@ -0,0 +1,8 @@ +Results of devskim linter (version 1.0.33) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_devskim/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: +{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.33+9dba5c6c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS137138","name":"InsecureUrl","fullDescription":{"text":"Insecure URL: An HTTP-based URL without TLS was detected."},"help":{"text":"Update to an HTTPS-based URL if possible.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md) for guidance on this issue."},"shortDescription":{"text":"An HTTP-based URL without TLS was detected."},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"defaultConfiguration":{"level":"warning"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/atlascloud/aports","revisionId":"266ca8310aebd487a28bea34cbca8e8d3bfad6fe","branch":"(no branch)"}],"results":[{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"scripts/check_updates.sh"},"region":{"startLine":22,"startColumn":3,"endLine":22,"endColumn":8,"charOffset":714,"charLength":5,"snippet":{"text":"FIXME","rendered":{"text":"FIXME","markdown":"`FIXME`"}},"sourceLanguage":"shellscript"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"entrypoint.sh"},"region":{"startLine":4,"startColumn":12,"endLine":4,"endColumn":41,"charOffset":58,"charLength":29,"snippet":{"text":"http://dl-cdn.alpinelinux.org","rendered":{"text":"http://dl-cdn.alpinelinux.org","markdown":"`http://dl-cdn.alpinelinux.org`"}},"sourceLanguage":"shellscript"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":"entrypoint.sh"},"replacements":[{"deletedRegion":{"charOffset":58,"charLength":29},"insertedContent":{"text":"https://dl-cdn.alpinelinux.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/build.yaml"},"region":{"startLine":17,"startColumn":26,"endLine":17,"endColumn":30,"charOffset":290,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]} + diff --git a/megalinter-reports/linters_logs/WARNING-REPOSITORY_KICS.log b/megalinter-reports/linters_logs/WARNING-REPOSITORY_KICS.log new file mode 100644 index 0000000..618fe7b --- /dev/null +++ b/megalinter-reports/linters_logs/WARNING-REPOSITORY_KICS.log @@ -0,0 +1,116 @@ +Results of kics linter (version 2.1.1) +See documentation on https://megalinter.io/7.13.0/descriptors/repository_kics/ +----------------------------------------------- + +❌ [ERROR] for workspace /github/workspace +Linter raw log: + + + + MLLLLLM MLLLLLLLLL LLLLLLL KLLLLLLLLLLLLLLLL LLLLLLLLLLLLLLLLLLLLLLL + MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMML KLMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM MMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM LMMMMMMMMML MMMMMMMK LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM + MMMMMMM MMMMMMMMMLM MMMMMMMK LMMMMMMMM LMMMMMML + MMMMMMMLMMMMMMMML MMMMMMMK MMMMMMML LMMMMMMMMLLLLLLLLLLLLLMLL + MMMMMMMMMMMMMMMM MMMMMMMK MMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMMMMMMMMMMMMM MMMMMMMK MMMMMMM LMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMM KLMMMMMMMMML MMMMMMMK LMMMMMMM MMMMMMMML + MMMMMMM LMMMMMMMMMM MMMMMMMK LMMMMMMMMLL MMMMMMML + MMMMMMM LMMMMMMMMMLL MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM + MMMMMMM MMMMMMMMMMML MMMMMMMK MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM LLMMMMMMMMML MMMMMMMK LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMM MMMMMMMMMML MMMMMMMK KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK + + + + +Scanning with Keeping Infrastructure as Code Secure v2.1.1 + + + + + +Apk Add Using Local Cache Path, Severity: INFO, Results: 1 +Description: When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*' +Platform: Dockerfile +CWE: 459 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/ae9c56a6-3ed1-4ac0-9b54-31267f51151d + + [1]: Dockerfile:13 + + 012: # hadolint ignore=DL3017,DL3018,DL3019 + 013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + 014: # hadolint ignore=DL3017,DL3018,DL3019 + + +Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 4 +Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork. +Platform: CICD +Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9 + + [1]: .github/workflows/check-package-versions.yaml:13 + + 012: steps: + 013: - uses: arduino/setup-task@v2 + 014: with: + + + [2]: .github/workflows/megalinter.yml:45 + + 044: # More info at https://megalinter.io/flavors/ + 045: uses: oxsecurity/megalinter@v7 + 046: env: + + + [3]: .github/workflows/megalinter.yml:72 + + 071: if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_n + 072: uses: peter-evans/create-pull-request@v6 + 073: with: + + + [4]: .github/workflows/megalinter.yml:90 + + 089: if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event. + 090: uses: stefanzweifel/git-auto-commit-action@v4 + 091: with: + + +Healthcheck Instruction Missing, Severity: LOW, Results: 1 +Description: Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working +Platform: Dockerfile +CWE: 710 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/b03a748a-542d-44f4-bb86-9199ab4fd2d5 + + [1]: Dockerfile:4 + + 003: # some dependencies are only in edge, should build for stable releases