From c05e8918ee75cbccf2dc2aea553131e35a4c9d61 Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 10:38:30 +0200 Subject: [PATCH 1/8] added golint --- README.md | 4 ++++ lint-go.yml | 26 +++++++++++++++++++++++--- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c2b7a847..f540eec7 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,10 @@ stages: variables: #optional, used by docker-lint IGNORE_DOCKER_LINT: "DL3012" + + #optional, used to enable reviewdog + ENABLE_REVIEWDOG: 1 + REVIEWDOG_GITLAB_API_TOKEN: ``` The default skipped test for `lint-docker` is `Provide an email address or URL as maintainer`. See skippable tests [here](https://hub.docker.com/r/hadolint/hadolint). diff --git a/lint-go.yml b/lint-go.yml index 38c045c1..4603534c 100644 --- a/lint-go.yml +++ b/lint-go.yml @@ -1,14 +1,34 @@ lint:go: stage: lint - image: cytopia/golint:latest-release-0.1 + image: gadiener/golint-reviewdog:v1.0.0 + variables: + GITLAB_API: ${CI_API_V4_URL} script: - | - echo echo "-> Linting code:" echo - golint . + if [ -z "${LINT_PATH}" ]; then + LINT_PATH="./..." + fi + + if [ "${ENABLE_REVIEWDOG}" = "1" ]; then + echo + echo "-> Enabled Review Dog!" + echo + + if [ -z "${REVIEWDOG_GITLAB_API_TOKEN}" ]; then + echo + echo "-> [WARNING] Missing 'REVIEWDOG_GITLAB_API_TOKEN' variable!" + echo + exit 1 + fi + + golint "${LINT_PATH}" | reviewdog -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion + else + golint "${LINT_PATH}" + fi echo echo "-> Code checked!" From 32889fb5a0d92e69cd436c55e7326eca2682fe75 Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 10:43:10 +0200 Subject: [PATCH 2/8] improved tfsec stage --- README.md | 2 +- terraform-security.yml | 19 ------------------- test-terraform-security.yml | 14 ++++++++++++++ 3 files changed, 15 insertions(+), 20 deletions(-) delete mode 100644 terraform-security.yml create mode 100644 test-terraform-security.yml diff --git a/README.md b/README.md index f540eec7..87ba5b68 100644 --- a/README.md +++ b/README.md @@ -671,7 +671,7 @@ stages: ```yaml include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates//terraform-security.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates//test-terraform-security.yml' stages: - test diff --git a/terraform-security.yml b/terraform-security.yml deleted file mode 100644 index fc655f1d..00000000 --- a/terraform-security.yml +++ /dev/null @@ -1,19 +0,0 @@ -.tfsec: - stage: test - image: #a simple mix between liamg/tfsec and hashicorp/terraform - name: linuxbandit/terraform-with-tfsec:v0.12.9 - entrypoint: [""] - -tfsec: - extends: .tfsec - script: - - | - terraform --version - terraform init -backend=false - - tfsec . - only: - - tags - - merge_requests - allow_failure: true - variables: - GIT_DEPTH: 1 \ No newline at end of file diff --git a/test-terraform-security.yml b/test-terraform-security.yml new file mode 100644 index 00000000..88021d1a --- /dev/null +++ b/test-terraform-security.yml @@ -0,0 +1,14 @@ + +test:terraform-security: + stage: test + image: linuxbandit/terraform-with-tfsec:v0.12.9 + script: + - | + if [ -n "${TF_FOLDER_PATH}" ]; then + cd "${TF_FOLDER_PATH}" + fi + terraform --version + terraform init -backend=false + tfsec . + variables: + GIT_DEPTH: 1 \ No newline at end of file From c1fd0c0955d2a4d13e070fe5a2ac33d95df7b524 Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 10:48:35 +0200 Subject: [PATCH 3/8] added REVIEWDOG_LEVEL --- README.md | 5 +++-- lint-go.yml | 6 +++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 87ba5b68..01590f93 100644 --- a/README.md +++ b/README.md @@ -144,12 +144,13 @@ stages: - lint variables: - #optional, used by docker-lint + # optional, used by docker-lint IGNORE_DOCKER_LINT: "DL3012" - #optional, used to enable reviewdog + # optional, used to enable reviewdog ENABLE_REVIEWDOG: 1 REVIEWDOG_GITLAB_API_TOKEN: + REVIEWDOG_LEVEL: warning # optional, values: info, warning, error ``` The default