Skip to content

Commit

Permalink
add super linter
Browse files Browse the repository at this point in the history
  • Loading branch information
gdams committed Aug 5, 2024
1 parent a7957a2 commit f1b3a2c
Show file tree
Hide file tree
Showing 4 changed files with 123 additions and 61 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/linter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# ********************************************************************************
# Copyright (c) 2020 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made
# available under the terms of the Apache Software License 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: Apache-2.0
# ********************************************************************************

---
###########################
###########################
## Linter GitHub Actions ##
###########################
###########################
name: Linter

#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#

#############################
# Start the job on all push #
#############################
on:
pull_request:
branches: [ main ]

###############
# Set the Job #
###############
permissions:
contents: read

jobs:
linter:
permissions:
contents: read # for actions/checkout to fetch code
statuses: write # for github/super-linter to mark status of each linter run
# Name the Job
name: Lint Code Base
# Set the agent to run on
runs-on: ubuntu-latest

##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0

################################
# Run Linter against code base #
################################
- name: Lint Code Base
uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0
env:
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Markdown lint complains about the issue templates
FILTER_REGEX_EXCLUDE: .github/ISSUE_TEMPLATE/*
1 change: 1 addition & 0 deletions .test/config.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/usr/bin/env bash

# shellcheck disable=SC2154
imageTests[openjdk]+='
java-ca-certificates-update
'
Expand Down
44 changes: 23 additions & 21 deletions .test/tests/java-ca-certificates-update/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@

set -o pipefail

# shellcheck disable=SC2128
testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")"
# shellcheck disable=SC2128
runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"

# CMD1 in each run is just a `date` to make sure nothing is broken with or without the entrypoint
CMD1=date
CMD1="date"

# CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to
# point to the Java keystore.
Expand Down Expand Up @@ -36,86 +38,86 @@ EOF
#

# Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
docker run --rm "$1" $CMD1 >&/dev/null
docker run --rm "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
# expect CMD1 to succeed and CMD2 to fail.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
# be activated. We expect CMD1 to succeed and CMD2 to fail.
docker run --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
# environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
# CMD1 to succeed and CMD2 to fail.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
echo -n $?

#
# PHASE 2: Non-root containers
#

# Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 --rm "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 --rm "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 --rm "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
# expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
# be activated. We expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
# environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
# CMD1 to succeed and CMD2 to fail.
#
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
echo -n $?
67 changes: 27 additions & 40 deletions dockerhub_doc_config_update.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,12 @@ oses="alpine ubuntu ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsse
# The image which is used by default when pulling shared tags on linux e.g 8-jdk
default_linux_image="noble"

git_repo="https://github.com/adoptium/containers/blob/master"

# Get the latest git commit of the current repo.
# This is assumed to have all the latest dockerfiles already.
gitcommit=$(git log | head -1 | awk '{ print $2 }')

print_official_text() {
echo "$*" >> ${official_docker_image_file}
echo "$*" >> "${official_docker_image_file}"
}

print_official_header() {
Expand All @@ -71,9 +69,9 @@ function generate_official_image_tags() {
ojdk_version=${ojdk_version//+/_}

case $os in
"ubuntu") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"ubi") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"windows") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"ubuntu") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
"ubi") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
"windows") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
*) distro=$os;;
esac

Expand All @@ -82,10 +80,8 @@ function generate_official_image_tags() {
# 8u212-jdk
full_ver_tag="${ojdk_version}-${pkg}"

unset extra_shared_tags extra_ver_tags
unset extra_shared_tags
full_ver_tag="${full_ver_tag}-${distro}"
# Commented out as this added the -hotspot tag which we don't need for temurin
# extra_ver_tags=", ${ver}-${pkg}"

ver_tag="${ver}-${pkg}-${distro}"
all_tags="${full_ver_tag}, ${ver_tag}"
Expand All @@ -94,7 +90,6 @@ function generate_official_image_tags() {
jdk_tag="${ver}-${distro}"
all_tags="${all_tags}, ${jdk_tag}"
# make "eclipse-temurin:latest" point to newest supported JDK
# shellcheck disable=SC2154
if [ "${ver}" == "${latest_version}" ]; then
if [ "${vm}" == "hotspot" ]; then
extra_shared_tags=", latest"
Expand All @@ -103,44 +98,46 @@ function generate_official_image_tags() {
fi

unset windows_shared_tags
shared_tags=$(echo ${all_tags} | sed "s/-$distro//g")
if [ $os == "windows" ]; then
windows_version=$(echo $distro | awk -F '-' '{ print $1 }' )
windows_version_number=$(echo $distro | awk -F '-' '{ print $2 }' )
windows_shared_tags=$(echo ${all_tags} | sed "s/$distro/$windows_version/g")
shared_tags="${all_tags//-$distro/}"

