Initial plugin source.

.github/workflows/lint.yaml

@@ -0,0 +1,35 @@
+name: Lint
+
+on: push
+
+jobs:
+
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/renovate-config-validator
+
+  markdownlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/markdownlint
+
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/yamllint
+
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/hadolint
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/shellcheck

.hadolint.yaml

@@ -0,0 +1,7 @@
+# https://github.com/hadolint/hadolint#configure
+failure-threshold: style
+strict-labels: true
+disable-ignore-pragma: true
+ignored:
+  - DL3008  # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+trustedRegistries: [docker.io]

.justfile

@@ -0,0 +1,57 @@
+# https://just.systems/man/en/
+set fallback := true
+set unstable := true
+set script-interpreter := ["bash", "-eu"]
+
+REGISTRY_IMAGE := "docker.io/library/registry:2.8.3"
+REGISTRY_NAME := "kaniko-registry"
+REGISTRY_PORT := "5001"
+IMAGE := replace("localhost:_/markdownlint", '_', REGISTRY_PORT)
+
+[private]
+@default:
+	just --list --unsorted
+
+# Run linter.
+@lint:
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate-config-validator
+
+# Build using local repository as cache.
+@build: registry-up
+	docker run --rm --net=host --volume=$(pwd):/workspace:ro gcr.io/kaniko-project/executor:v1.23.2 --context=/workspace --destination={{IMAGE}}
+
+# Run image against local repository.
+run: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Inspect image layers with `dive`.
+@dive: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm -it --volume=/var/run/docker.sock:/var/run/docker.sock:ro wagoodman/dive:latest {{IMAGE}}
+
+# Build with local docker daemon.
+docker: registry-up
+	docker buildx build . --load --quiet --tag={{IMAGE}}:amd64 --platform=linux/amd64
+	docker buildx build . --load --quiet --tag={{IMAGE}}:arm64 --platform=linux/arm64
+	docker push {{IMAGE}} --all-tags --quiet
+	docker manifest rm {{IMAGE}} || true
+	docker manifest create {{IMAGE}} --insecure --amend {{IMAGE}}:amd64 --amend {{IMAGE}}:arm64
+	docker manifest inspect {{IMAGE}} --verbose
+	docker manifest push {{IMAGE}} --purge
+	docker pull {{IMAGE}}
+	docker image inspect {{IMAGE}}
+	docker run --rm --read-only --env=CI=1 --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Start local image registry at `http://localhost:{{REGISTRY_PORT}}`.
+@registry-up:
+	docker volume create {{REGISTRY_NAME}} >/dev/null
+	docker ps --format '{{{{.Names}}' | grep {{REGISTRY_NAME}} >/dev/null || docker run --quiet --detach --volume={{REGISTRY_NAME}}:/var/lib/registry --publish={{REGISTRY_PORT}}:5000 --name={{REGISTRY_NAME}} {{REGISTRY_IMAGE}} >/dev/null
+
+# Shutdown local image registry.
+@registry-down:
+	docker rm {{REGISTRY_NAME}} --force >/dev/null 2>&1

.markdownlint.yaml

@@ -0,0 +1,9 @@
+# Default state for all rules
+default: true
+
+# MD009 - Trailing spaces
+MD009:
+  strict: true
+
+# MD013 - Line length
+MD013: false

.woodpecker/build.yaml

@@ -0,0 +1,38 @@
+when:
+  event: [manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  build:
+    image: gcr.io/kaniko-project/executor:v1.23.2-debug
+    commands: /kaniko/executor
+        --context=$CI_WORKSPACE
+        --destination=ci-registry.schnabel.org/kokuwaio/markdownlint:$CI_PIPELINE_NUMBER-$PLATFORM
+        --reproducible
+        --cache
+        --cache-copy-layers
+        --cache-run-layers
+        --cache-repo=$DOCKER_CACHE/cache/kokuwaio/markdownlint
+        --insecure-registry=$DOCKER_CACHE
+        --insecure-registry=$DOCKER_MIRROR
+        --registry-mirror=$DOCKER_MIRROR
+        --skip-default-registry-fallback
+        --label=org.opencontainers.image.title="Markdownlint Plugin"
+        --label=org.opencontainers.image.description="A Woodpecker CI plugin for markdownlint-cli to lint markdown files."
+        --label=org.opencontainers.image.url=$CI_REPO_URL
+        --label=org.opencontainers.image.documentation=$CI_REPO_URL
+        --label=org.opencontainers.image.source=$CI_REPO_CLONE_URL
+        --label=org.opencontainers.image.vendor=kokuwa.io
+        --label=org.opencontainers.image.licenses=GPL-3.0-or-later
+        --label=org.opencontainers.image.version=0.43.0
+
+  test:
+    image: ci-registry.schnabel.org/kokuwaio/markdownlint:${CI_PIPELINE_NUMBER}-${PLATFORM}
+    pull: true

.woodpecker/dockerhub.yaml

@@ -0,0 +1,17 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/markdownlint
+  event: push
+  branch: main
+  path: README.md
+
+steps:
+
+  metadata:
+    image: kokuwaio/dockerhub-metadata
+    settings:
+      repository: kokuwaio/markdownlint
+      description-short: A Woodpecker CI plugin for markdownlint-cli to lint markdown files.
+      categories: [developer-tools, integration-and-delivery]
+      username: {from_secret: DOCKERHUB_USERNAME}
+      password: {from_secret: DOCKERHUB_PASSWORD}

.woodpecker/lint.yaml

@@ -0,0 +1,31 @@
+when:
+  event: [cron, manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"]
+
+steps:
+
+  renovate:
+    image: kokuwaio/renovate-config-validator
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, renovate.json]]
+
+  yaml:
+    image: kokuwaio/yamllint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .yamllint.yaml, "**/*.yaml"]]
+
+  markdown:
+    image: kokuwaio/markdownlint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .markdownlint.yaml, "**/*.md"]]
+
+  dockerfile:
+    image: kokuwaio/hadolint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]]
+
+  shellcheck:
+    image: kokuwaio/shellcheck
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, "**/*.sh"]]

.woodpecker/push.yaml

@@ -0,0 +1,39 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/markdownlint
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [build]
+skip_clone: true
+
+steps:
+
+  manifest:
+    image: mplatform/manifest-tool:alpine-v2.1.9
+    commands: manifest-tool push from-args
+        --platforms=linux/amd64,linux/arm64
+        --template=ci-registry.schnabel.org/kokuwaio/markdownlint:$CI_PIPELINE_NUMBER-ARCH
+        --target=ci-registry.schnabel.org/kokuwaio/markdownlint:$CI_PIPELINE_NUMBER
+
+  docker.io: &push
+    image: quay.io/skopeo/stable:v1.17.0
+    depends_on: [manifest]
+    commands:
+      - echo "$AUTH" > /tmp/auth.json
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/markdownlint:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/markdownlint:0.43.0
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/markdownlint:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/markdownlint:latest
+    environment:
+      URL: docker.io
+      AUTH: {from_secret: DOCKER_IO_AUTH}
+
+  ghcr.io:
+    <<: *push
+    environment:
+      URL: ghcr.io
+      AUTH: {from_secret: GHCR_IO_AUTH}

.woodpecker/test.yaml

@@ -0,0 +1,18 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/markdownlint
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [push]
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  test:
+    image: kokuwaio/markdownlint
+    pull: true

.yamllint.yaml

@@ -0,0 +1,23 @@
+extends: default
+
+## see https://yamllint.readthedocs.io/en/stable/rules.html
+rules:
+
+  # no need for document start
+  document-start: disable
+
+  # line length is not important
+  line-length: disable
+
+  # reduce space from 2
+  comments:
+    min-spaces-from-content: 1
+
+  # force double quotes everywhere
+  quoted-strings:
+    quote-type: double
+    required: only-when-needed
+
+  # allow everything on keys
+  truthy:
+    check-keys: false

Dockerfile

@@ -0,0 +1,62 @@
+##
+## Download node and markdownlint
+##
+
+FROM docker.io/library/debian:12.9-slim@sha256:40b107342c492725bc7aacbe93a49945445191ae364184a6d24fedb28172f6f7 AS build
+SHELL ["/bin/bash", "-u", "-e", "-o", "pipefail", "-c"]
+WORKDIR /build
+
+RUN --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
+	apt-get -qq update && \
+	apt-get -qq install --yes --no-install-recommends ca-certificates wget gpg gpg-agent dirmngr xz-utils && \
+	rm -rf /etc/*- /var/lib/dpkg/*-old /var/lib/dpkg/status /var/cache/* /var/log/*
+
+# fetch gpg keys for verification
+# https://github.com/nodejs/node?tab=readme-ov-file#release-keys
+RUN gpg --keyserver=hkps://keys.openpgp.org --recv-keys \
+		C0D6248439F1D5604AAFFB4021D900FFDB233756 \
+		DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
+		CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
+		8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
+		890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
+		C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
+		108F52B48DB57BB0CC439B2997B01419BD92F80A \
+		A363A499291CBBC940DD62E41F10027AF002F8B0
+
+# https://github.com/nodejs/node/tags
+# https://github.com/nodejs/node#verifying-binaries
+# https://nodejs.org/en/download/releases/
+# https://endoflife.date/nodejs
+
+ARG NODE_VERSION=v22.10.0 github-tags nodejs/node
+RUN --mount=type=cache,target=/build \
+	ARCH=$(dpkg --print-architecture); \
+	[[ $ARCH == amd64 ]] && export SUFFIX=x64; \
+	[[ $ARCH == arm64 ]] && export SUFFIX=arm64; \
+	[[ -z ${SUFFIX:-} ]] && echo "Unknown arch: $ARCH" && exit 1; \
+	wget --no-hsts --quiet \
+		"https://nodejs.org/download/release/$NODE_VERSION/node-$NODE_VERSION-linux-$SUFFIX.tar.xz" \
+		"https://nodejs.org/download/release/$NODE_VERSION/SHASUMS256.txt" \
+		"https://nodejs.org/download/release/$NODE_VERSION/SHASUMS256.txt.sig" && \
+	sha256sum --quiet --check --strict --ignore-missing SHASUMS256.txt && \
+	gpg --verify SHASUMS256.txt.sig SHASUMS256.txt 2>/dev/null && \
+	tar --xz --extract --file="node-$NODE_VERSION-linux-$SUFFIX.tar.xz" --exclude=include --exclude=share && \
+	mv "node-$NODE_VERSION-linux-$SUFFIX" /opt/node
+ENV PATH="$PATH:/opt/node/bin"
+
+# https://github.com/igorshubovych/markdownlint-cli/releases
+
+RUN --mount=type=tmpfs,target=/root/.npm /opt/node/bin/npm install "[email protected]" --global --no-fund
+
+##
+## Final stage
+##
+
+FROM docker.io/library/debian:12.9-slim@sha256:40b107342c492725bc7aacbe93a49945445191ae364184a6d24fedb28172f6f7
+COPY --link --chown=0:0 --chmod=555 --from=build /opt/node/bin/node /opt/node/bin/node
+COPY --link --chown=0:0 --chmod=555 --from=build /opt/node/bin/markdownlint /opt/node/bin/markdownlint
+COPY --link --chown=0:0             --from=build /opt/node/lib/node_modules/markdownlint-cli /opt/node/lib/node_modules/markdownlint-cli
+COPY --link --chown=0:0 --chmod=555 entrypoint.sh /usr/local/bin/entrypoint.sh
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+ENV PATH="$PATH:/opt/node/bin"
+USER 1000:1000

Dockerfile.dockerignore

@@ -0,0 +1,3 @@
+.*
+
+!entrypoint.sh