From 072078a403ae4106f87f7225c7188f31ec8b6419 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Sun, 22 Nov 2020 18:10:34 +0100 Subject: [PATCH] Add lint Signed-off-by: CrazyMax --- .golangci.yml | 2 +- .travis.yml | 24 +++-- .yamllint.yml | 13 +++ .../deployment+service.privileged.yaml | 90 ++++++++--------- .../deployment+service.rootless.yaml | 98 +++++++++---------- examples/kubernetes/job.privileged.yaml | 66 ++++++------- examples/kubernetes/job.rootless.yaml | 84 ++++++++-------- examples/kubernetes/pod.privileged.yaml | 40 ++++---- examples/kubernetes/pod.rootless.yaml | 48 ++++----- .../kubernetes/statefulset.privileged.yaml | 40 ++++---- examples/kubernetes/statefulset.rootless.yaml | 50 +++++----- hack/dockerfiles/lint.Dockerfile | 6 +- 12 files changed, 287 insertions(+), 274 deletions(-) create mode 100644 .yamllint.yml diff --git a/.golangci.yml b/.golangci.yml index 52870d7c..650a90aa 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -28,5 +28,5 @@ linters: issues: exclude-rules: - linters: - - golint + - golint text: "stutters" diff --git a/.travis.yml b/.travis.yml index f02f2b2c..d194de69 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,20 +34,20 @@ jobs: script: ./hack/login_ci_cache && ./hack/build_ci_first_pass - stage: testing name: "Client integration tests" - script: + script: - TESTPKGS=./client TESTFLAGS='-v --timeout=20m' ./hack/test integration - TESTPKGS=./cmd/buildctl ./hack/test integration - TESTPKGS=./worker/containerd ./hack/test integration - script: - - ./hack/lint - - SKIP_INTEGRATION_TESTS=1 ./hack/test integration gateway - - ./hack/validate-vendor - - ./hack/validate-generated-files - - ./hack/validate-shfmt - - TESTPKGS=./frontend ./hack/test + - ./hack/lint + - SKIP_INTEGRATION_TESTS=1 ./hack/test integration gateway + - ./hack/validate-vendor + - ./hack/validate-generated-files + - ./hack/validate-shfmt + - TESTPKGS=./frontend ./hack/test name: "Unit Tests & Lint & Vendor & Proto" - script: - - TESTPKGS=./frontend/dockerfile TESTFLAGS='-v --parallel=5 --timeout=30m' ./hack/test + - TESTPKGS=./frontend/dockerfile TESTFLAGS='-v --parallel=5 --timeout=30m' ./hack/test name: "Dockerfile integration tests" - script: TESTPKGS=./frontend/dockerfile ./hack/test dockerfile name: "External Dockerfile tests" @@ -80,9 +80,9 @@ jobs: skip_cleanup: true file_glob: true on: - repo: moby/buildkit - tags: true - condition: $TRAVIS_TAG =~ ^v[0-9] + repo: moby/buildkit + tags: true + condition: $TRAVIS_TAG =~ ^v[0-9] - provider: script script: ./frontend/dockerfile/cmd/dockerfile-frontend/hack/release master mainline $DF_REPO_SLUG_TARGET push on: @@ -107,8 +107,6 @@ jobs: repo: moby/buildkit branch: master condition: $TRAVIS_EVENT_TYPE == "cron" - before_deploy: - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - diff --git a/.yamllint.yml b/.yamllint.yml new file mode 100644 index 00000000..e190c161 --- /dev/null +++ b/.yamllint.yml @@ -0,0 +1,13 @@ +ignore: | + /vendor + +extends: default + +yaml-files: + - '*.yaml' + - '*.yml' + +rules: + truthy: disable + line-length: disable + document-start: disable diff --git a/examples/kubernetes/deployment+service.privileged.yaml b/examples/kubernetes/deployment+service.privileged.yaml index a140d6f1..3029eca3 100644 --- a/examples/kubernetes/deployment+service.privileged.yaml +++ b/examples/kubernetes/deployment+service.privileged.yaml @@ -15,50 +15,50 @@ spec: app: buildkitd spec: containers: - - name: buildkitd - image: moby/buildkit:master - args: - - --addr - - unix:///run/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:1234 - - --tlscacert - - /certs/ca.pem - - --tlscert - - /certs/cert.pem - - --tlskey - - /certs/key.pem -# the probe below will only work after Release v0.6.3 - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 -# the probe below will only work after Release v0.6.3 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true - ports: - - containerPort: 1234 - volumeMounts: - - name: certs - readOnly: true - mountPath: /certs + - name: buildkitd + image: moby/buildkit:master + args: + - --addr + - unix:///run/buildkit/buildkitd.sock + - --addr + - tcp://0.0.0.0:1234 + - --tlscacert + - /certs/ca.pem + - --tlscert + - /certs/cert.pem + - --tlskey + - /certs/key.pem + # the probe below will only work after Release v0.6.3 + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + # the probe below will only work after Release v0.6.3 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + privileged: true + ports: + - containerPort: 1234 + volumeMounts: + - name: certs + readOnly: true + mountPath: /certs volumes: -# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem - - name: certs - secret: - secretName: buildkit-daemon-certs + # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem + - name: certs + secret: + secretName: buildkit-daemon-certs --- apiVersion: v1 kind: Service @@ -68,7 +68,7 @@ metadata: name: buildkitd spec: ports: - - port: 1234 - protocol: TCP + - port: 1234 + protocol: TCP selector: app: buildkitd diff --git a/examples/kubernetes/deployment+service.rootless.yaml b/examples/kubernetes/deployment+service.rootless.yaml index 4addbc79..00f89f73 100644 --- a/examples/kubernetes/deployment+service.rootless.yaml +++ b/examples/kubernetes/deployment+service.rootless.yaml @@ -16,56 +16,56 @@ spec: annotations: container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined -# see buildkit/docs/rootless.md for caveats of rootless mode + # see buildkit/docs/rootless.md for caveats of rootless mode spec: containers: - - name: buildkitd - image: moby/buildkit:master-rootless - args: - - --addr - - unix:///run/user/1000/buildkit/buildkitd.sock - - --addr - - tcp://0.0.0.0:1234 - - --tlscacert - - /certs/ca.pem - - --tlscert - - /certs/cert.pem - - --tlskey - - /certs/key.pem - - --oci-worker-no-process-sandbox -# the probe below will only work after Release v0.6.3 - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 -# the probe below will only work after Release v0.6.3 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: -# To change UID/GID, you need to rebuild the image - runAsUser: 1000 - runAsGroup: 1000 - ports: - - containerPort: 1234 - volumeMounts: - - name: certs - readOnly: true - mountPath: /certs + - name: buildkitd + image: moby/buildkit:master-rootless + args: + - --addr + - unix:///run/user/1000/buildkit/buildkitd.sock + - --addr + - tcp://0.0.0.0:1234 + - --tlscacert + - /certs/ca.pem + - --tlscert + - /certs/cert.pem + - --tlskey + - /certs/key.pem + - --oci-worker-no-process-sandbox + # the probe below will only work after Release v0.6.3 + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + # the probe below will only work after Release v0.6.3 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + # To change UID/GID, you need to rebuild the image + runAsUser: 1000 + runAsGroup: 1000 + ports: + - containerPort: 1234 + volumeMounts: + - name: certs + readOnly: true + mountPath: /certs volumes: -# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem - - name: certs - secret: - secretName: buildkit-daemon-certs + # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem + - name: certs + secret: + secretName: buildkit-daemon-certs --- apiVersion: v1 kind: Service @@ -75,7 +75,7 @@ metadata: name: buildkitd spec: ports: - - port: 1234 - protocol: TCP + - port: 1234 + protocol: TCP selector: app: buildkitd diff --git a/examples/kubernetes/job.privileged.yaml b/examples/kubernetes/job.privileged.yaml index 4d1e9392..352180ef 100644 --- a/examples/kubernetes/job.privileged.yaml +++ b/examples/kubernetes/job.privileged.yaml @@ -7,38 +7,38 @@ spec: spec: restartPolicy: Never initContainers: - - name: prepare - image: alpine:3.10 - command: - - sh - - -c - - "echo FROM hello-world > /workspace/Dockerfile" - volumeMounts: - - name: workspace - mountPath: /workspace + - name: prepare + image: alpine:3.10 + command: + - sh + - -c + - "echo FROM hello-world > /workspace/Dockerfile" + volumeMounts: + - name: workspace + mountPath: /workspace containers: - - name: buildkit - image: moby/buildkit:master - command: - - buildctl-daemonless.sh - args: - - build - - --frontend - - dockerfile.v0 - - --local - - context=/workspace - - --local - - dockerfile=/workspace -# To push the image to a registry, add -# `--output type=image,name=docker.io/username/image,push=true` - securityContext: - privileged: true - volumeMounts: - - name: workspace - readOnly: true - mountPath: /workspace -# To push the image, you also need to create `~/.docker/config.json` secret -# and set $DOCKER_CONFIG to `/path/to/.docker` directory. + - name: buildkit + image: moby/buildkit:master + command: + - buildctl-daemonless.sh + args: + - build + - --frontend + - dockerfile.v0 + - --local + - context=/workspace + - --local + - dockerfile=/workspace + # To push the image to a registry, add + # `--output type=image,name=docker.io/username/image,push=true` + securityContext: + privileged: true + volumeMounts: + - name: workspace + readOnly: true + mountPath: /workspace + # To push the image, you also need to create `~/.docker/config.json` secret + # and set $DOCKER_CONFIG to `/path/to/.docker` directory. volumes: - - name: workspace - emptyDir: {} + - name: workspace + emptyDir: {} diff --git a/examples/kubernetes/job.rootless.yaml b/examples/kubernetes/job.rootless.yaml index 2c9b1af3..7c9941d0 100644 --- a/examples/kubernetes/job.rootless.yaml +++ b/examples/kubernetes/job.rootless.yaml @@ -8,50 +8,50 @@ spec: annotations: container.apparmor.security.beta.kubernetes.io/buildkit: unconfined container.seccomp.security.alpha.kubernetes.io/buildkit: unconfined -# see buildkit/docs/rootless.md for caveats of rootless mode + # see buildkit/docs/rootless.md for caveats of rootless mode spec: restartPolicy: Never initContainers: - - name: prepare - image: alpine:3.10 - command: - - sh - - -c - - "echo FROM hello-world > /workspace/Dockerfile" - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - volumeMounts: - - name: workspace - mountPath: /workspace + - name: prepare + image: alpine:3.10 + command: + - sh + - -c + - "echo FROM hello-world > /workspace/Dockerfile" + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + volumeMounts: + - name: workspace + mountPath: /workspace containers: - - name: buildkit - image: moby/buildkit:master-rootless - env: - - name: BUILDKITD_FLAGS - value: --oci-worker-no-process-sandbox - command: - - buildctl-daemonless.sh - args: - - build - - --frontend - - dockerfile.v0 - - --local - - context=/workspace - - --local - - dockerfile=/workspace -# To push the image to a registry, add -# `--output type=image,name=docker.io/username/image,push=true` - securityContext: -# To change UID/GID, you need to rebuild the image - runAsUser: 1000 - runAsGroup: 1000 - volumeMounts: - - name: workspace - readOnly: true - mountPath: /workspace -# To push the image, you also need to create `~/.docker/config.json` secret -# and set $DOCKER_CONFIG to `/path/to/.docker` directory. + - name: buildkit + image: moby/buildkit:master-rootless + env: + - name: BUILDKITD_FLAGS + value: --oci-worker-no-process-sandbox + command: + - buildctl-daemonless.sh + args: + - build + - --frontend + - dockerfile.v0 + - --local + - context=/workspace + - --local + - dockerfile=/workspace + # To push the image to a registry, add + # `--output type=image,name=docker.io/username/image,push=true` + securityContext: + # To change UID/GID, you need to rebuild the image + runAsUser: 1000 + runAsGroup: 1000 + volumeMounts: + - name: workspace + readOnly: true + mountPath: /workspace + # To push the image, you also need to create `~/.docker/config.json` secret + # and set $DOCKER_CONFIG to `/path/to/.docker` directory. volumes: - - name: workspace - emptyDir: {} + - name: workspace + emptyDir: {} diff --git a/examples/kubernetes/pod.privileged.yaml b/examples/kubernetes/pod.privileged.yaml index 79d37cd4..6285e6bd 100644 --- a/examples/kubernetes/pod.privileged.yaml +++ b/examples/kubernetes/pod.privileged.yaml @@ -4,23 +4,23 @@ metadata: name: buildkitd spec: containers: - - name: buildkitd - image: moby/buildkit:master - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true + - name: buildkitd + image: moby/buildkit:master + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + privileged: true diff --git a/examples/kubernetes/pod.rootless.yaml b/examples/kubernetes/pod.rootless.yaml index 814e225d..ea63b35d 100644 --- a/examples/kubernetes/pod.rootless.yaml +++ b/examples/kubernetes/pod.rootless.yaml @@ -8,27 +8,27 @@ metadata: # see buildkit/docs/rootless.md for caveats of rootless mode spec: containers: - - name: buildkitd - image: moby/buildkit:master-rootless - args: - - --oci-worker-no-process-sandbox - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: -# To change UID/GID, you need to rebuild the image - runAsUser: 1000 - runAsGroup: 1000 + - name: buildkitd + image: moby/buildkit:master-rootless + args: + - --oci-worker-no-process-sandbox + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + # To change UID/GID, you need to rebuild the image + runAsUser: 1000 + runAsGroup: 1000 diff --git a/examples/kubernetes/statefulset.privileged.yaml b/examples/kubernetes/statefulset.privileged.yaml index ce606fe5..f02aee7e 100644 --- a/examples/kubernetes/statefulset.privileged.yaml +++ b/examples/kubernetes/statefulset.privileged.yaml @@ -17,23 +17,23 @@ spec: app: buildkitd spec: containers: - - name: buildkitd - image: moby/buildkit:master - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: - privileged: true + - name: buildkitd + image: moby/buildkit:master + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + privileged: true diff --git a/examples/kubernetes/statefulset.rootless.yaml b/examples/kubernetes/statefulset.rootless.yaml index 10754468..e67c5a0b 100644 --- a/examples/kubernetes/statefulset.rootless.yaml +++ b/examples/kubernetes/statefulset.rootless.yaml @@ -18,30 +18,30 @@ spec: annotations: container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined -# see buildkit/docs/rootless.md for caveats of rootless mode + # see buildkit/docs/rootless.md for caveats of rootless mode spec: containers: - - name: buildkitd - image: moby/buildkit:master-rootless - args: - - --oci-worker-no-process-sandbox - readinessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - livenessProbe: - exec: - command: - - buildctl - - debug - - workers - initialDelaySeconds: 5 - periodSeconds: 30 - securityContext: -# To change UID/GID, you need to rebuild the image - runAsUser: 1000 - runAsGroup: 1000 + - name: buildkitd + image: moby/buildkit:master-rootless + args: + - --oci-worker-no-process-sandbox + readinessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + livenessProbe: + exec: + command: + - buildctl + - debug + - workers + initialDelaySeconds: 5 + periodSeconds: 30 + securityContext: + # To change UID/GID, you need to rebuild the image + runAsUser: 1000 + runAsGroup: 1000 diff --git a/hack/dockerfiles/lint.Dockerfile b/hack/dockerfiles/lint.Dockerfile index e6a337af..6f1fa3be 100644 --- a/hack/dockerfiles/lint.Dockerfile +++ b/hack/dockerfiles/lint.Dockerfile @@ -1,8 +1,10 @@ # syntax=docker/dockerfile:1.1-experimental FROM golang:1.13-alpine -RUN apk add --no-cache gcc musl-dev +RUN apk add --no-cache gcc musl-dev yamllint RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.27.0 WORKDIR /go/src/github.com/moby/buildkit RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache \ - golangci-lint run \ No newline at end of file + golangci-lint run +RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache \ + yamllint -c .yamllint.yml --strict .