Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add super linter #623

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .github/workflows/linter.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# ********************************************************************************
# Copyright (c) 2020 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made
# available under the terms of the Apache Software License 2.0
# which is available at https://www.apache.org/licenses/LICENSE-2.0.
#
# SPDX-License-Identifier: Apache-2.0
# ********************************************************************************

---
###########################
###########################
## Linter GitHub Actions ##
###########################
###########################
name: Linter

#
# Documentation:
# https://help.github.com/en/articles/workflow-syntax-for-github-actions
#

#############################
# Start the job on all push #
#############################
on:
pull_request:
branches: [ main ]

###############
# Set the Job #
###############
permissions:
contents: read

jobs:
linter:
permissions:
contents: read # for actions/checkout to fetch code
statuses: write # for github/super-linter to mark status of each linter run
# Name the Job
name: Lint Code Base
# Set the agent to run on
runs-on: ubuntu-latest

##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# Full git history is needed to get a proper list of changed files within `super-linter`
fetch-depth: 0

################################
# Run Linter against code base #
################################
- name: Lint Code Base
uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0
env:
VALIDATE_ALL_CODEBASE: true
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Markdown lint complains about the issue templates
FILTER_REGEX_EXCLUDE: .github/ISSUE_TEMPLATE/*
1 change: 1 addition & 0 deletions .test/config.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/usr/bin/env bash

# shellcheck disable=SC2154
imageTests[openjdk]+='
java-ca-certificates-update
'
Expand Down
44 changes: 23 additions & 21 deletions .test/tests/java-ca-certificates-update/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,13 @@

set -o pipefail

# shellcheck disable=SC2128
testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")"
# shellcheck disable=SC2128
runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"

# CMD1 in each run is just a `date` to make sure nothing is broken with or without the entrypoint
CMD1=date
CMD1="date"

# CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to
# point to the Java keystore.
Expand Down Expand Up @@ -36,86 +38,86 @@ EOF
#

# Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
docker run --rm "$1" $CMD1 >&/dev/null
docker run --rm "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
# expect CMD1 to succeed and CMD2 to fail.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
# be activated. We expect CMD1 to succeed and CMD2 to fail.
docker run --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
# environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
# CMD1 to succeed and CMD2 to fail.
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
echo -n $?
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
echo -n $?

#
# PHASE 2: Non-root containers
#

# Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 --rm "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 --rm "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 --rm "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
# expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
# be activated. We expect CMD1 to succeed and CMD2 to fail.
docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
# environment variable is set. We expect both CMD1 and CMD2 to succeed.
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
echo -n $?

# Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
# CMD1 to succeed and CMD2 to fail.
#
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
echo -n $?
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
echo -n $?
67 changes: 27 additions & 40 deletions dockerhub_doc_config_update.sh
Original file line number Diff line number Diff line change
Expand Up @@ -41,14 +41,12 @@ oses="alpine ubuntu ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsse
# The image which is used by default when pulling shared tags on linux e.g 8-jdk
default_linux_image="noble"

git_repo="https://github.com/adoptium/containers/blob/master"

# Get the latest git commit of the current repo.
# This is assumed to have all the latest dockerfiles already.
gitcommit=$(git log | head -1 | awk '{ print $2 }')

print_official_text() {
echo "$*" >> ${official_docker_image_file}
echo "$*" >> "${official_docker_image_file}"
}

print_official_header() {
Expand All @@ -71,9 +69,9 @@ function generate_official_image_tags() {
ojdk_version=${ojdk_version//+/_}

case $os in
"ubuntu") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"ubi") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"windows") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
"ubuntu") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
"ubi") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
"windows") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
*) distro=$os;;
esac

Expand All @@ -82,10 +80,8 @@ function generate_official_image_tags() {
# 8u212-jdk
full_ver_tag="${ojdk_version}-${pkg}"

unset extra_shared_tags extra_ver_tags
unset extra_shared_tags
full_ver_tag="${full_ver_tag}-${distro}"
# Commented out as this added the -hotspot tag which we don't need for temurin
# extra_ver_tags=", ${ver}-${pkg}"

ver_tag="${ver}-${pkg}-${distro}"
all_tags="${full_ver_tag}, ${ver_tag}"
Expand All @@ -94,7 +90,6 @@ function generate_official_image_tags() {
jdk_tag="${ver}-${distro}"
all_tags="${all_tags}, ${jdk_tag}"
# make "eclipse-temurin:latest" point to newest supported JDK
# shellcheck disable=SC2154
if [ "${ver}" == "${latest_version}" ]; then
if [ "${vm}" == "hotspot" ]; then
extra_shared_tags=", latest"
Expand All @@ -103,44 +98,46 @@ function generate_official_image_tags() {
fi