skipped test for `lint-docker` is `Provide an email address or URL as maintainer`. See skippable tests [here](https://hub.docker.com/r/hadolint/hadolint). diff --git a/lint-go.yml b/lint-go.yml index 4603534c..e7bad3d2 100644 --- a/lint-go.yml +++ b/lint-go.yml @@ -25,7 +25,11 @@ lint:go: exit 1 fi - golint "${LINT_PATH}" | reviewdog -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion + if [ -z "${REVIEWDOG_LEVEL}" ]; then + REVIEWDOG_LEVEL="warning" + fi + + golint "${LINT_PATH}" | reviewdog -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion -level="${REVIEWDOG_LEVEL}" else golint "${LINT_PATH}" fi From d16e7254fcee777b04a80e57c60b19aad62286e2 Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 11:01:26 +0200 Subject: [PATCH 4/8] added reviewdog in yaml lint --- lint-go.yml | 7 ++++--- lint-yaml.yml | 35 ++++++++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/lint-go.yml b/lint-go.yml index e7bad3d2..1428b034 100644 --- a/lint-go.yml +++ b/lint-go.yml @@ -6,7 +6,7 @@ lint:go: script: - | echo - echo "-> Linting code:" + echo "-> Linting Go files:" echo if [ -z "${LINT_PATH}" ]; then @@ -29,11 +29,12 @@ lint:go: REVIEWDOG_LEVEL="warning" fi - golint "${LINT_PATH}" | reviewdog -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion -level="${REVIEWDOG_LEVEL}" + golint "${LINT_PATH}" | reviewdog \ + -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion -level="${REVIEWDOG_LEVEL}" else golint "${LINT_PATH}" fi echo - echo "-> Code checked!" + echo "-> Go files checked!" echo diff --git a/lint-yaml.yml b/lint-yaml.yml index 5ce01749..3a5212d3 100644 --- a/lint-yaml.yml +++ b/lint-yaml.yml @@ -1,19 +1,40 @@ lint:yaml: stage: lint - image: cytopia/yamllint:1.18 + image: gdiener/yamllint-reviewdog:v1.0.0 + variables: + GITLAB_API: ${CI_API_V4_URL} script: - | - - if [[ -z "${YAML_DIR}" ]]; then - YAML_DIR="kube/" + if [[ -z "${LINT_PATH}" ]]; then + LINT_PATH="." fi echo - echo "-> Linting manifests:" + echo "-> Linting YAML files:" echo - yamllint ${YAML_DIR} + if [ "${ENABLE_REVIEWDOG}" = "1" ]; then + echo + echo "-> Enabled Review Dog!" + echo + + if [ -z "${REVIEWDOG_GITLAB_API_TOKEN}" ]; then + echo + echo "-> [WARNING] Missing 'REVIEWDOG_GITLAB_API_TOKEN' variable!" + echo + exit 1 + fi + + if [ -z "${REVIEWDOG_LEVEL}" ]; then + REVIEWDOG_LEVEL="warning" + fi + + yamllint --format "parsable" "${LINT_PATH}" | reviewdog \ + -efm="%f:%l:%c: %m" -diff="git diff master" -reporter=gitlab-mr-discussion -level="${INPUT_LEVEL}" + else + yamllint "${LINT_PATH}" + fi echo - echo "-> Manifests checked!" + echo "-> YAML files checked!" echo \ No newline at end of file From 82669d3430a3d9e23f4848a58a0e88f3ab7d0274 Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 11:07:39 +0200 Subject: [PATCH 5/8] added name in reviewdog --- lint-go.yml | 2 +- lint-yaml.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lint-go.yml b/lint-go.yml index 1428b034..061db97d 100644 --- a/lint-go.yml +++ b/lint-go.yml @@ -29,7 +29,7 @@ lint:go: REVIEWDOG_LEVEL="warning" fi - golint "${LINT_PATH}" | reviewdog \ + golint "${LINT_PATH}" | reviewdog -name="Go Linter" \ -f=golint -diff="git diff master" -reporter=gitlab-mr-discussion -level="${REVIEWDOG_LEVEL}" else golint "${LINT_PATH}" diff --git a/lint-yaml.yml b/lint-yaml.yml index 3a5212d3..9e6b8f1f 100644 --- a/lint-yaml.yml +++ b/lint-yaml.yml @@ -29,7 +29,7 @@ lint:yaml: REVIEWDOG_LEVEL="warning" fi - yamllint --format "parsable" "${LINT_PATH}" | reviewdog \ + yamllint --format "parsable" "${LINT_PATH}" | reviewdog -name="YAML Linter" \ -efm="%f:%l:%c: %m" -diff="git diff master" -reporter=gitlab-mr-discussion -level="${INPUT_LEVEL}" else yamllint "${LINT_PATH}" From 1b1e2f1aac65e0d935b08c310a433833dfb5eede Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 11:18:22 +0200 Subject: [PATCH 6/8] added reviewdog description --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 01590f93..17e79a11 