From 6858cdfb14244ca00e91505eaeafa475b48c9601 Mon Sep 17 00:00:00 2001 From: Eric Searcy Date: Fri, 3 May 2024 21:29:58 -0700 Subject: [PATCH 1/2] Switch from super-linter to MegaLinter Also remove lockfile. Signed-off-by: Eric Searcy --- .flake8 | 5 +++ .github/workflows/license-header-check.yml | 2 +- .github/workflows/mega-linter.yml | 41 ++++++++++++++++++++++ .github/workflows/super-linter.yml | 38 -------------------- .gitignore | 4 +++ .license-header | 2 ++ .mega-linter.yml | 22 ++++++++++++ .ruff.toml | 9 +++++ .yamllint | 13 +++++++ Makefile | 25 +++++++++++++ requirements.txt | 11 ++++++ 11 files changed, 133 insertions(+), 39 deletions(-) create mode 100644 .flake8 create mode 100644 .github/workflows/mega-linter.yml delete mode 100644 .github/workflows/super-linter.yml create mode 100644 .license-header create mode 100644 .mega-linter.yml create mode 100644 .ruff.toml create mode 100644 .yamllint create mode 100644 Makefile create mode 100644 requirements.txt diff --git a/.flake8 b/.flake8 new file mode 100644 index 0000000..f0c2795 --- /dev/null +++ b/.flake8 @@ -0,0 +1,5 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT +[flake8] +max-line-length = 180 +extend-ignore = E203 diff --git a/.github/workflows/license-header-check.yml b/.github/workflows/license-header-check.yml index 76cb2c8..f2ca1f6 100644 --- a/.github/workflows/license-header-check.yml +++ b/.github/workflows/license-header-check.yml @@ -4,7 +4,7 @@ name: License Header Check -'on': [pull_request] +"on": [pull_request] permissions: contents: read diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml new file mode 100644 index 0000000..0ff3557 --- /dev/null +++ b/.github/workflows/mega-linter.yml @@ -0,0 +1,41 @@ +--- +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT + +name: MegaLinter + +"on": + pull_request: null + +permissions: + contents: read + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + megalinter: + name: MegaLinter + runs-on: ubuntu-latest + + permissions: + contents: read + statuses: write + + steps: + # Git Checkout + - name: Checkout Code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # MegaLinter + - name: MegaLinter + id: ml + # Use the Python flavor. + uses: oxsecurity/megalinter/flavors/python@v7 + env: + # All available variables are described in documentation + # https://megalinter.io/configuration/ + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/super-linter.yml b/.github/workflows/super-linter.yml deleted file mode 100644 index 4cf0c83..0000000 --- a/.github/workflows/super-linter.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright The Linux Foundation and each contributor to LFX. -# SPDX-License-Identifier: MIT - -name: Lint - -'on': - pull_request: null - -permissions: - contents: read - -jobs: - build: - name: Lint - runs-on: ubuntu-latest - - permissions: - contents: read - packages: read - # To report GitHub Actions status checks - statuses: write - - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - # super-linter needs the full git history to get the - # list of files that changed across commits - fetch-depth: 0 - - - name: Super-linter - uses: super-linter/super-linter/slim@v6.3.0 - env: - # To report GitHub Actions status checks - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Dependency resolution not supporting Pipfile, apparently. - VALIDATE_PYTHON_PYLINT: "false" diff --git a/.gitignore b/.gitignore index ff68033..c73ab81 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,10 @@ # Copyright The Linux Foundation and each contributor to LFX. # SPDX-License-Identifier: MIT +megalinter-reports +.ruff_cache/ +__pycache__/ + # Normally, committing lockfiles is a best practice. But 1) this is a local # shell utility, run sporadically and 2) committing a lockfile means keeping it # up to date every time there is a security issue. In this case, we're going to diff --git a/.license-header b/.license-header new file mode 100644 index 0000000..0a917f8 --- /dev/null +++ b/.license-header @@ -0,0 +1,2 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000..f408a6b --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,22 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT +--- +DISABLE_LINTERS: + # A self-contained maintaince page is not expected to conform to best + # practices for web site. + - HTML_DJLINT + # Pylint doesn't handle our Pipenv dependencies, and is redundant with ruff. + - PYTHON_PYLINT + # Pyright doesn't handle our pipenv dependencies, plus we aren't using + # static typing. + - PYTHON_PYRIGHT + # Disable dependency security scanning. + - REPOSITORY_GRYPE + - REPOSITORY_TRIVY + - REPOSITORY_TRIVY_SBOM + # cspell is laughably bad at code/comments/etc. + - SPELL_CSPELL + # Link checking more likely to cause false positives than be useful for us. + - SPELL_LYCHEE +GITHUB_COMMENT_REPORTER: false +GITHUB_STATUS_REPORTER: true diff --git a/.ruff.toml b/.ruff.toml new file mode 100644 index 0000000..b2edf84 --- /dev/null +++ b/.ruff.toml @@ -0,0 +1,9 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT + +line-length = 180 +target-version = "py310" + +[lint] +select = ["E", "F", "W"] + diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..67b5bec --- /dev/null +++ b/.yamllint @@ -0,0 +1,13 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT +--- +extends: default +ignore: | + .git + megalinter-reports + __pycache__ + .ruff_cache +rules: + line-length: + max: 120 + level: warning diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c4e7b1f --- /dev/null +++ b/Makefile @@ -0,0 +1,25 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT + +.PHONY: all clean test + +all: requirements.txt + +clean: + rm -Rf __pycache__ .ruff_cache megalinter-reports + +lint: + #docker run --rm --platform linux/amd64 -v '$(CURDIR):/tmp/lint:rw' oxsecurity/megalinter-python:v7 + docker run --rm --platform linux/amd64 -v '$(CURDIR):/tmp/lint:rw' oxsecurity/megalinter:v7 + +test: + @echo "No tests to run ... would you like to 'make lint'?" + +requirements.txt: Pipfile.lock .license-header + cat .license-header > requirements.txt + # Because we are avoiding pinning dep versions, we also prune them from the + # generated requirements.txt file. + pipenv requirements --exclude-markers | sed 's/=.*$$//' >> requirements.txt + +Pipfile.lock: Pipfile + pipenv lock diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..1d43ba7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,11 @@ +# Copyright The Linux Foundation and each contributor to LFX. +# SPDX-License-Identifier: MIT +-i https://pypi.org/simple +boto3 +botocore +jmespath +python-dateutil +s3transfer +six +trieregex +urllib3 From 3fa340926fbd7019f945cb4b0daef047c14066df Mon Sep 17 00:00:00 2001 From: Eric Searcy Date: Mon, 6 May 2024 11:18:49 -0700 Subject: [PATCH 2/2] Fix Makefile to use Python flavor of MegaLinter Signed-off-by: Eric Searcy --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c4e7b1f..13eea55 100644 --- a/Makefile +++ b/Makefile @@ -9,8 +9,7 @@ clean: rm -Rf __pycache__ .ruff_cache megalinter-reports lint: - #docker run --rm --platform linux/amd64 -v '$(CURDIR):/tmp/lint:rw' oxsecurity/megalinter-python:v7 - docker run --rm --platform linux/amd64 -v '$(CURDIR):/tmp/lint:rw' oxsecurity/megalinter:v7 + docker run --rm --platform linux/amd64 -v '$(CURDIR):/tmp/lint:rw' oxsecurity/megalinter-python:v7 test: @echo "No tests to run ... would you like to 'make lint'?"