unset windows_shared_tags
shared_tags=$(echo ${all_tags} | sed "s/-$distro//g")
if [ $os == "windows" ]; then
windows_version=$(echo $distro | awk -F '-' '{ print $1 }' )
windows_version_number=$(echo $distro | awk -F '-' '{ print $2 }' )
windows_shared_tags=$(echo ${all_tags} | sed "s/$distro/$windows_version/g")
shared_tags="${all_tags//-$distro/}"

if [ "$os" == "windows" ]; then
windows_version=$(echo "$distro" | awk -F '-' '{ print $1 }' )
windows_version_number=$(echo "$distro" | awk -F '-' '{ print $2 }' )
windows_shared_tags="${all_tags//$distro/$windows_version}"
case $distro in
nanoserver*)
constraints="${distro}, windowsservercore-${windows_version_number}"
all_shared_tags="${windows_shared_tags}"
;;
*)
constraints="${distro}"
all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_ver_tags}${extra_shared_tags}"
all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_shared_tags}"
;;
esac
else
all_shared_tags="${shared_tags}${extra_ver_tags}${extra_shared_tags}"
all_shared_tags="${shared_tags}${extra_shared_tags}"
fi
}

function generate_official_image_arches() {
# Generate the supported arches for the above tags.
# Official images supports amd64, arm64vX, s390x, ppc64le amd windows-amd64
if [ $os == "windows" ]; then
# Official images support amd64, arm64vX, s390x, ppc64le, and windows-amd64
if [ "$os" == "windows" ]; then
arches="windows-amd64"
else
# shellcheck disable=SC2046,SC2005,SC1003,SC2086,SC2063
arches=$(echo $(grep ') \\' ${file} | grep -v "*" | sed 's/) \\//g; s/|//g'))
arches=$(echo ${arches} | sed 's/x86_64/amd64/g') # replace x86_64 with amd64
arches=$(echo ${arches} | sed 's/ppc64el/ppc64le/g') # replace ppc64el with ppc64le
arches=$(echo ${arches} | sed 's/arm64/arm64v8/g') # replace arm64 with arm64v8
arches=$(echo ${arches} | sed 's/aarch64/arm64v8/g') # replace aarch64 with arm64v8
arches=$(echo ${arches} | sed 's/armhf/arm32v7/g') # replace armhf with arm32v7
arches="${arches//x86_64/amd64}" # replace x86_64 with amd64
arches="${arches//ppc64el/ppc64le}" # replace ppc64el with ppc64le
arches="${arches//arm64/arm64v8}" # replace arm64 with arm64v8
arches="${arches//aarch64/arm64v8}" # replace aarch64 with arm64v8
arches="${arches//armhf/arm32v7}" # replace armhf with arm32v7
# sort arches alphabetically
arches=$(echo ${arches} | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
arches=$(echo "${arches}" | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
fi
}


function print_official_image_file() {
# Retrieve the latest manifest block
official_manifest=$(sed -n "/${all_tags}/,/^$/p" official-eclipse-temurin)
Expand Down Expand Up @@ -178,15 +175,15 @@ function print_official_image_file() {
echo "Architectures: ${arches}"
echo "GitCommit: ${commit}"
echo "Directory: ${dfdir}"
if [ $os == "windows" ]; then
if [ "$os" == "windows" ]; then
echo "Builder: classic"
echo "Constraints: ${constraints}"
fi
echo ""
} >> ${official_docker_image_file}
} >> "${official_docker_image_file}"
}

rm -f ${official_docker_image_file}
rm -f "${official_docker_image_file}"
print_official_header

official_os_ignore_array=(clefos debian debianslim leap tumbleweed)
Expand All @@ -201,7 +198,7 @@ function generate_official_image_info() {
fi
done
if [ "${os}" == "windows" ]; then
distro=$(echo $dfdir | awk -F '/' '{ print $4 }' )
distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' )
# 20h2 and 1909 is not supported upstream
if [[ "${distro}" == "windowsservercore-20h2" ]] || [[ "${distro}" == "windowsservercore-1909" ]] || [[ "${distro}" == "windowsservercore-ltsc2019" ]] ; then
return;
Expand All @@ -210,10 +207,6 @@ function generate_official_image_info() {
return;
fi
fi
# We do not push our nightly and slim images either.
if [ "${build}" == "nightly" ] || [ "${btype}" == "slim" ]; then
return;
fi

generate_official_image_tags
generate_official_image_arches
Expand All @@ -239,14 +232,8 @@ do
# dockerfile name
dfname=$(basename "${file}")
# dockerfile dir
dfdir=$(dirname $file | cut -c 3-)
dfdir=$(dirname "${file}" | cut -c 3-)
os=$(echo "${file}" | awk -F '/' '{ print $4 }')
# build = release or nightly
# build=$(echo "${dfname}" | awk -F "." '{ print $3 }')
build="release"
# btype = full or slim
# btype=$(echo "${dfname}" | awk -F "." '{ print $4 }')
build="full"
generate_official_image_info
done
done
Expand Down
Loading