later too + 004: FROM alpine:edge + 005: + + +Unpinned Package Version in Apk Add, Severity: MEDIUM, Results: 1 +Description: Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes +Platform: Dockerfile +CWE: 1357 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/d3499f6d-1651-41bb-a9a7-de925fea487b + + [1]: Dockerfile:13 + + 012: # hadolint ignore=DL3017,DL3018,DL3019 + 013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + 014: # hadolint ignore=DL3017,DL3018,DL3019 + + + +Results Summary: +CRITICAL: 0 +HIGH: 0 +MEDIUM: 1 +LOW: 5 +INFO: 1 +TOTAL: 7 + + diff --git a/megalinter-reports/megalinter.log b/megalinter-reports/megalinter.log new file mode 100644 index 0000000..edd43bf --- /dev/null +++ b/megalinter-reports/megalinter.log @@ -0,0 +1,495 @@ +---------------------------------------------------------------------------------------------------- +------------------------------------ MegaLinter, by OX Security ------------------------------------ +---------------------------------------------------------------------------------------------------- + - Image Creation Date: 2024-07-06T20:23:56Z + - Image Revision: bacb5f8674e3730b904ca4d20c8bd477bc51b1a7 + - Image Version: v7.13.0 +---------------------------------------------------------------------------------------------------- +The MegaLinter documentation can be found at: + - https://megalinter.io/7.13.0 +---------------------------------------------------------------------------------------------------- +::group::MegaLinter initialization (expand for details) +MegaLinter will analyze workspace [/github/workspace] +GITHUB_REPOSITORY: atlascloud/aports +GITHUB_REF: refs/pull/376/merge +GITHUB_RUN_ID: 9948243923 + + +[Activation] ANSIBLE_ANSIBLE_LINT has been set inactive, as none of these files has been found: ['.ansible-lint'] +[Activation] EDITORCONFIG_EDITORCONFIG_CHECKER has been set inactive, as none of these files has been found: ['.editorconfig'] +[Activation] JAVASCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig'] +[Activation] JSON_NPM_PACKAGE_JSON_LINT has been set inactive, as none of these files has been found: ['package.json'] +[Activation] JSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig'] +[Activation] KUBERNETES_KUBECONFORM has been set inactive, as subdirectory has not been found: kubernetes (set value "any" to always activate) +[Activation] KUBERNETES_HELM has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml'] +[Activation] KUBERNETES_KUBESCAPE has been set inactive, as none of these files has been found: ['Chart.yml', 'Chart.yaml'] +[Activation] REPOSITORY_LS_LINT has been set inactive, as none of these files has been found: ['.ls-lint.yml'] +[SemgrepLinter] Deactivated because no ruleset has been defined +[Activation] SALESFORCE_SFDX_SCANNER_APEX has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate) +[Activation] SALESFORCE_SFDX_SCANNER_AURA has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate) +[Activation] SALESFORCE_SFDX_SCANNER_LWC has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate) +[Activation] SALESFORCE_LIGHTNING_FLOW_SCANNER has been set inactive, as subdirectory has not been found: force-app (set value "any" to always activate) +[Activation] SQL_SQLFLUFF has been set inactive, as none of these files has been found: ['.sqlfluff'] +[Activation] SWIFT_SWIFTLINT has been set inactive, as none of these files has been found: ['.swiftlint.yml'] +[Activation] TSX_ESLINT has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig'] +[Activation] TYPESCRIPT_ES has been set inactive, as none of these files has been found: ['.eslintrc.json', '.eslintrc.yml', '.eslintrc.yaml', '.eslintrc.js', '.eslintrc.cjs', 'package.json:eslintConfig'] +CLOJURE_CLJSTYLE has been disabled in MegaLinter for the following reason: Bug on cljstyle on alpine linux: https://github.com/greglook/cljstyle/issues/104 +JSON_ESLINT_PLUGIN_JSONC has been disabled in MegaLinter for the following reason: Bug in eslint-plugin-jsonc : https://github.com/ota-meshi/eslint-plugin-jsonc/issues/328 +MAKEFILE_CHECKMAKE has been disabled in MegaLinter for the following reason: Security issues: https://github.com/mrtazz/checkmake/issues/99 +MARKDOWN_REMARK_LINT has been disabled in MegaLinter for the following reason: Bug in remark-lint: https://github.com/remarkjs/remark-lint/issues/322 +SQL_SQL_LINT has been disabled in MegaLinter for the following reason: Not maintained anymore, latest release in 2022: https://github.com/joereynolds/sql-lint/issues/262 +SQL_TSQLLINT has been disabled in MegaLinter for the following reason: Security issues not handled: # https://github.com/tsqllint/tsqllint/issues/333 +Skipped linters: ANSIBLE_ANSIBLE_LINT, CLOJURE_CLJSTYLE, COPYPASTE_JSCPD, EDITORCONFIG_EDITORCONFIG_CHECKER, JAVASCRIPT_ES, JAVASCRIPT_PRETTIER, JSON_ESLINT_PLUGIN_JSONC, JSON_NPM_PACKAGE_JSON_LINT, JSX_ESLINT, KUBERNETES_HELM, KUBERNETES_KUBECONFORM, KUBERNETES_KUBESCAPE, MAKEFILE_CHECKMAKE, MARKDOWN_REMARK_LINT, REPOSITORY_LS_LINT, REPOSITORY_SEMGREP, SALESFORCE_LIGHTNING_FLOW_SCANNER, SALESFORCE_SFDX_SCANNER_APEX, SALESFORCE_SFDX_SCANNER_AURA, SALESFORCE_SFDX_SCANNER_LWC, SPELL_CSPELL, SPELL_LYCHEE, SPELL_PROSELINT, SPELL_VALE, SQL_SQLFLUFF, SQL_SQL_LINT, SQL_TSQLLINT, SWIFT_SWIFTLINT, TSX_ESLINT, TYPESCRIPT_ES, TYPESCRIPT_PRETTIER +To receive reports as email, please set variable EMAIL_REPORTER_EMAIL +::endgroup:: +::group::MegaLinter now collects the files to analyse (expand for details) +Listing all files in directory [/github/workspace], then filter with: +- File extensions: , .R, .RMD, .Rmd, .bash, .bicep, .c, .c++, .cc, .cdxml, .clj, .cljc, .cljs, .coffee, .cpp, .cs, .csproj, .css, .cu, .cuh, .cxx, .dart, .dash, .edn, .env, .feature, .go, .gradle, .graphql, .groovy, .gvy, .h, .h++, .hcl, .hh, .hpp, .htm, .html, .hxx, .java, .js, .json, .ksh, .kt, .kts, .lua, .md, .nf, .p6, .php, .pl, .pl6, .pm, .pm6, .pp, .proto, .ps1, .ps1xml, .psd1, .psm1, .psrc, .pssc, .py, .r, .raku, .rakumod, .rakutest, .rb, .rs, .rst, .saas, .scala, .scss, .sh, .smk, .t, .tex, .tf, .ts, .vb, .xml, .xsd, .yaml, .yml +- File names (regex): Containerfile, Dockerfile, Jenkinsfile, Snakefile +- Excluding .gitignored files [2]: .abuild/packages@kws1.com-5f35c485.rsa.pub, .ccache/ccache.conf +Kept [31] files on [68] found files + ++----MATCHING LINTERS-------------------+--------------------------+----------------+------------+ +| Descriptor | Linter | Criteria | Matching files | Format/Fix | ++------------+--------------------------+--------------------------+----------------+------------+ +| PYTHON | pylint | .py | 1 | no | +| PYTHON | black | .py | 1 | yes | +| PYTHON | flake8 | .py | 1 | no | +| PYTHON | isort | .py | 1 | yes | +| PYTHON | bandit | .py | 1 | no | +| PYTHON | mypy | .py | 1 | no | +| PYTHON | pyright | .py | 1 | no | +| PYTHON | ruff | .py | 1 | yes | +| ACTION | actionlint | .yml|.yaml | 3 | no | +| BASH | bash-exec | .sh|.bash|.dash|.ksh | 2 | no | +| BASH | shellcheck | .sh|.bash|.dash|.ksh | 2 | no | +| BASH | shfmt | .sh|.bash|.dash|.ksh | 2 | yes | +| DOCKERFILE | hadolint | Containerfile|Dockerfile | 1 | no | +| MARKDOWN | markdownlint | .md | 1 | yes | +| MARKDOWN | markdown-link-check | .md | 1 | no | +| MARKDOWN | markdown-table-formatter | .md | 1 | yes | +| REPOSITORY | checkov | | project | no | +| REPOSITORY | devskim | | project | no | +| REPOSITORY | dustilock | | project | no | +| REPOSITORY | git_diff | | project | no | +| REPOSITORY | gitleaks | | project | no | +| REPOSITORY | grype | | project | no | +| REPOSITORY | kics | | project | no | +| REPOSITORY | secretlint | | project | no | +| REPOSITORY | syft | | project | no | +| REPOSITORY | trivy | | project | no | +| REPOSITORY | trivy-sbom | | project | no | +| REPOSITORY | trufflehog | | project | no | +| YAML | prettier | .yml|.yaml | 6 | yes | +| YAML | yamllint | .yml|.yaml | 6 | no | +| YAML | v8r | .yml|.yaml | 6 | no | ++------------+--------------------------+--------------------------+----------------+------------+ +::endgroup:: +Processing linters on [4] parallel cores… (can be decreased with variable PARALLEL_PROCESS_NUMBER in case of performance issues) +::group::✅ Linted [BASH] files with [shfmt] successfully - (0.03s) (expand for details) +- Using [shfmt v3.8.0] https://megalinter.io/7.13.0/descriptors/bash_shfmt +- MegaLinter key: [BASH_SHFMT] +- Rules config: identified by [shfmt] +- Number of files analyzed: [2] +::endgroup:: +::group::✅ Linted [MARKDOWN] files with [markdownlint] successfully - (0.31s) (expand for details) +- Using [markdownlint v0.41.0] https://megalinter.io/7.13.0/descriptors/markdown_markdownlint +- MegaLinter key: [MARKDOWN_MARKDOWNLINT] +- Rules config: [.markdownlint.json] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [YAML] files with [prettier] successfully - (0.58s) (expand for details) +- Using [prettier v3.3.2] https://megalinter.io/7.13.0/descriptors/yaml_prettier +- MegaLinter key: [YAML_PRETTIER] +- Rules config: identified by [prettier] +- Number of files analyzed: [6] +::endgroup:: +::group::✅ Linted [PYTHON] files with [black] successfully - (0.65s) (expand for details) +- Using [black v24.4.2] https://megalinter.io/7.13.0/descriptors/python_black +- MegaLinter key: [PYTHON_BLACK] +- Rules config: [pyproject.toml] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [MARKDOWN] files with [markdown-table-formatter] successfully - (0.28s) (expand for details) +- Using [markdown-table-formatter v1.6.1] https://megalinter.io/7.13.0/descriptors/markdown_markdown_table_formatter +- MegaLinter key: [MARKDOWN_MARKDOWN_TABLE_FORMATTER] +- Rules config: identified by [markdown-table-formatter] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [PYTHON] files with [isort] successfully - (0.34s) (expand for details) +- Using [isort v5.13.2] https://megalinter.io/7.13.0/descriptors/python_isort +- MegaLinter key: [PYTHON_ISORT] +- Rules config: [.isort.cfg] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [PYTHON] files with [ruff] successfully - (0.03s) (expand for details) +- Using [ruff v0.5.1] https://megalinter.io/7.13.0/descriptors/python_ruff +- MegaLinter key: [PYTHON_RUFF] +- Rules config: [.ruff.toml] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [MARKDOWN] files with [markdown-link-check] successfully - (0.59s) (expand for details) +- Using [markdown-link-check v3.12.2] https://megalinter.io/7.13.0/descriptors/markdown_markdown_link_check +- MegaLinter key: [MARKDOWN_MARKDOWN_LINK_CHECK] +- Rules config: [.markdown-link-check.json] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [devskim]: Found 3 non blocking error(s) - (1.47s) (expand for details) +- Using [devskim v1.0.33] https://megalinter.io/7.13.0/descriptors/repository_devskim +- MegaLinter key: [REPOSITORY_DEVSKIM] +- Rules config: [.devskim.json] +--Error detail: +{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.6.