From 84617984baea8bc85129a26f0b2f380f4f618400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johan=20Bergstro=CC=88m?= Date: Thu, 3 Nov 2022 09:57:05 -0300 Subject: [PATCH] feat: use renovatebot This brings the following improvements: 1. Faster updates 2. Keep lint and test dependencies up to date 3. Keep hadolint up to date Fixes: https://github.com/jbergstroem/hadolint-gh-action/issues/98 Closes: https://github.com/jbergstroem/hadolint-gh-action/pull/96 --- .github/dependabot.yml | 6 ----- .github/matcher-actionlint.json | 17 ++++++++++++ .github/matcher-shellcheck.json | 18 +++++++++++++ .github/renovate.json | 42 +++++++++++++++++++++++++++++ .github/workflows/lint.yml | 48 +++++++++++++++++++-------------- action.yml | 8 +++--- 6 files changed, 109 insertions(+), 30 deletions(-) delete mode 100644 .github/dependabot.yml create mode 100644 .github/matcher-actionlint.json create mode 100644 .github/matcher-shellcheck.json create mode 100644 .github/renovate.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 1230149..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" diff --git a/.github/matcher-actionlint.json b/.github/matcher-actionlint.json new file mode 100644 index 0000000..4613e16 --- /dev/null +++ b/.github/matcher-actionlint.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "actionlint", + "pattern": [ + { + "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$", + "file": 1, + "line": 2, + "column": 3, + "message": 4, + "code": 5 + } + ] + } + ] +} diff --git a/.github/matcher-shellcheck.json b/.github/matcher-shellcheck.json new file mode 100644 index 0000000..a3be8bf --- /dev/null +++ b/.github/matcher-shellcheck.json @@ -0,0 +1,18 @@ +{ + "problemMatcher": [ + { + "owner": "shellcheck", + "pattern": [ + { + "regexp": "^(.+):(\\d+):(\\d+):\\s(note|warning|error):\\s(.*)\\s\\[(SC\\d+)\\]$", + "file": 1, + "line": 2, + "column": 3, + "severity": 4, + "message": 5, + "code": 6 + } + ] + } + ] +} diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..565af4e --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,42 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "baseBranches": ["main"], + "extends": [ + ":separateMajorReleases", + ":rebaseStalePrs", + ":disableRateLimiting", + ":semanticCommits", + "group:allNonMajor" + ], + "enabledManagers": ["dockerfile", "github-actions", "regex"], + "commitMessageAction": "", + "commitMessageTopic": "{{depName}}", + "commitMessageExtra": "{{#if isMajor}}v{{{newMajor}}}{{else}}{{#if isSingleVersion}}v{{{newVersion}}}{{else}}{{{newValue}}}{{/if}}{{/if}}", + "regexManagers": [ + { + "fileMatch": ["^\\.github/workflows/[^/]+\\.yml$"], + "matchStrings": [ + "version: \"(?.*?)\"\\s+run: curl -Ls \"https://github.com/(?.*?)/releases/download.*" + ], + "datasourceTemplate": "github-releases", + "extractVersionTemplate": "^v(?.*)$" + }, + { + "fileMatch": ["^\\.github/workflows/[^/]+\\.yml$"], + "matchStrings": ["node-version: \"(?.*?)\"\\n"], + "depNameTemplate": "actions/node-versions", + "datasourceTemplate": "github-releases" + }, + { + "fileMatch": ["^action\\.yml$"], + "matchStrings": ["version:\\s+default: (?.*?)\\n"], + "depNameTemplate": "hadolint/hadolint", + "datasourceTemplate": "github-releases", + "extractVersionTemplate": "default: (?.