From 4d2cffbe093819a3fddb4898ef3bf32d85e00bb1 Mon Sep 17 00:00:00 2001 From: Felix Bartels Date: Wed, 19 Jun 2019 18:08:36 +0200 Subject: [PATCH] Add linting for yaml files (#186) * rename check-scripts target to lint * install yamllint through pip on travis * add yamllint config, do not fail on too long lines * fix yaml linting errors * remove circular dependency --- .travis.yml | 19 ++++---- .yamllint | 7 +++ Makefile | 3 +- docker-compose.yml | 98 ++++++++++++++++++++-------------------- examples/core.yml | 2 +- examples/meet-kopano.yml | 36 +++++++-------- examples/webapp.yml | 12 ++--- 7 files changed, 92 insertions(+), 85 deletions(-) create mode 100644 .yamllint diff --git a/.travis.yml b/.travis.yml index 040dcd9..5920c86 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,27 +2,28 @@ sudo: required language: bash env: global: - - HADOLINT_VERSION=1.16.3 - - DOCKER_COMPOSE_VERSION=1.23.2 - - TRIVY_VERSION=0.1.1 - - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA= - - secure: kj/KcPck6RHSQdcN29+OoxSufHX8KgMXs/ekVUsgcXfWb8iwo0UbfGwyPf+oy1vvjO65e0xsdGHN6Vk++opJT1qaAMpIInfh3+otXmDrT4Uq0s+vBkyQ/EPNeTy6oWK28y5+IVrR3Nd4FMK8CQ4FKzqKAAOQDkusI1182tRL9wDPnCbUD92cNcTPh7aHccSflkBOzw0G6d0v3RFIseOdYMA4DN72YfUV6RHVgOz7PSPmZ9p9lza1Fdbd1fBYoqBapzm3tIWiaU20OkyYNorZzsT+afTTpfHIb5ku+emNCiKDORuX4XQHDiS+PtqDNJRL2WsOsudVf9ckd9wpTkDj5rFnVex7GtS4z47kLDahzNWMQs4gnpDVUi3jbGeU/62EXdiAmuWs0A2kUSPYZwAKVbfIDlp3tAy0dzGivnBfTdN/TYVRm0IDRJZZNp964Tu3rGLazbRCYpGTIYz4KlMRrIN4QJj8JMmvcaOidp/xQJL+MkZTNY653VFHYeu61XEUV3RkGkkhZL967w+VuhkULDppslKExsJzXXX6ITauLu6hqAj+fWrn0WDxn/Km+sx9aJaBNqg4egT8mX5+WeDdoV+3NyODjbYUaEPKSuUkW/Skm+VGlYeyc9apahTSDe1H/W2KUcramkMT17IdPqXTqvlo+HSR97IGoE37OWKdoVM= - - secure: k5V2o5xIGGQ2vlWaCfWHAn68z7k/FSL8bXgow6/x0svxmsvDxJzRrpnM3xn681ogUEoQP1hQeHWeR0tg88RcDFmjzEObMjVd7Av289YIQ/W6hmFFb+SCa+TmAe49ybPLZA2UNygC/zqH5N6U5iMYsyPrChw4oUv9X9lfDJUz08crRVwffm/JwcEfV1tH722I2WUcEpxKYyqymK9CaO3e2UTXnPaASNOPuZ2v0T3D1lvla+XRNG+JJ6+BJjBRkzMMg584IaBIqGVf9tlImZkGfYmVWUVvBfpuHMSU9OC4CJXBRqy6K/nUlw5bDDsGFbLGA9Tg1qgLzAZsPCSMSCC2Gq0rLxuihudWEJ9e8dnRLIbt+Zxlqa2s7DQ2FTWyofQfR4GL6cD4uSoSh+k9ij6PeJMSEzplaO01Fyh87uRbcVBxwktIXeVuJsBG8uQ2wdWjQ41g4noDHzsV1duJ1nz9b6JRH7Vbp8bKXow3K+EtlFfa9GcD4I64oksbWH+hx+PBBf0qEdUzZnHmw2vEqJyjdlCoQ1k7pX6c9rxzNiKIb8Hsmhu1r7DCNYBYZIZ1pGhVBilxrr9QiU0hGpRsON0QOzTobz6TohW9w+LNgBMPMizLRFi3r14Nqel8GIWcQUP/RBTiXb8Lr+D9oq0oY1Up4QyfEq1SfkJ1yD4qzCOhb5I= + - HADOLINT_VERSION=1.16.3 + - DOCKER_COMPOSE_VERSION=1.23.2 + - TRIVY_VERSION=0.1.1 + - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA= + - secure: kj/KcPck6RHSQdcN29+OoxSufHX8KgMXs/ekVUsgcXfWb8iwo0UbfGwyPf+oy1vvjO65e0xsdGHN6Vk++opJT1qaAMpIInfh3+otXmDrT4Uq0s+vBkyQ/EPNeTy6oWK28y5+IVrR3Nd4FMK8CQ4FKzqKAAOQDkusI1182tRL9wDPnCbUD92cNcTPh7aHccSflkBOzw0G6d0v3RFIseOdYMA4DN72YfUV6RHVgOz7PSPmZ9p9lza1Fdbd1fBYoqBapzm3tIWiaU20OkyYNorZzsT+afTTpfHIb5ku+emNCiKDORuX4XQHDiS+PtqDNJRL2WsOsudVf9ckd9wpTkDj5rFnVex7GtS4z47kLDahzNWMQs4gnpDVUi3jbGeU/62EXdiAmuWs0A2kUSPYZwAKVbfIDlp3tAy0dzGivnBfTdN/TYVRm0IDRJZZNp964Tu3rGLazbRCYpGTIYz4KlMRrIN4QJj8JMmvcaOidp/xQJL+MkZTNY653VFHYeu61XEUV3RkGkkhZL967w+VuhkULDppslKExsJzXXX6ITauLu6hqAj+fWrn0WDxn/Km+sx9aJaBNqg4egT8mX5+WeDdoV+3NyODjbYUaEPKSuUkW/Skm+VGlYeyc9apahTSDe1H/W2KUcramkMT17IdPqXTqvlo+HSR97IGoE37OWKdoVM= + - secure: k5V2o5xIGGQ2vlWaCfWHAn68z7k/FSL8bXgow6/x0svxmsvDxJzRrpnM3xn681ogUEoQP1hQeHWeR0tg88RcDFmjzEObMjVd7Av289YIQ/W6hmFFb+SCa+TmAe49ybPLZA2UNygC/zqH5N6U5iMYsyPrChw4oUv9X9lfDJUz08crRVwffm/JwcEfV1tH722I2WUcEpxKYyqymK9CaO3e2UTXnPaASNOPuZ2v0T3D1lvla+XRNG+JJ6+BJjBRkzMMg584IaBIqGVf9tlImZkGfYmVWUVvBfpuHMSU9OC4CJXBRqy6K/nUlw5bDDsGFbLGA9Tg1qgLzAZsPCSMSCC2Gq0rLxuihudWEJ9e8dnRLIbt+Zxlqa2s7DQ2FTWyofQfR4GL6cD4uSoSh+k9ij6PeJMSEzplaO01Fyh87uRbcVBxwktIXeVuJsBG8uQ2wdWjQ41g4noDHzsV1duJ1nz9b6JRH7Vbp8bKXow3K+EtlFfa9GcD4I64oksbWH+hx+PBBf0qEdUzZnHmw2vEqJyjdlCoQ1k7pX6c9rxzNiKIb8Hsmhu1r7DCNYBYZIZ1pGhVBilxrr9QiU0hGpRsON0QOzTobz6TohW9w+LNgBMPMizLRFi3r14Nqel8GIWcQUP/RBTiXb8Lr+D9oq0oY1Up4QyfEq1SfkJ1yD4qzCOhb5I= services: - docker before_install: - sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint - sudo rm /usr/local/bin/docker-compose - - sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose + - sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose - wget https://github.com/knqyf263/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - sudo tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin trivy - sudo chmod +rx /usr/local/bin/hadolint - sudo chmod +rx /usr/local/bin/docker-compose - sudo apt update && sudo apt install -y expect + - sudo pip install --upgrade pip && sudo pip install yamllint install: - - make check-scripts + - make lint - "./test.exp" - - make check-scripts # rerun check-scripts to see if output is different with .env in place + - make lint # rerun lint to see if output is different with .env in place - travis_retry make build-all script: - make test-ci diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..addf0aa --- /dev/null +++ b/.yamllint @@ -0,0 +1,7 @@ +extends: default + +rules: + # 80 chars should be enough, but don't fail if a line is longer + line-length: + max: 80 + level: warning diff --git a/Makefile b/Makefile index 8aebacb..d1cc8e4 100644 --- a/Makefile +++ b/Makefile @@ -321,10 +321,11 @@ publish-webapp: tag-webapp publish-zpush: tag-zpush component=zpush make publish-container -check-scripts: +lint: grep -rIl '^#![[:blank:]]*/bin/\(bash\|sh\|zsh\)' \ --exclude-dir=.git --exclude=*.sw? \ | xargs shellcheck -x + git ls-files --exclude='*.yml' --ignored | xargs --max-lines=1 yamllint # List files which name starts with 'Dockerfile' # eg. Dockerfile, Dockerfile.build, etc. git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint diff --git a/docker-compose.yml b/docker-compose.yml index 17490c0..f2477db 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,18 +13,18 @@ services: - FQDN=${FQDN?err} command: wrapper.sh cap_drop: - - ALL - cap_add: - - NET_BIND_SERVICE - - CHOWN - - SETGID - - SETUID + - ALL + cap_add: + - NET_BIND_SERVICE + - CHOWN + - SETGID + - SETUID volumes: - web:/.kweb networks: web-net: aliases: - - ${FQDNCLEANED?err} + - ${FQDNCLEANED?err} ldap: image: ${docker_repo:-zokradonh}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest} @@ -68,7 +68,7 @@ services: environment: - SSP_VERSION=1.3 - LDAP_SERVER=ldap://ldap:389 - - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} + - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD} - LDAP_BASE_SEARCH=${LDAP_BASE_DN} - MAIL_FROM=noreply@${LDAP_DOMAIN} @@ -93,9 +93,9 @@ services: expose: - "80" networks: - - web-net # provide web-frontend - - ldap-net # access ldap user base and write passwords - - kopano-net # send mail directly to mailstack + - web-net # provide web-frontend + - ldap-net # access ldap user base and write passwords + - kopano-net # send mail directly to mailstack mail: image: tvial/docker-mailserver:release-v6.1.0 @@ -149,8 +149,8 @@ services: networks: - kopano-net - ldap-net - #dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and - # set to the ip of a trusted dns service (Cloudflare is given as an example). + #dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and + # set to the ip of a trusted dns service (Cloudflare is given as an example). # See https://github.com/zokradonh/kopano-docker/issues/52 for more information. cap_add: - NET_ADMIN @@ -176,7 +176,7 @@ services: retries: 4 networks: - kopano-net - + kopano_ssl: image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest} environment: @@ -212,7 +212,7 @@ services: - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem - KCCONF_SERVER_SERVER_NAME=Kopano - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients - - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy + - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS} - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER} - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN} @@ -313,7 +313,6 @@ services: container_name: ${COMPOSE_PROJECT_NAME}_kdav depends_on: - kopano_server - container_name: ${COMPOSE_PROJECT_NAME}_kdav volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano @@ -437,65 +436,64 @@ services: image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest} command: wrapper.sh depends_on: - - kopano_server + - kopano_ssl + - web + # to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency volumes: - - kopanossl/:/kopano/ssl - - kopanosocket/:/run/kopano - depends_on: - - kopano_ssl - - web + - kopanossl/:/kopano/ssl + - kopanosocket/:/run/kopano environment: - - FQDN=${FQDN} - - allow_client_guests=yes - - allow_dynamic_client_registration=yes + - FQDN=${FQDN} + - allow_client_guests=yes + - allow_dynamic_client_registration=yes env_file: - - kopano_konnect.env + - kopano_konnect.env networks: - - kopano-net - - web-net + - kopano-net + - web-net kopano_playground: image: ${docker_repo:-zokradonh}/kopano_playground depends_on: - - kopano_kapi - - kopano_konnect + - kopano_kapi + - kopano_konnect networks: - - kopano-net - - web-net + - kopano-net + - web-net kopano_kwmserver: image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest} command: wrapper.sh depends_on: - - kopano_kapi - - kopano_konnect + - kopano_kapi + - kopano_konnect environment: - - INSECURE=${INSECURE} - - oidc_issuer_identifier=https://${FQDN} - - enable_guest_api=yes - - public_guest_access_regexp=^group/public/.