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"devskim","fullName":"Microsoft DevSkim Command Line Interface","version":"1.0.33+9dba5c6c1f","informationUri":"https://github.com/microsoft/DevSkim/","rules":[{"id":"DS176209","name":"SuspiciousComment","fullDescription":{"text":"Suspicious comment: A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"help":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md) for guidance on this issue."},"shortDescription":{"text":"A \"TODO\" or similar was left in source code, possibly indicating incomplete functionality"},"defaultConfiguration":{"level":"note"},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS176209.md","properties":{"precision":"high","problem.severity":"recommendation","DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"id":"DS137138","name":"InsecureUrl","fullDescription":{"text":"Insecure URL: An HTTP-based URL without TLS was detected."},"help":{"text":"Update to an HTTPS-based URL if possible.","markdown":"Visit [https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md](https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md) for guidance on this issue."},"shortDescription":{"text":"An HTTP-based URL without TLS was detected."},"helpUri":"https://github.com/Microsoft/DevSkim/blob/main/guidance/DS137138.md","properties":{"precision":"high","problem.severity":"warning","DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"defaultConfiguration":{"level":"warning"}}]}},"versionControlProvenance":[{"repositoryUri":"https://github.com/atlascloud/aports","revisionId":"266ca8310aebd487a28bea34cbca8e8d3bfad6fe","branch":"(no branch)"}],"results":[{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"scripts/check_updates.sh"},"region":{"startLine":22,"startColumn":3,"endLine":22,"endColumn":8,"charOffset":714,"charLength":5,"snippet":{"text":"FIXME","rendered":{"text":"FIXME","markdown":"`FIXME`"}},"sourceLanguage":"shellscript"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}},{"ruleId":"DS137138","message":{"text":"Insecure URL"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"entrypoint.sh"},"region":{"startLine":4,"startColumn":12,"endLine":4,"endColumn":41,"charOffset":58,"charLength":29,"snippet":{"text":"http://dl-cdn.alpinelinux.org","rendered":{"text":"http://dl-cdn.alpinelinux.org","markdown":"`http://dl-cdn.alpinelinux.org`"}},"sourceLanguage":"shellscript"}}}],"fixes":[{"description":{"text":"An HTTP-based URL without TLS was detected."},"artifactChanges":[{"artifactLocation":{"uri":"entrypoint.sh"},"replacements":[{"deletedRegion":{"charOffset":58,"charLength":29},"insertedContent":{"text":"https://dl-cdn.alpinelinux.org"}}]}]}],"properties":{"tags":["ThreatModel.Integration.HTTP"],"DevSkimSeverity":"Moderate","DevSkimConfidence":"High"},"level":"warning"},{"ruleId":"DS176209","level":"note","message":{"text":"Suspicious comment"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".github/workflows/build.yaml"},"region":{"startLine":17,"startColumn":26,"endLine":17,"endColumn":30,"charOffset":290,"charLength":4,"snippet":{"text":"TODO","rendered":{"text":"TODO","markdown":"`TODO`"}},"sourceLanguage":"yaml"}}}],"properties":{"tags":["Hygiene.Comment.Suspicious"],"DevSkimSeverity":"ManualReview","DevSkimConfidence":"High"}}],"columnKind":"utf16CodeUnits"}]} + +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [secretlint] successfully - (1.0s) (expand for details) +- Using [secretlint v8.2.4] https://megalinter.io/7.13.0/descriptors/repository_secretlint +- MegaLinter key: [REPOSITORY_SECRETLINT] +- Rules config: [.secretlintrc.json] +::endgroup:: +::group::✅ Linted [PYTHON] files with [pylint]: Found 2 non blocking error(s) - (1.66s) (expand for details) +- Using [pylint v3.2.5] https://megalinter.io/7.13.0/descriptors/python_pylint +- MegaLinter key: [PYTHON_PYLINT] +- Rules config: [.pylintrc] +- Number of files analyzed: [1] +--Error detail: +************* Module utils +checkers/utils.py:3:0: E0401: Unable to import 'requests' (import-error) +checkers/utils.py:6:0: E0401: Unable to import 'packaging' (import-error) + +::endgroup:: +::group::✅ Linted [PYTHON] files with [mypy] successfully - (7.12s) (expand for details) +- Using [mypy v1.10.1] https://megalinter.io/7.13.0/descriptors/python_mypy +- MegaLinter key: [PYTHON_MYPY] +- Rules config: [.mypy.ini] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [PYTHON] files with [pyright]: Found 7 non blocking error(s) - (6.63s) (expand for details) +- Using [pyright v1.1.370] https://megalinter.io/7.13.0/descriptors/python_pyright +- MegaLinter key: [PYTHON_PYRIGHT] +- Rules