*)$" + } + ], + "labels": ["type: dependencies"], + "prBodyTemplate": "{{{header}}}{{{table}}}{{{notes}}}{{{changelogs}}}{{{controls}}}{{{footer}}}", + "prHeader": "", + "prFooter": "" +} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 96754b4..cf34a38 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -4,6 +4,8 @@ on: paths: # actionlint - ".github/workflows/*.yml" + # renovate + - ".github/renovate.json" # prettier - "**.md" - "**.yml" @@ -12,47 +14,53 @@ on: - "**.sh" jobs: + validate-renovate-config: + name: Validate renovate config + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v3.1.0 + - name: validate + uses: rinchsan/renovate-config-validator@v0.0.12 + with: + pattern: ".github/renovate.json" actionlint: - name: actionlint + name: Actionlint runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3.1.0 - name: Install Actionlint env: - ACTIONLINT_VERSION: 1.6.18 - run: | - wget -q -O- "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" | tar -x -z -C . actionlint && \ - mv actionlint /usr/local/bin + version: "1.6.22" + run: curl -Ls "https://github.com/rhysd/actionlint/releases/download/v${{ env.version }}/actionlint_${{ env.version }}_linux_amd64.tar.gz" | sudo tar -x -z -C /usr/local/bin actionlint - name: Run Actionlint run: | - actionlint -format '{{range $err := .}}::error file={{$err.Filepath}},line={{$err.Line}},col={{$err.Column}}::{{$err.Message}}{{end}}' -ignore 'SC2016:' .github/workflows/*.yml - + echo "::add-matcher::.github/matcher-actionlint.json" + actionlint -color prettier: - name: prettier runs-on: ubuntu-22.04 + name: Prettier steps: - uses: actions/checkout@v3.1.0 - uses: actions/setup-node@v3.5.1 with: - node-version: 18 - - name: install prettier + node-version: "18.11.0" + - name: Install prettier run: npm install -g prettier - - name: run prettier + - name: Run prettier run: prettier -c . shellcheck: - name: shellcheck runs-on: ubuntu-22.04 - env: - SHELLCHECK_VERSION: 0.8.0 + name: Shellcheck steps: - uses: actions/checkout@v3.1.0 - - name: install shellcheck + - name: Install Shellcheck + env: + version: "0.8.0" + run: curl -Ls "https://github.com/koalaman/shellcheck/releases/download/v${{ env.version }}/shellcheck-v${{ env.version }}.linux.x86_64.tar.xz" | sudo tar -x -J --wildcards --strip-components=1 -C /usr/local/bin "shellcheck*/shellcheck" + - name: Verify shell scripts run: | - wget -q -O - "https://github.com/koalaman/shellcheck/releases/download/v${{ env.SHELLCHECK_VERSION }}/shellcheck-v${{ env.SHELLCHECK_VERSION }}.linux.x86_64.tar.xz" | tar -x -J --strip-components=1 -C . shellcheck-v${{ env.SHELLCHECK_VERSION }}/shellcheck && \ - sudo mv shellcheck /usr/local/bin/ - - name: verify shell scripts - # shellcheck source path is assumed to be the "root" git directory - run: shellcheck hadolint.sh lib/*.sh test/*.sh + echo "::add-matcher::.github/matcher-shellcheck.json" + shellcheck -f gcc -S warning hadolint.sh lib/*.sh test/*.sh shfmt: name: shfmt runs-on: ubuntu-22.04 diff --git a/action.yml b/action.yml index 0c266e7..d896f1f 100644 --- a/action.yml +++ b/action.yml @@ -4,20 +4,20 @@ author: "Johan Bergström " inputs: dockerfile: + default: "./Dockerfile" description: Path to Dockerfile(s). Accepts shell expansions (`**/Dockerfile`) required: true - default: "./Dockerfile" config_file: description: Path to optional config (hadolint defaults to read `./hadolint.yml` if it exists) required: false error_level: + default: 0 description: Fail CI based on hadolint output (`-1` never, `0` error, `1` warning, `2` info/style) required: false - default: 0 annotate: + default: true description: Annotate code inline in the github PR viewer (`true`/`false`) required: true - default: true output_format: description: Output format (choose between `checkstyle`, `codeclimate`, `gitlab_codeclimate`, `json` or `tty`) required: false @@ -25,8 +25,8 @@ inputs: description: Absolute path to hadolint binary. Left unset means it can be found in `$PATH` required: false version: - description: Use a specific version of Hadolint default: 2.10.0 + description: Use a specific version of Hadolint required: true outputs: