diff --git a/.github/bump_k3s_versions.sh b/.github/bump_k3s_versions.sh index ff7c700..ed81207 100755 --- a/.github/bump_k3s_versions.sh +++ b/.github/bump_k3s_versions.sh @@ -6,13 +6,14 @@ verlte() { [ "$1" = "$(echo -e "$1\n$2" | sort -V | head -n1)" ] } -versions=($(curl https://update.k3s.io/v1-release/channels | jq -rc '[ .data[] | select(.type == "channel") | select(.name | test("testing") | not) | .latest ] | unique | .[]')) +# https://www.shellcheck.net/wiki/SC2207 +mapfile -t versionsArray < <(curl https://update.k3s.io/v1-release/channels | jq -rc '[ .data[] | select(.type == "channel") | select(.name | test("testing") | not) | .latest ] | unique | .[]') # Filter only versions above v1.20.0 (https://stackoverflow.com/a/40375567) -for index in "${!versions[@]}" ; do - (verlte ${versions[$index]} v1.20.0) && unset -v 'versions[$index]' +for index in "${!versionsArray[@]}" ; do + (verlte "${versionsArray[$index]}" v1.20.0) && unset -v 'versionsArray[$index]' done -versions="${versions[@]}" +versions="${versionsArray[*]}" amd64_flavor=("opensuse-leap" "opensuse-tumbleweed" "alpine-ubuntu" "alpine-opensuse-leap" "ubuntu" "ubuntu-20-lts" "ubuntu-22-lts" "fedora" "debian") arm64_flavor=("opensuse-leap-arm-rpi" "opensuse-tumbleweed-arm-rpi" "alpine-arm-rpi") @@ -21,15 +22,15 @@ releases="[]" releases_arm="[]" for row in $versions; do - for flavor in "${amd64_flavor[@]}"; do - releases=$(echo $releases | jq ". += [{ \"flavor\": \"$flavor\", \"k3s_version\": \"$row\" }]" ) - done - for flavor in "${arm64_flavor[@]}"; do - for model in "${arm64_models[@]}"; do - releases_arm=$(echo $releases_arm | jq ". += [{ \"flavor\": \"$flavor\", \"model\": \"$model\", \"k3s_version\": \"$row\" }]" ) - done + for flavor in "${amd64_flavor[@]}"; do + releases=$(echo "$releases" | jq ". += [{ \"flavor\": \"$flavor\", \"k3s_version\": \"$row\" }]" ) + done + for flavor in "${arm64_flavor[@]}"; do + for model in "${arm64_models[@]}"; do + releases_arm=$(echo "$releases_arm" | jq ". += [{ \"flavor\": \"$flavor\", \"model\": \"$model\", \"k3s_version\": \"$row\" }]" ) done + done done -echo $releases_arm | jq > releases-arm.json -echo $releases | jq > releases.json +echo "$releases_arm" | jq > releases-arm.json +echo "$releases" | jq > releases.json diff --git a/.github/bump_repositories.sh b/.github/bump_repositories.sh index 2b6373c..69b8611 100755 --- a/.github/bump_repositories.sh +++ b/.github/bump_repositories.sh @@ -1,8 +1,6 @@ #!/bin/bash set -e -root_dir=$(git rev-parse --show-toplevel) - reference() { nr=$1 tag=$2 @@ -14,13 +12,13 @@ YQ=${YQ:-docker run --rm -v "${PWD}":/workdir mikefarah/yq} set -x last_commit_snapshot() { - echo $(docker run --rm quay.io/skopeo/stable list-tags docker://$1 | jq -rc '.Tags | map(select( (. | contains("-repository.yaml")) )) | sort_by(. | sub("v";"") | sub("-repository.yaml";"") | sub("-";"") | split(".") | map(tonumber) ) | .[-1]' | sed "s/-repository.yaml//g") + docker run --rm quay.io/skopeo/stable list-tags "docker://$1" | jq -rc '.Tags | map(select( (. | contains("-repository.yaml")) )) | sort_by(. | sub("v";"") | sub("-repository.yaml";"") | sub("-";"") | split(".") | map(tonumber) ) | .