config: identified by [pyright] +- Number of files analyzed: [1] +--Error detail: + +added 1 package, and audited 2 packages in 4s + +found 0 vulnerabilities +/github/workspace/checkers/utils.py + /github/workspace/checkers/utils.py:24:14 - error: Cannot access attribute "get" for class "str" +   Attribute "get" is unknown (reportAttributeAccessIssue) + /github/workspace/checkers/utils.py:24:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + /github/workspace/checkers/utils.py:26:38 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + /github/workspace/checkers/utils.py:31:37 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + /github/workspace/checkers/utils.py:34:30 - error: Argument of type "Literal['name']" cannot be assigned to parameter "key" of type "SupportsIndex | slice" in function "__getitem__" +   Type "Literal['name']" is incompatible with type "SupportsIndex | slice" +     "Literal['name']" is incompatible with protocol "SupportsIndex" +       "__index__" is not present +     "Literal['name']" is incompatible with "slice" (reportArgumentType) + /github/workspace/checkers/utils.py:39:12 - error: Expression of type "Version" is incompatible with return type "str" +   "Version" is incompatible with "str" (reportReturnType) + /github/workspace/checkers/utils.py:72:12 - error: Expression of type "Version" is incompatible with return type "str" +   "Version" is incompatible with "str" (reportReturnType) +7 errors, 0 warnings, 0 informations +WARNING: there is a new pyright version available (v1.1.370 -> v1.1.371). +Please install the new version or set PYRIGHT_PYTHON_FORCE_VERSION to `latest` + + +::endgroup:: +::group::✅ Linted [YAML] files with [v8r] successfully - (5.75s) (expand for details) +- Using [v8r v3.1.0] https://megalinter.io/7.13.0/descriptors/yaml_v8r +- MegaLinter key: [YAML_V8R] +- Rules config: identified by [v8r] +- Number of files analyzed: [6] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [trivy] successfully - (7.38s) (expand for details) +- Using [trivy v0.53.0] https://megalinter.io/7.13.0/descriptors/repository_trivy +- MegaLinter key: [REPOSITORY_TRIVY] +- Rules config: identified by [trivy] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [trivy-sbom] successfully - (2.05s) (expand for details) +- Using [trivy-sbom v0.53.0] https://megalinter.io/7.13.0/descriptors/repository_trivy_sbom +- MegaLinter key: [REPOSITORY_TRIVY_SBOM] +- Rules config: identified by [trivy-sbom] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [grype] successfully - (17.68s) (expand for details) +- Using [grype v0.79.2] https://megalinter.io/7.13.0/descriptors/repository_grype +- MegaLinter key: [REPOSITORY_GRYPE] +- Rules config: [.grype.yaml] +::endgroup:: +::group::✅ Linted [PYTHON] files with [flake8] successfully - (0.69s) (expand for details) +- Using [flake8 v7.1.0] https://megalinter.io/7.13.0/descriptors/python_flake8 +- MegaLinter key: [PYTHON_FLAKE8] +- Rules config: [.flake8] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [PYTHON] files with [bandit] successfully - (1.2s) (expand for details) +- Using [bandit v1.7.9] https://megalinter.io/7.13.0/descriptors/python_bandit +- MegaLinter key: [PYTHON_BANDIT] +- Rules config: [.bandit.yml] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [ACTION] files with [actionlint]: Found 1 non blocking error(s) - (0.1s) (expand for details) +- Using [actionlint v1.7.1] https://megalinter.io/7.13.0/descriptors/action_actionlint +- MegaLinter key: [ACTION_ACTIONLINT] +- Rules config: identified by [actionlint] +- Number of files analyzed: [3] +--Error detail: +.github/workflows/build.yaml:49:9: shellcheck reported issue in this script: SC2044:warning:3:12: For loops over find output are fragile. Use find -exec or a while read loop [shellcheck] + | +49 | run: | + | ^~~~ + +::endgroup:: +::group::✅ Linted [BASH] files with [bash-exec] successfully - (0.05s) (expand for details) +- Using [bash-exec v5.2.26] https://megalinter.io/7.13.0/descriptors/bash_bash_exec +- MegaLinter key: [BASH_EXEC] +- Rules config: identified by [bash-exec] +- Number of files analyzed: [2] +::endgroup:: +::group::✅ Linted [BASH] files with [shellcheck] successfully - (0.16s) (expand for details) +- Using [shellcheck v0.10.0] https://megalinter.io/7.13.0/descriptors/bash_shellcheck +- MegaLinter key: [BASH_SHELLCHECK] +- Rules config: identified by [shellcheck] +- Number of files analyzed: [2] +::endgroup:: +::group::✅ Linted [DOCKERFILE] files with [hadolint] successfully - (0.12s) (expand for details) +- Using [hadolint v2.12.0] https://megalinter.io/7.13.0/descriptors/dockerfile_hadolint +- MegaLinter key: [DOCKERFILE_HADOLINT] +- Rules config: [.hadolint.yaml] +- Number of files analyzed: [1] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [dustilock] successfully - (0.03s) (expand for details) +- Using [dustilock v1.2.0] https://megalinter.io/7.13.0/descriptors/repository_dustilock +- MegaLinter key: [REPOSITORY_DUSTILOCK] +- Rules config: identified by [dustilock] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [gitleaks] successfully - (0.77s) (expand for details) +- Using [gitleaks