diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 000000000..1dd13ed0c --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,9 @@ +# Copyright (c) 2024 IBM Corporation +# SPDX-License-Identifier: Apache-2.0 +# +# Configuration file with rules for the actionlint tool. +# +self-hosted-runner: + # Labels of self-hosted runner that linter should ignore + labels: + - S390X diff --git a/.github/workflows/actionlint.yaml b/.github/workflows/actionlint.yaml new file mode 100644 index 000000000..2b613d624 --- /dev/null +++ b/.github/workflows/actionlint.yaml @@ -0,0 +1,33 @@ +name: Lint GHA workflows + +on: + workflow_dispatch: + pull_request: + types: + - opened + - edited + - reopened + - synchronize + paths: + - '.github/workflows/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + run-actionlint: + env: + GH_TOKEN: ${{ github.token }} + runs-on: ubuntu-24.04 + steps: + - name: Checkout the code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install actionlint gh extension + run: gh extension install https://github.com/cschleiden/gh-actionlint + + - name: Run actionlint + run: gh actionlint diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2711ac640..9bc007c5d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -61,7 +61,7 @@ jobs: export CI="true" sudo -E env PATH="$PATH" make test | tee tests_report.txt sudo chmod o+rw tests_report.txt - cat tests_report.txt | $(go env GOPATH)/bin/go-junit-report -set-exit-code > tests_report_junit.xml + < tests_report.txt "$(go env GOPATH)/bin/go-junit-report" -set-exit-code > tests_report_junit.xml shell: bash - name: Upload tests report uses: actions/upload-artifact@v4 diff --git a/.github/workflows/csi_wrapper_images.yaml b/.github/workflows/csi_wrapper_images.yaml index 5a39880c3..a41d1b5bd 100644 --- a/.github/workflows/csi_wrapper_images.yaml +++ b/.github/workflows/csi_wrapper_images.yaml @@ -14,7 +14,6 @@ on: required: false type: string image_tags: - default: '' description: 'Comma-separated list of tags for the dev built image (e.g. latest,ci-dev). By default uses the values from src/cloud-api-adaptor/hack/build.sh' required: true type: string diff --git a/.github/workflows/daily-e2e-tests-ibmcloud.yaml b/.github/workflows/daily-e2e-tests-ibmcloud.yaml index 7e3463dd5..e55d569ee 100644 --- a/.github/workflows/daily-e2e-tests-ibmcloud.yaml +++ b/.github/workflows/daily-e2e-tests-ibmcloud.yaml @@ -42,10 +42,10 @@ jobs: ibmcloud plugin install cloud-object-storage -f - name: Config IBM COS run: | - ibmcloud cos config crn --crn $crn --force | grep -v ^FAILED$ || exit 1 + ibmcloud cos config crn --crn "$crn" --force | grep -v ^FAILED$ || exit 1 ibmcloud cos config auth --method HMAC | grep -v ^FAILED$ || exit 1 - echo -e $access_key_id "\n" $secret_access_key | ibmcloud cos config hmac - ibmcloud cos config endpoint-url --url $endpoint | grep -v ^FAILED$ || exit 1 + echo -e "$access_key_id" "\n" "$secret_access_key" | ibmcloud cos config hmac + ibmcloud cos config endpoint-url --url "$endpoint" | grep -v ^FAILED$ || exit 1 ibmcloud cos config list env: crn: ${{ secrets.IBM_E2E_COS_CRN }} @@ -55,21 +55,21 @@ jobs: - name: Check e2e test result run: | date_name=$(date +"%y%m%d") - echo $date_name - log_name=$(ibmcloud cos objects --bucket $bucket_name |grep $date_name |grep ${{matrix.type}} | awk 'END { print $1 }') - echo $log_name - ibmcloud cos object-get --bucket daily-e2e-test-bucket --key=$log_name $log_name - cat $log_name - last_line=$(awk 'END {print}' $log_name) + echo "$date_name" + log_name=$(ibmcloud cos objects --bucket "$bucket_name" |grep "$date_name" |grep ${{matrix.type}} | awk 'END { print $1 }') + echo "$log_name" + ibmcloud cos object-get --bucket daily-e2e-test-bucket --key="$log_name" "$log_name" + cat "$log_name" + last_line=$(awk 'END {print}' "$log_name") if [[ $last_line = "Finished: SUCCESS" ]]; then echo "ibmcloud e2e test (${{matrix.type}}) is passed." else echo "ibmcloud e2e test (${{matrix.type}}) is failed." exit 2 fi - caa_commitid=$(cat $log_name | grep -oP 'CAA commit_id: \K\S+') + caa_commitid=$(< "$log_name" grep -oP 'CAA commit_id: \K\S+') echo "The CAA commit_id: ${caa_commitid}" - echo ${caa_commitid} > caa_commitid + echo "${caa_commitid}" > caa_commitid env: bucket_name : "daily-e2e-test-bucket" - name: Login to Quay container Registry @@ -102,9 +102,9 @@ jobs: echo "${podvm_docker_name} exists." else echo "downloading ${podvm_image_tar_name}" - ibmcloud cos object-get --bucket daily-e2e-test-bucket --key=$podvm_image_tar_name $podvm_image_tar_name - docker load -i $podvm_image_tar_name - docker push ${podvm_docker_name} + ibmcloud cos object-get --bucket daily-e2e-test-bucket --key="$podvm_image_tar_name" "$podvm_image_tar_name" + docker load -i "$podvm_image_tar_name" + docker push "${podvm_docker_name}" echo "${podvm_docker_name} is pushed" fi fi @@ -112,8 +112,8 @@ jobs: echo "Checking built out generic fedora s390x se enabled docker image" podvm_image_tar_name="podvm-generic-fedora-s390x-se-${caa_commit_id}.tar" echo "Checkouting commit: ${caa_commit_id}" - git checkout ${caa_commit_id} - image_tag=`sha256sum src/cloud-api-adaptor/versions.yaml | awk -F " " '{ print $1 }'` + git checkout "${caa_commit_id}" + image_tag=$(sha256sum src/cloud-api-adaptor/versions.yaml | awk -F " " '{ print $1 }') echo "fedora s390x se image tag: $image_tag" podvm_docker_name="quay.io/confidential-containers/podvm-generic-fedora-s390x-se:${image_tag}" manifest_url="https://quay.io/v2/confidential-containers/podvm-generic-fedora-s390x-se/manifests/${image_tag}" @@ -122,11 +122,11 @@ jobs: echo "${podvm_docker_name} exists." else echo "downloading ${podvm_image_tar_name}" - ibmcloud cos object-get --bucket daily-e2e-test-bucket --key=$podvm_image_tar_name $podvm_image_tar_name - docker load -i $podvm_image_tar_name + ibmcloud cos object-get --bucket daily-e2e-test-bucket --key="$podvm_image_tar_name" "$podvm_image_tar_name" + docker load -i "$podvm_image_tar_name" echo "show docker images" docker images - echo docker push ${podvm_docker_name} + echo docker push "${podvm_docker_name}" echo "${podvm_docker_name} is pushed" fi fi diff --git a/.github/workflows/e2e_libvirt.yaml b/.github/workflows/e2e_libvirt.yaml index 9391982eb..7de7111b6 100644 --- a/.github/workflows/e2e_libvirt.yaml +++ b/.github/workflows/e2e_libvirt.yaml @@ -75,7 +75,7 @@ jobs: - name: Extract qcow2 from ${{ inputs.podvm_image }} run: | qcow2=$(echo ${{ inputs.podvm_image }} | sed -e "s#.*/\(.*\):.