* + - INSECURE=${INSECURE} + - oidc_issuer_identifier=https://${FQDN} + - enable_guest_api=yes + - public_guest_access_regexp=^group/public/.* env_file: - - kopano_kwmserver.env + - kopano_kwmserver.env volumes: - - kopanossl/:/kopano/ssl + - kopanossl/:/kopano/ssl networks: - - web-net + - web-net kopano_meet: image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest} environment: - - SERVICE_TO_START=meet - - KCCONF_MEET_guests_enabled=true - - KCCONF_MEET_disableFullGAB=false + - SERVICE_TO_START=meet + - KCCONF_MEET_guests_enabled=true + - KCCONF_MEET_disableFullGAB=false env_file: - - kopano_meet.env + - kopano_meet.env depends_on: - - kopano_kapi - - kopano_konnect - - kopano_kwmserver - - web + - kopano_kapi + - kopano_konnect + - kopano_kwmserver + - web networks: - - web-net + - web-net kopano_scheduler: image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest} diff --git a/examples/core.yml b/examples/core.yml index f04d09b..7481970 100644 --- a/examples/core.yml +++ b/examples/core.yml @@ -38,7 +38,7 @@ services: retries: 4 networks: - kopano-net - + kopano_ssl: image: ${docker_repo:-zokradonh}/kopano_ssl container_name: kopano_ssl diff --git a/examples/meet-kopano.yml b/examples/meet-kopano.yml index 7381e7f..9f72d33 100644 --- a/examples/meet-kopano.yml +++ b/examples/meet-kopano.yml @@ -14,18 +14,18 @@ services: - FQDN=${FQDN?err} command: wrapper.sh cap_drop: - - ALL + - ALL cap_add: - - NET_BIND_SERVICE - - CHOWN - - SETGID - - SETUID + - NET_BIND_SERVICE + - CHOWN + - SETGID + - SETUID volumes: - web:/.kweb networks: web-net: aliases: - - ${FQDNCLEANED?err} + - ${FQDNCLEANED?err} kopano_ssl: image: ${docker_repo:-zokradonh}/kopano_ssl @@ -73,35 +73,35 @@ services: - /etc/kopano/ssl:/kopano/ssl - /run/kopano:/run/kopano environment: - - FQDN=${FQDN} + - FQDN=${FQDN} networks: - - web-net + - web-net kopano_kwmserver: image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest} container_name: kopano_kwmserver command: wrapper.sh environment: - - INSECURE=${INSECURE} - - oidc_issuer_identifier=https://${FQDN} + - INSECURE=${INSECURE} + - oidc_issuer_identifier=https://${FQDN} volumes: - /etc/kopano/ssl:/kopano/ssl networks: - - web-net + - web-net kopano_meet: image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest} container_name: kopano_meet environment: - - SERVICE_TO_START=meet - - KCCONF_KWEBD_TLS=no + - SERVICE_TO_START=meet + - KCCONF_KWEBD_TLS=no depends_on: - - kopano_kapi - - kopano_konnect - - kopano_kwmserver - - web + - kopano_kapi + - kopano_konnect + - kopano_kwmserver + - web networks: - - web-net + - web-net volumes: web: diff --git a/examples/webapp.yml b/examples/webapp.yml index ab14ec7..1742f96 100644 --- a/examples/webapp.yml +++ b/examples/webapp.yml @@ -14,18 +14,18 @@ services: - FQDN=${FQDN} command: wrapper.sh cap_drop: - - ALL + - ALL cap_add: - - NET_BIND_SERVICE - - CHOWN - - SETGID - - SETUID + - NET_BIND_SERVICE + - CHOWN + - SETGID + - SETUID volumes: - web:/.kweb networks: web-net: aliases: - - ${FQDN} + - ${FQDN} kopano_webapp: image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}