100644 --- a/README.md +++ b/README.md @@ -153,6 +153,8 @@ variables: REVIEWDOG_LEVEL: warning # optional, values: info, warning, error ``` +`reviewdog` provides a way to post review comments automatically by integrating with any linter tools with ease. It uses an output of lint tools and posts them as a comment if findings are in diff of patches to review. + The default skipped test for `lint-docker` is `Provide an email address or URL as maintainer`. See skippable tests [here](https://hub.docker.com/r/hadolint/hadolint). If one wants to check the kube manifests (through lint and security practices), then the import becomes `test-kubernetes-score.yaml`, and it will perform the following: From 3421cc3e92ed0203164c38e2eee0616b7e981a0f Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 11:21:10 +0200 Subject: [PATCH 7/8] added review dog link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 17e79a11..04acf827 100644 --- a/README.md +++ b/README.md @@ -153,7 +153,7 @@ variables: REVIEWDOG_LEVEL: warning # optional, values: info, warning, error ``` -`reviewdog` provides a way to post review comments automatically by integrating with any linter tools with ease. It uses an output of lint tools and posts them as a comment if findings are in diff of patches to review. +The [Review Dog](https://github.com/reviewdog/reviewdog) feature provides a way to post review comments automatically by integrating with any linter tools with ease. It uses an output of lint tools and posts them as a comment if findings are in diff of patches to review. The default skipped test for `lint-docker` is `Provide an email address or URL as maintainer`. See skippable tests [here](https://hub.docker.com/r/hadolint/hadolint). From 812c22aa63843273c50a8da6f1518df2e084bbcf Mon Sep 17 00:00:00 2001 From: Gabriele Diener Date: Mon, 13 Apr 2020 11:42:23 +0200 Subject: [PATCH 8/8] updated remote --- bucket-production.yml | 2 +- bucket-quality.yml | 2 +- cloudrun-production.yml | 2 +- cloudrun-quality.yml | 4 ++-- docker.yml | 2 +- helm-multiregion.yml | 2 +- helm-quality.yml | 4 ++-- helm-regional.yml | 2 +- kubernetes-multiregion.yml | 2 +- kubernetes-quality.yml | 4 ++-- kubernetes-regional.yml | 2 +- serverless-multiregion.yml | 2 +- serverless-regional.yml | 2 +- ssh-production.yml | 2 +- ssh-quality.yml | 2 +- test-unit.yml | 2 +- 16 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bucket-production.yml b/bucket-production.yml index 8977b6e7..394432dc 100644 --- a/bucket-production.yml +++ b/bucket-production.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/bucket-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/bucket-quality.yml' deploy:production: extends: .deploy diff --git a/bucket-quality.yml b/bucket-quality.yml index 8feaae29..14c05298 100644 --- a/bucket-quality.yml +++ b/bucket-quality.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/bucket.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/bucket.yml' deploy:quality: extends: .deploy diff --git a/cloudrun-production.yml b/cloudrun-production.yml index 8f7c8a5b..ceb1a979 100644 --- a/cloudrun-production.yml +++ b/cloudrun-production.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/cloudrun-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/cloudrun-quality.yml' deploy:production: extends: deploy:quality diff --git a/cloudrun-quality.yml b/cloudrun-quality.yml index 997f5ac7..3bac8677 100644 --- a/cloudrun-quality.yml +++ b/cloudrun-quality.yml @@ -1,6 +1,6 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/docker.yml' - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/cloudrun.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/docker.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/cloudrun.yml' deploy:quality: extends: .cloudrun:deploy diff --git a/docker.yml b/docker.yml index e16ff484..a6c20d1a 100644 --- a/docker.yml +++ b/docker.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/docker.