[-1]' | sed "s/-repository.yaml//g" } latest_tag=$(last_commit_snapshot quay.io/kairos/packages) latest_tag_arm64=$(last_commit_snapshot quay.io/kairos/packages-arm64) -$YQ eval "$(reference 0 $latest_tag)" -i repository.yaml -$YQ eval "$(reference 1 $latest_tag_arm64)" -i repository.yaml +$YQ eval "$(reference 0 "$latest_tag")" -i repository.yaml +$YQ eval "$(reference 1 "$latest_tag_arm64")" -i repository.yaml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a9f2ae2..f629477 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,17 +5,7 @@ on: branches: - main jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Install Go - uses: actions/setup-go@v4 - with: - go-version: '^1.18' - - name: Run Lint checks - run: | - ./earthly.sh +lint + call-workflow: + uses: kairos-io/linting-composite-action/.github/workflows/reusable-linting.yaml@main + with: + yamldirs: "." diff --git a/.github/workflows/release-arm.yaml b/.github/workflows/release-arm.yaml index d79d19b..f36e83e 100644 --- a/.github/workflows/release-arm.yaml +++ b/.github/workflows/release-arm.yaml @@ -114,7 +114,8 @@ jobs: uses: docker/setup-buildx-action@master - name: Build 🔧 run: | - K3S_LATEST=$(curl -s https://update.k3s.io/v1-release/channels | jq -rc '[ .data[] | select(.type == "channel") | select(.name | test("testing") | not) | .latest ] | unique | .[-1]') + K3S_LATEST=$(curl -s https://update.k3s.io/v1-release/channels | \ + jq -rc '[ .data[] | select(.type == "channel") | select(.name | test("testing") | not) | .latest ] | unique | .[-1]') earthly -P +all-arm-generic --FLAVOR=${{ matrix.flavor }} --K3S_VERSION=$K3S_LATEST sudo mv build release - name: Push to quay diff --git a/.yamllint b/.yamllint index 242569f..ee7d511 100644 --- a/.yamllint +++ b/.yamllint @@ -5,6 +5,7 @@ rules: line-length: max: 150 level: warning + ignore: "tests/assets/qrcode.yaml" # tokens are big # accept both key: # - item @@ -18,4 +19,8 @@ rules: check-keys: false document-start: - present: false \ No newline at end of file + present: false + ignore: "*" # There are multiple yamls in the same file, we need this sometimes + + comments: + ignore: "tests/assets/*" # our #cloud-config header doesn't take a space after the "#" diff --git a/Earthfile b/Earthfile index c3d4dc7..8e557ed 100644 --- a/Earthfile +++ b/Earthfile @@ -24,7 +24,9 @@ ARG OSBUILDER_IMAGE=quay.io/kairos/osbuilder-tools:v0.6.0 ## External deps pinned versions ARG LUET_VERSION=0.33.0 -ARG GOLINT_VERSION=1.52.2 +ARG GOLANGCILINT_VERSION=v1.52-alpine +ARG HADOLINT_VERSION=2.12.0-alpine +ARG SHELLCHECK_VERSION=v0.9.0 ARG GO_VERSION=1.20 ARG OS_ID=kairos @@ -136,7 +138,7 @@ docker: ELSE ENV INSTALL_K3S_VERSION=${K3S_VERSION} END - + COPY repository.yaml /etc/luet/luet.yaml IF [ "$FLAVOR" = "opensuse-leap" ] || [ "$FLAVOR" = "opensuse-leap-arm-rpi" ] @@ -166,10 +168,10 @@ docker: ARG KAIROS_VERSION IF [ "$KAIROS_VERSION" = "" ] ARG OS_VERSION=${VERSION} - ELSE + ELSE ARG OS_VERSION=${KAIROS_VERSION} END - + ARG OS_ID ARG OS_NAME=${OS_ID}-${FLAVOR} ARG OS_REPO=quay.io/kairos/${VARIANT}-${FLAVOR} @@ -318,7 +320,7 @@ linux-bench: RUN cd /linux-bench-src && CGO_ENABLED=0 go build -o linux-bench . && mv linux-bench / SAVE ARTIFACT /linux-bench /linux-bench -# The target below should run on a live host instead. +# The target below should run on a live host instead. # However, some checks are relevant as well