*#\1.qcow2#") - ./hack/download-image.sh ${{ inputs.podvm_image }} . -o ${qcow2} --clean-up + ./hack/download-image.sh ${{ inputs.podvm_image }} . -o "${qcow2}" --clean-up echo "PODVM_QCOW2=$(pwd)/${qcow2}" >> "$GITHUB_ENV" # Clean up docker images to make space docker system prune -a -f diff --git a/.github/workflows/e2e_run_all.yaml b/.github/workflows/e2e_run_all.yaml index 61018ef9f..a73560a9e 100644 --- a/.github/workflows/e2e_run_all.yaml +++ b/.github/workflows/e2e_run_all.yaml @@ -127,7 +127,7 @@ jobs: providers=(${{ env.PROVIDERS }}) # If there aren't providers then something is wrong [[ ${#providers[@]} -gt 0 ]] || exit 1 - for provider in ${providers[@]}; do + for provider in "${providers[@]}"; do img="${E2E_IMG_REGISTRY}/cloud-api-adaptor" tag="${E2E_IMG_RELEASE_TAG}" [[ "$provider" = "libvirt" ]] && tag="${E2E_IMG_DEV_TAG}" diff --git a/.github/workflows/peerpod-ctrl_image.yaml b/.github/workflows/peerpod-ctrl_image.yaml index ef132572c..92f4bb875 100644 --- a/.github/workflows/peerpod-ctrl_image.yaml +++ b/.github/workflows/peerpod-ctrl_image.yaml @@ -14,7 +14,6 @@ on: required: false type: string image_tags: - default: '' description: 'Comma-separated list of tags for the dev built image (e.g. latest,ci-dev). By default uses the values from hack/build.sh' required: true type: string diff --git a/.github/workflows/podvm_mkosi_image.yaml b/.github/workflows/podvm_mkosi_image.yaml index c6ed51ab8..e985c91da 100644 --- a/.github/workflows/podvm_mkosi_image.yaml +++ b/.github/workflows/podvm_mkosi_image.yaml @@ -40,7 +40,7 @@ jobs: run: | git clone -b v22 https://github.com/systemd/mkosi sudo rm /usr/local/bin/mkosi | true - sudo ln -s $PWD/mkosi/bin/mkosi /usr/local/bin/mkosi + sudo ln -s "$PWD/mkosi/bin/mkosi" /usr/local/bin/mkosi mkosi --version - name: Build builder diff --git a/.github/workflows/test-images.yaml b/.github/workflows/test-images.yaml index b6de32c3f..654382d7b 100644 --- a/.github/workflows/test-images.yaml +++ b/.github/workflows/test-images.yaml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@v4 - id: set-matrix - run: echo "MATRIX=$(ls test/e2e/fixtures/Dockerfile.* | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_ENV + run: echo "MATRIX=$(find test/e2e/fixtures/Dockerfile.* | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_ENV" build: name: Create Test Images needs: list-dockerfiles @@ -56,12 +56,8 @@ jobs: id: docker-tag shell: bash run: | - for path in "${{matrix.targets}}"; do - file_name=$(basename "$path") - name="${file_name##*.}" - output_paths+=("${name,,}") - done - echo "DOCKER_TAG=${output_paths[*]}" >> $GITHUB_ENV + file_name=$(basename "${{matrix.targets}}") + echo "DOCKER_TAG=${file_name##*.}" >> "$GITHUB_ENV" - name: Build and push uses: docker/build-push-action@v6 with: diff --git a/.github/workflows/webhook_image.yaml b/.github/workflows/webhook_image.yaml index 981d7e44b..0ba4a911a 100644 --- a/.github/workflows/webhook_image.yaml +++ b/.github/workflows/webhook_image.yaml @@ -13,7 +13,6 @@ on: required: false type: string image_tags: - default: '' description: 'Comma-separated list of tags for the dev built image (e.g. latest,ci-dev). By default uses the values from hack/build.sh' required: true type: string @@ -71,7 +70,7 @@ jobs: latest=1 else echo "::group::Build and push tag ${t}" - make docker-load docker-push IMG=${{ inputs.registry }}/peer-pods-webhook:${t} + make docker-load docker-push IMG="${{ inputs.registry }}/peer-pods-webhook:${t}" echo "::endgroup::" fi done