v8.18.4] https://megalinter.io/7.13.0/descriptors/repository_gitleaks +- MegaLinter key: [REPOSITORY_GITLEAKS] +- Rules config: [.gitleaks.toml] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [syft] successfully - (0.5s) (expand for details) +- Using [syft v1.8.0] https://megalinter.io/7.13.0/descriptors/repository_syft +- MegaLinter key: [REPOSITORY_SYFT] +- Rules config: identified by [syft] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [trufflehog] successfully - (5.83s) (expand for details) +- Using [trufflehog v3.79.0] https://megalinter.io/7.13.0/descriptors/repository_trufflehog +- MegaLinter key: [REPOSITORY_TRUFFLEHOG] +- Rules config: identified by [trufflehog] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [checkov]: Found 4 non blocking error(s) - (19.23s) (expand for details) +- Using [checkov v3.2.174] https://megalinter.io/7.13.0/descriptors/repository_checkov +- MegaLinter key: [REPOSITORY_CHECKOV] +- Rules config: [.checkov.yml] +--Error detail: +dockerfile scan results: + +Passed checks: 62, Failed checks: 1, Skipped checks: 0 + +Check: CKV2_DOCKER_1: "Ensure that sudo isn't used" + FAILED for resource: /Dockerfile.RUN + File: /Dockerfile:13-13 + Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-docker-dont-use-sudo.html + + 13 | RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + +github_actions scan results: + +Passed checks: 77, Failed checks: 3, Skipped checks: 0 + +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(build packages) + File: /.github/workflows/build.yaml:0-1 +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(MegaLinter) + File: /.github/workflows/megalinter.yml:26-27 +Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" + FAILED for resource: on(check package versions for upgrades) + File: /.github/workflows/check-package-versions.yaml:0-1 + + +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [git_diff] successfully - (0.02s) (expand for details) +- Using [git_diff v2.45.2] https://megalinter.io/7.13.0/descriptors/repository_git_diff +- MegaLinter key: [REPOSITORY_GIT_DIFF] +- Rules config: identified by [git_diff] +::endgroup:: +::group::✅ Linted [YAML] files with [yamllint] successfully - (0.46s) (expand for details) +- Using [yamllint v1.35.1] https://megalinter.io/7.13.0/descriptors/yaml_yamllint +- MegaLinter key: [YAML_YAMLLINT] +- Rules config: [.yamllint.yml] +- Number of files analyzed: [6] +::endgroup:: +::group::✅ Linted [REPOSITORY] files with [kics]: Found 7 non blocking error(s) - (29.38s) (expand for details) +- Using [kics v2.1.1] https://megalinter.io/7.13.0/descriptors/repository_kics +- MegaLinter key: [REPOSITORY_KICS] +- Rules config: identified by [kics] +--Error detail: + + + + MLLLLLM MLLLLLLLLL LLLLLLL KLLLLLLLLLLLLLLLL LLLLLLLLLLLLLLLLLLLLLLL + MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMML KLMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM MMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM MMMMMMMMMML MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM LMMMMMMMMML MMMMMMMK LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM + MMMMMMM MMMMMMMMMLM MMMMMMMK LMMMMMMMM LMMMMMML + MMMMMMMLMMMMMMMML MMMMMMMK MMMMMMML LMMMMMMMMLLLLLLLLLLLLLMLL + MMMMMMMMMMMMMMMM MMMMMMMK MMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMMMMMMMMMMMMM MMMMMMMK MMMMMMM LMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMM KLMMMMMMMMML MMMMMMMK LMMMMMMM MMMMMMMML + MMMMMMM LMMMMMMMMMM MMMMMMMK LMMMMMMMMLL MMMMMMML + MMMMMMM LMMMMMMMMMLL MMMMMMMK LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM + MMMMMMM MMMMMMMMMMML MMMMMMMK MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM + MMMMMMM LLMMMMMMMMML MMMMMMMK LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML + MMMMMMM MMMMMMMMMML MMMMMMMK KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK + + + + +Scanning with Keeping Infrastructure as Code Secure v2.1.1 + + + + + +Apk Add Using Local Cache Path, Severity: INFO, Results: 1 +Description: When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*' +Platform: Dockerfile +CWE: 459 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/ae9c56a6-3ed1-4ac0-9b54-31267f51151d + + [1]: Dockerfile:13 + + 012: # hadolint ignore=DL3017,DL3018,DL3019 + 013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + 014: # hadolint ignore=DL3017,DL3018,DL3019 + + +Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 4 +Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork. +Platform: CICD +Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9 + + [1]: .github/workflows/check-package-versions.yaml:13 + + 012: steps: + 013: - uses: arduino/setup-task@v2 + 014: with: + + + [2]: .github/workflows/megalinter.yml:45 + + 044: # More info at https://megalinter.io/flavors/ + 045: uses: oxsecurity/megalinter@v7 + 046: env: + + + [3]: .github/workflows/megalinter.yml:72 + + 071: if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_n + 072: uses: peter-evans/create-pull-request@v6 + 073: with: + + + [4]: .github/workflows/megalinter.yml:90 + + 089: if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'commit' && github.ref != 'refs/heads/main' && (github.event_name == 'push' || github.event. + 