at container level. # It is good enough for a quick assessment. linux-bench-scan: @@ -383,7 +385,7 @@ edgevpn: FROM quay.io/mudler/edgevpn:$EDGEVPN_VERSION SAVE ARTIFACT /usr/bin/edgevpn /edgevpn -# usage e.g. +# usage e.g. # ./earthly.sh +run-proxmox-tests --PROXMOX_USER=root@pam --PROXMOX_PASS=xxx --PROXMOX_ENDPOINT=https://192.168.1.72:8006/api2/json --PROXMOX_ISO=/test/build/kairos-opensuse-v0.0.0-79fd363-k3s.iso --PROXMOX_NODE=proxmox run-proxmox-tests: FROM golang:alpine @@ -407,19 +409,39 @@ run-proxmox-tests: RUN PATH=$PATH:$GOPATH/bin ginkgo --label-filter "$TEST_SUITE" --fail-fast -r ./tests/e2e/ lint: - BUILD +golint + BUILD +hadolint + BUILD +renovate-validator + BUILD +shellcheck-lint + BUILD +golangci-lint BUILD +yamllint -golint: - ARG GO_VERSION - FROM golang:$GO_VERSION - ARG GOLINT_VERSION - RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v$GOLINT_VERSION - WORKDIR /build - COPY . . - RUN golangci-lint run --timeout 360s +hadolint: + FROM hadolint/hadolint:${HADOLINT_VERSION} + COPY . /work + WORKDIR /work + RUN find . -name "Dockerfile*" -print | xargs -r -n1 hadolint + +renovate-validator: + FROM renovate/renovate + COPY . /work + WORKDIR /work + ENV RENOVATE_VERSION="35" + RUN renovate-config-validator + +shellcheck-lint: + FROM koalaman/shellcheck-alpine:${SHELLCHECK_VERSION} + COPY . /work + WORKDIR /work + RUN find . -name "*.sh" -print | xargs -r -n1 shellcheck + +golangci-lint: + FROM golangci/golangci-lint:${GOLANGCILINT_VERSION} + COPY . /work + WORKDIR /work + RUN golangci-lint run --timeout 360s yamllint: - FROM cytopia/yamllint - COPY . . - RUN yamllint .github/workflows/ + FROM cytopia/yamllint + COPY . /work + WORKDIR /work + RUN find . -name "*.yml" -or -name "*.yaml" -print | xargs -r -n1 diff --git a/earthly.sh b/earthly.sh index 12b82a9..533d767 100755 --- a/earthly.sh +++ b/earthly.sh @@ -1,3 +1,3 @@ #!/bin/bash -docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v $(pwd):/workspace -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged $@ \ No newline at end of file +docker run --privileged -v /var/run/docker.sock:/var/run/docker.sock --rm -t -v "$(pwd):/workspace" -v earthly-tmp:/tmp/earthly:rw earthly/earthly:v0.6.21 --allow-privileged "$@" diff --git a/internal/assets/static/kube_vip_rbac.yaml b/internal/assets/static/kube_vip_rbac.yaml index 91d6f28..767adf1 100644 --- a/internal/assets/static/kube_vip_rbac.yaml +++ b/internal/assets/static/kube_vip_rbac.yaml @@ -13,7 +13,7 @@ metadata: rules: - apiGroups: [""] resources: ["services", "services/status", "nodes", "endpoints"] - verbs: ["list","get","watch", "update"] + verbs: ["list", "get", "watch", "update"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["list", "get", "watch", "update", "create"] @@ -29,4 +29,4 @@ roleRef: subjects: - kind: ServiceAccount name: kube-vip - namespace: kube-system \ No newline at end of file + namespace: kube-system diff --git a/tests/assets/autoinstall.yaml b/tests/assets/autoinstall.yaml index f4a5efc..85af103 100644 --- a/tests/assets/autoinstall.yaml +++ b/tests/assets/autoinstall.yaml @@ -5,9 +5,9 @@ install: device: /dev/vda stages: - initramfs: - - name: "Set user and password" - users: + initramfs: + - name: "Set user and password" + users: kairos: passwd: "kairos" - hostname: kairos-{{ trunc 4 .Random }} \ No newline at end of file + hostname: kairos-{{ trunc 4 .Random }} diff --git a/tests/assets/config.yaml b/tests/assets/config.yaml index 5c813e6..d0fa30c 100644 --- a/tests/assets/config.yaml +++ b/tests/assets/config.yaml @@ -4,9 +4,9 @@ install: reboot: true stages: - initramfs: - - name: "Set user and password" - users: + initramfs: + - name: "Set user and password" + users: kairos: passwd: "kairos" - hostname: kairos-{{ trunc 4 .Random }} + hostname: kairos-{{ trunc 4 .Random }} diff --git a/tests/assets/kubernetes_logs.sh b/tests/assets/kubernetes_logs.sh index 90256f5..db9592f 100755 --- a/tests/assets/kubernetes_logs.sh +++ b/tests/assets/kubernetes_logs.sh @@ -1,11 +1,10 @@ #!/bin/sh for n in $(k3s kubectl get namespace -A | tr -s ' ' | cut -f1 -d' ' | tail -n +2); do - for p in $(k3s kubectl get pods -n $n | tr -s ' ' | cut -f1 -d' ' | tail -n +2); do - echo --------------------------- - echo $n - $p - echo --------------------------- - k3s kubectl logs $p -n $n + for p in $(k3s kubectl get pods -n "$n" | tr -s ' ' | cut -f1 -d' ' | tail -n +2); do + echo --------------------------- + echo "$n" - "$p" + echo --------------------------- + k3s kubectl logs "$p" -n "$n" done done - \ No newline at end of file diff --git a/tests/assets/qrcode.yaml b/tests/assets/qrcode.yaml index a1fb47f..0c14e95 100644 --- a/tests/assets/qrcode.yaml +++ b/tests/assets/qrcode.yaml @@ -1,9 +1,9 @@ stages: - initramfs: - - name: "Set user and password" - users: - kairos: - passwd: "kairos" - hostname: kairos-{{ trunc 4 .Random }} + initramfs: + - name: "Set user and password" + users: + kairos: + passwd: "kairos" + hostname: kairos-{{ trunc 4 .Random }} kairos: - network_token: "b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDI0SUpPS1pGS0g1R0tYUTNSNkdaQkNaS0lPTTNSWU9OT0pNRjIyRFFTM0VNT1BUWEdTTFEKICAgIGxlbmd0aDogMzIKICBjcnlwdG86CiAgICBpbnRlcnZhbDogOTAwMAogICAga2V5OiBQNklPMllEMzZaVFZRTkdUNk5ZREJNS0s0V09aQjJJN0RQMkRUQzRLVVU1UEhaTjRYSzVBCiAgICBsZW5ndGg6IDMyCnJvb206IEdPMkNRVDVYN080VFM3VEpFUVEyTDRXSTJZNURHNzZHUlNGU05FUVVZN1FBSjZSRzVUUFEKcmVuZGV6dm91czoga0taUE1pQU9TZWN6R1lDRXdTSEV0V21XUGZUaGxOa3QKbWRuczogT0FWY25LZXlPT3ZJQlhtQ0ZBYmhNSkxlbndJTEFxY2sKbWF4X21lc3NhZ2Vfc2l6ZTogMjA5NzE1MjAK" \ No newline at end of file + network_token: "b3RwOgogIGRodDoKICAgIGludGVydmFsOiA5MDAwCiAgICBrZXk6IDI0SUpPS1pGS0g1R0tYUTNSNkdaQkNaS0lPTTNSWU9OT0pNRjIyRFFTM0VNT1BUWEdTTFEKICAgIGxlbmd0aDogMzIKICBjcnlwdG86CiAgICBpbnRlcnZhbDogOTAwMAogICAga2V5OiBQNklPMllEMzZaVFZRTkdUNk5ZREJNS0s0V09aQjJJN0RQMkRUQzRLVVU1UEhaTjRYSzVBCiAgICBsZW5ndGg6IDMyCnJvb206IEdPMkNRVDVYN080VFM3VEpFUVEyTDRXSTJZNURHNzZHUlNGU05FUVVZN1FBSjZSRzVUUFEKcmVuZGV6dm91czoga0taUE1pQU9TZWN6R1lDRXdTSEV0V21XUGZUaGxOa3QKbWRuczogT0FWY25LZXlPT3ZJQlhtQ0ZBYmhNSkxlbndJTEFxY2sKbWF4X21lc3NhZ2Vfc2l6ZTogMjA5NzE1MjAK" diff --git a/tests/assets/single.yaml b/tests/assets/single.yaml index b613e59..bcc1a97 100644 --- a/tests/assets/single.yaml +++ b/tests/assets/single.yaml @@ -1,15 +1,13 @@ #cloud-config stages: - initramfs: - - name: "Set user and password" - users: + initramfs: + - name: Set user and password + users: kairos: - passwd: "kairos" - + passwd: kairos k3s: enabled: true - write_files: - path: /var/lib/rancher/k3s/server/manifests/suc.yaml permissions: "0644"