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/docker.yml' build: stage: build diff --git a/helm-multiregion.yml b/helm-multiregion.yml index 19688bd8..3a372353 100644 --- a/helm-multiregion.yml +++ b/helm-multiregion.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/helm-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/helm-quality.yml' # EUROPE deploy:production:europe:helm: diff --git a/helm-quality.yml b/helm-quality.yml index f6401f3d..5ce14468 100644 --- a/helm-quality.yml +++ b/helm-quality.yml @@ -1,6 +1,6 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/docker.yml' - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/helm.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/docker.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/helm.yml' deploy:quality:helm: variables: diff --git a/helm-regional.yml b/helm-regional.yml index c0c04110..472384bf 100644 --- a/helm-regional.yml +++ b/helm-regional.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/helm-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/helm-quality.yml' deploy:production:helm: extends: .deploy:production:helm diff --git a/kubernetes-multiregion.yml b/kubernetes-multiregion.yml index 57d85090..5b72a9f9 100644 --- a/kubernetes-multiregion.yml +++ b/kubernetes-multiregion.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/kubernetes-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/kubernetes-quality.yml' # EUROPE diff --git a/kubernetes-quality.yml b/kubernetes-quality.yml index 71240a2c..263f2fa1 100644 --- a/kubernetes-quality.yml +++ b/kubernetes-quality.yml @@ -1,6 +1,6 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/docker.yml' - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/kubernetes.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/docker.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/kubernetes.yml' deploy:quality:image: variables: diff --git a/kubernetes-regional.yml b/kubernetes-regional.yml index 8e6e5386..f6974cc9 100644 --- a/kubernetes-regional.yml +++ b/kubernetes-regional.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/kubernetes-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/kubernetes-quality.yml' deploy:production:image: extends: .deploy:production:image diff --git a/serverless-multiregion.yml b/serverless-multiregion.yml index 38cf32ec..038cf2ff 100644 --- a/serverless-multiregion.yml +++ b/serverless-multiregion.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/serverless.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/serverless.yml' # EUROPE deploy:production:europe: diff --git a/serverless-regional.yml b/serverless-regional.yml index 5eeb60ce..648eca65 100644 --- a/serverless-regional.yml +++ b/serverless-regional.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/serverless.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/serverless.yml' deploy:production: extends: .serverless:deploy diff --git a/ssh-production.yml b/ssh-production.yml index 89be2a48..f795bf08 100644 --- a/ssh-production.yml +++ b/ssh-production.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.4/ssh-quality.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v3.0.0/ssh-quality.yml' deploy:quality:image: extends: .ssh:exec diff --git a/ssh-quality.yml b/ssh-quality.yml index 20a33e77..d0eab71b 100644 --- a/ssh-quality.yml +++ b/ssh-quality.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.4/templates/ssh.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v3.0.0/templates/ssh.yml' deploy:quality:image: extends: .ssh:exec diff --git a/test-unit.yml b/test-unit.yml index 0eac2812..4d587cfc 100644 --- a/test-unit.yml +++ b/test-unit.yml @@ -1,5 +1,5 @@ include: - - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.2.6/templates/docker.yml' + - remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/v2.3.0/templates/docker.yml' test:unit: extends: .docker