if [ "$os" == "windows" ]; then
windows_version=$(echo "$distro" | awk -F '-' '{ print $1 }' )
windows_version_number=$(echo "$distro" | awk -F '-' '{ print $2 }' )
windows_shared_tags="${all_tags//$distro/$windows_version}"
case $distro in
nanoserver*)
constraints="${distro}, windowsservercore-${windows_version_number}"
all_shared_tags="${windows_shared_tags}"
;;
*)
constraints="${distro}"
all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_ver_tags}${extra_shared_tags}"
all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_shared_tags}"
;;
esac
else
all_shared_tags="${shared_tags}${extra_ver_tags}${extra_shared_tags}"
all_shared_tags="${shared_tags}${extra_shared_tags}"
fi
}

function generate_official_image_arches() {
# Generate the supported arches for the above tags.
# Official images supports amd64, arm64vX, s390x, ppc64le amd windows-amd64
if [ $os == "windows" ]; then
# Official images support amd64, arm64vX, s390x, ppc64le, and windows-amd64
if [ "$os" == "windows" ]; then
arches="windows-amd64"
else
# shellcheck disable=SC2046,SC2005,SC1003,SC2086,SC2063
arches=$(echo $(grep ') \\' ${file} | grep -v "*" | sed 's/) \\//g; s/|//g'))
arches=$(echo ${arches} | sed 's/x86_64/amd64/g') # replace x86_64 with amd64
arches=$(echo ${arches} | sed 's/ppc64el/ppc64le/g') # replace ppc64el with ppc64le
arches=$(echo ${arches} | sed 's/arm64/arm64v8/g') # replace arm64 with arm64v8
arches=$(echo ${arches} | sed 's/aarch64/arm64v8/g') # replace aarch64 with arm64v8
arches=$(echo ${arches} | sed 's/armhf/arm32v7/g') # replace armhf with arm32v7
arches="${arches//x86_64/amd64}" # replace x86_64 with amd64
arches="${arches//ppc64el/ppc64le}" # replace ppc64el with ppc64le
arches="${arches//arm64/arm64v8}" # replace arm64 with arm64v8
arches="${arches//aarch64/arm64v8}" # replace aarch64 with arm64v8
arches="${arches//armhf/arm32v7}" # replace armhf with arm32v7
# sort arches alphabetically
arches=$(echo ${arches} | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
arches=$(echo "${arches}" | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
fi
}


function print_official_image_file() {
# Retrieve the latest manifest block
official_manifest=$(sed -n "/${all_tags}/,/^$/p" official-eclipse-temurin)
Expand Down Expand Up @@ -178,15 +175,15 @@ function print_official_image_file() {
echo "Architectures: ${arches}"
echo "GitCommit: ${commit}"
echo "Directory: ${dfdir}"
if [ $os == "windows" ]; then
if [ "$os" == "windows" ]; then
echo "Builder: classic"
echo "Constraints: ${constraints}"
fi
echo ""
} >> ${official_docker_image_file}
} >> "${official_docker_image_file}"
}

rm -f ${official_docker_image_file}
rm -f "${official_docker_image_file}"
print_official_header

official_os_ignore_array=(clefos debian debianslim leap tumbleweed)
Expand All @@ -201,7 +198,7 @@ function generate_official_image_info() {
fi
done
if [ "${os}" == "windows" ]; then
distro=$(echo $dfdir | awk -F '/' '{ print $4 }' )
distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' )
# 20h2 and 1909 is not supported upstream
if [[ "${distro}" == "windowsservercore-20h2" ]] || [[ "${distro}" == "windowsservercore-1909" ]] || [[ "${distro}" == "windowsservercore-ltsc2019" ]] ; then
return;
Expand All @@ -210,10 +207,6 @@ function generate_official_image_info() {
return;
fi
fi
# We do not push our nightly and slim images either.
if [ "${build}" == "nightly" ] || [ "${btype}" == "slim" ]; then
return;
fi

generate_official_image_tags
generate_official_image_arches
Expand All @@ -239,14 +232,8 @@ do
# dockerfile name
dfname=$(basename "${file}")
# dockerfile dir
dfdir=$(dirname $file | cut -c 3-)
dfdir=$(dirname "${file}" | cut -c 3-)
os=$(echo "${file}" | awk -F '/' '{ print $4 }')
# build = release or nightly
# build=$(echo "${dfname}" | awk -F "." '{ print $3 }')
build="release"
# btype = full or slim
# btype=$(echo "${dfname}" | awk -F "." '{ print $4 }')
build="full"
generate_official_image_info
done
done
Expand Down

0 comments on commit f1b3a2c

Please sign in to comment.