090: uses: stefanzweifel/git-auto-commit-action@v4 + 091: with: + + +Healthcheck Instruction Missing, Severity: LOW, Results: 1 +Description: Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working +Platform: Dockerfile +CWE: 710 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/b03a748a-542d-44f4-bb86-9199ab4fd2d5 + + [1]: Dockerfile:4 + + 003: # some dependencies are only in edge, should build for stable releases later too + 004: FROM alpine:edge + 005: + + +Unpinned Package Version in Apk Add, Severity: MEDIUM, Results: 1 +Description: Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes +Platform: Dockerfile +CWE: 1357 +Learn more about this vulnerability: https://docs.kics.io/latest/queries/dockerfile-queries/d3499f6d-1651-41bb-a9a7-de925fea487b + + [1]: Dockerfile:13 + + 012: # hadolint ignore=DL3017,DL3018,DL3019 + 013: RUN apk add bash alpine-conf alpine-sdk ccache cmake coreutils m4 sudo fish + 014: # hadolint ignore=DL3017,DL3018,DL3019 + + + +Results Summary: +CRITICAL: 0 +HIGH: 0 +MEDIUM: 1 +LOW: 5 +INFO: 1 +TOTAL: 7 + + +::endgroup:: +[Updated Sources Reporter] copied 1 fixed source files in folder /github/workspace/megalinter-reports/updated_sources. +Download it from artifacts then copy-paste it in your local repo to apply linters updates + ++----SUMMARY----+--------------------------+---------------+-------+-------+--------+--------------+ +| Descriptor | Linter | Mode | Files | Fixed | Errors | Elapsed time | ++---------------+--------------------------+---------------+-------+-------+--------+--------------+ +| ⚠️ ACTION | actionlint | list_of_files | 3 | | 1 | 0.1s | +| ✅ BASH | bash-exec | file | 2 | | 0 | 0.05s | +| ✅ BASH | shellcheck | list_of_files | 2 | | 0 | 0.16s | +| ✅ BASH | shfmt | list_of_files | 2 | 1 | 0 | 0.03s | +| ✅ DOCKERFILE | hadolint | list_of_files | 1 | | 0 | 0.12s | +| ✅ MARKDOWN | markdownlint | list_of_files | 1 | 0 | 0 | 0.31s | +| ✅ MARKDOWN | markdown-link-check | list_of_files | 1 | | 0 | 0.59s | +| ✅ MARKDOWN | markdown-table-formatter | list_of_files | 1 | 0 | 0 | 0.28s | +| ✅ PYTHON | bandit | list_of_files | 1 | | 0 | 1.2s | +| ✅ PYTHON | black | list_of_files | 1 | 0 | 0 | 0.65s | +| ✅ PYTHON | flake8 | list_of_files | 1 | | 0 | 0.69s | +| ✅ PYTHON | isort | list_of_files | 1 | 0 | 0 | 0.34s | +| ✅ PYTHON | mypy | list_of_files | 1 | | 0 | 7.12s | +| ⚠️ PYTHON | pylint | list_of_files | 1 | | 2 | 1.66s | +| ⚠️ PYTHON | pyright | list_of_files | 1 | | 7 | 6.63s | +| ✅ PYTHON | ruff | list_of_files | 1 | 0 | 0 | 0.03s | +| ⚠️ REPOSITORY | checkov | project | n/a | | 4 | 19.23s | +| ⚠️ REPOSITORY | devskim | project | n/a | | 3 | 1.47s | +| ✅ REPOSITORY | dustilock | project | n/a | | 0 | 0.03s | +| ✅ REPOSITORY | gitleaks | project | n/a | | 0 | 0.77s | +| ✅ REPOSITORY | git_diff | project | n/a | | 0 | 0.02s | +| ✅ REPOSITORY | grype | project | n/a | | 0 | 17.68s | +| ⚠️ REPOSITORY | kics | project | n/a | | 7 | 29.38s | +| ✅ REPOSITORY | secretlint | project | n/a | | 0 | 1.0s | +| ✅ REPOSITORY | syft | project | n/a | | 0 | 0.5s | +| ✅ REPOSITORY | trivy | project | n/a | | 0 | 7.38s | +| ✅ REPOSITORY | trivy-sbom | project | n/a | | 0 | 2.05s | +| ✅ REPOSITORY | trufflehog | project | n/a | | 0 | 5.83s | +| ✅ YAML | prettier | list_of_files | 6 | 0 | 0 | 0.58s | +| ✅ YAML | v8r | list_of_files | 6 | | 0 | 5.75s | +| ✅ YAML | yamllint | list_of_files | 6 | | 0 | 0.46s | ++---------------+--------------------------+---------------+-------+-------+--------+--------------+ + +[flavors] You could have same capabilities but better runtime performances if you request a new MegaLinter flavor. +[flavors] Use the following link to request the new flavor: https://github.com/oxsecurity/megalinter/issues/new?assignees=&labels=enhancement&template=feature_request.md&title=Request%20new%20MegaLinter%20flavor&body=MegaLinter%20would%20run%20faster%20on%20my%20project%20if%20I%20had%20a%20flavor%20containing%20the%20following%20list%20of%20linters%3A%0A%0APYTHON_PYLINT%2C%20PYTHON_BLACK%2C%20PYTHON_FLAKE8%2C%20PYTHON_ISORT%2C%20PYTHON_BANDIT%2C%20PYTHON_MYPY%2C%20PYTHON_PYRIGHT%2C%20PYTHON_RUFF%2C%20ACTION_ACTIONLINT%2C%20BASH_EXEC%2C%20BASH_SHELLCHECK%2C%20BASH_SHFMT%2C%20DOCKERFILE_HADOLINT%2C%20MARKDOWN_MARKDOWNLINT%2C%20MARKDOWN_MARKDOWN_LINK_CHECK%2C%20MARKDOWN_MARKDOWN_TABLE_FORMATTER%2C%20REPOSITORY_CHECKOV%2C%20REPOSITORY_GIT_DIFF%2C%20REPOSITORY_GITLEAKS%2C%20REPOSITORY_GRYPE%2C%20REPOSITORY_KICS%2C%20REPOSITORY_SECRETLINT%2C%20REPOSITORY_TRIVY%2C%20REPOSITORY_TRIVY_SBOM%2C%20REPOSITORY_TRUFFLEHOG%2C%20YAML_PRETTIER%2C%20YAML_YAMLLINT%2C%20YAML_V8R%0A%0AWould%20it%20be%20possible%20to%20create%20one%20%3F%20Thanks%20%3Arelaxed%3A + +[GitHub Comment Reporter] Posted summary as comment on atlascloud/aports #PR376 +⚠️ Successfully linted all files, but with ignored errors diff --git a/megalinter-reports/updated_sources/scripts/check_updates.sh b/megalinter-reports/updated_sources/scripts/check_updates.sh new file mode 100755 index 0000000..87e529b --- /dev/null +++ b/megalinter-reports/updated_sources/scripts/check_updates.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +set -x + +if ! git config user.name; then + # some configuration in case we push any changes + git config --global user.name github-actions + git config --global user.email github-actions@github.com + git config --global core.pager '' +fi + +# check each packages latest version, update the APKBUILD and commit if any changes +for pkg in $(cd main && find . -maxdepth 1 -mindepth 1 -type d -exec basename {} \;); do + echo "checking $pkg" + [ -f "./checkers/$pkg" ] || continue # if we don't have a checker, skip + + latest_version=$(./checkers/"$pkg") + echo "latest version: $latest_version" + sed -i "s:pkgver=.*:pkgver=$latest_version:" main/"$pkg"/APKBUILD + sed -i "s:pkgrel=.*:pkgrel=0:" main/"$pkg"/APKBUILD + + # FIXME we shouldn't create the PR if only the pkgrel has changed + # also we are pushing all commits to branches rather than just the one + # maybe a git reset will fix that + + if ! git diff --stat --exit-code main/"$pkg"; then + git branch -av + # if the branch already exists, we can assume the original PR + # already exists and just hasn't been merged yet + git branch -a | grep -q "package_bump/main/$pkg-$latest_version" && continue + + echo "Changes found in main/$pkg. Updating checksum & committing." + task docker:checksum PKG=main/"$pkg" + + git checkout -b package_bump/main/"$pkg"-"$latest_version" + + git add main/"$pkg" + git commit -m "main/$pkg: upgrade to $latest_version + + Automated package bump" + # push any changes we may have committed + # we do this here so each update package becomes it's own branch + # which can then be PR'ed separately + git push origin package_bump/main/"$pkg"-"$latest_version" + gh config set prompt disabled + gh pr create --assignee iggy --fill + fi +done diff --git a/scripts/check_updates.sh b/scripts/check_updates.sh index 83e9068..87e529b 100755 --- a/scripts/check_updates.sh +++ b/scripts/check_updates.sh @@ -2,47 +2,47 @@ set -x -if ! git config user.name ; then - # some configuration in case we push any changes - git config --global user.name github-actions - git config --global user.email github-actions@github.com - git config --global core.pager '' +if ! git config user.name; then + # some configuration in case we push any changes + git config --global user.name github-actions + git config --global user.email github-actions@github.com + git config --global core.pager '' fi # check each packages latest version, update the APKBUILD and commit if any changes -for pkg in $( cd main && find . -maxdepth 1 -mindepth 1 -type d -exec basename {} \;); do - echo "checking $pkg" - [ -f "./checkers/$pkg" ] || continue # if we don't have a checker, skip +for pkg in $(cd main && find . -maxdepth 1 -mindepth 1 -type d -exec basename {} \;); do + echo "checking $pkg" + [ -f "./checkers/$pkg" ] || continue # if we don't have a checker, skip - latest_version=$(./checkers/"$pkg") - echo "latest version: $latest_version" - sed -i "s:pkgver=.*:pkgver=$latest_version:" main/"$pkg"/APKBUILD - sed -i "s:pkgrel=.*:pkgrel=0:" main/"$pkg"/APKBUILD + latest_version=$(./checkers/"$pkg") + echo "latest version: $latest_version" + sed -i "s:pkgver=.*:pkgver=$latest_version:" main/"$pkg"/APKBUILD + sed -i "s:pkgrel=.*:pkgrel=0:" main/"$pkg"/APKBUILD - # FIXME we shouldn't create the PR if only the pkgrel has changed - # also we are pushing all commits to branches rather than just the one - # maybe a git reset will fix that + # FIXME we shouldn't create the PR if only the pkgrel has changed + # also we are pushing all commits to branches rather than just the one + # maybe a git reset will fix that - if ! git diff --stat --exit-code main/"$pkg" ; then - git branch -av - # if the branch already exists, we can assume the original PR - # already exists and just hasn't been merged yet - git branch -a | grep -q "package_bump/main/$pkg-$latest_version" && continue + if ! git diff --stat --exit-code main/"$pkg"; then + git branch -av + # if the branch already exists, we can assume the original PR + # already exists and just hasn't been merged yet + git branch -a | grep -q "package_bump/main/$pkg-$latest_version" && continue - echo "Changes found in main/$pkg. Updating checksum & committing." - task docker:checksum PKG=main/"$pkg" + echo "Changes found in main/$pkg. Updating checksum & committing." + task docker:checksum PKG=main/"$pkg" - git checkout -b package_bump/main/"$pkg"-"$latest_version" + git checkout -b package_bump/main/"$pkg"-"$latest_version" - git add main/"$pkg" - git commit -m "main/$pkg: upgrade to $latest_version + git add main/"$pkg" + git commit -m "main/$pkg: upgrade to $latest_version Automated package bump" - # push any changes we may have committed - # we do this here so each update package becomes it's own branch - # which can then be PR'ed separately - git push origin package_bump/main/"$pkg"-"$latest_version" - gh config set prompt disabled - gh pr create --assignee iggy --fill - fi + # push any changes we may have committed + # we do this here so each update package becomes it's own branch + # which can then be PR'ed separately + git push origin package_bump/main/"$pkg"-"$latest_version" + gh config set prompt disabled + gh pr create --assignee iggy --fill + fi done