add docker uds zarf helm lints

defenseunicorns · Aug 20, 2024 · 470e5bc · 470e5bc
1 parent 046a466
commit 470e5bc
Show file tree

Hide file tree

Showing 6 changed files with 223 additions and 4 deletions.
diff --git a/.github/workflows/docker-lint.yaml b/.github/workflows/docker-lint.yaml
@@ -0,0 +1,48 @@
+name: Docker Lint
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "packages"
+      - "Dockerfile.migrations"
+      - ".dockerignore"
+      - ".github/workflows/docker-lint.yaml"
+  pull_request:
+    branches:
+      - "main"
+    paths:
+      - "packages"
+      - "Dockerfile.migrations"
+      - ".dockerignore"
+      - ".github/workflows/docker-lint.yaml"
+
+concurrency:
+  group: docker-lint-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+    name: Lint Docker Manifest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout Repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
+        with:
+          dockerfile: "*Dockerfile*"
+          recursive: true
+          config: .hadolint.yaml
diff --git a/.github/workflows/uds-lint.yaml b/.github/workflows/uds-lint.yaml
@@ -0,0 +1,54 @@
+name: UDS Lint
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "bundles"
+      - "tasks"
+      - "task.yaml"
+      - ".github/workflows/uds-lint.yaml"
+
+  pull_request:
+    branches:
+      - "main"
+    paths:
+      - "bundles"
+      - "tasks"
+      - "task.yaml"
+      - ".github/workflows/uds-lint.yaml"
+
+concurrency:
+  group: uds-lint-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  uds-lint:
+    runs-on: ubuntu-latest
+    name: Lint UDS Manifest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+        with:
+          python-version-file: "pyproject.toml"
+
+      - name: Install jsonschema
+        run: pip install check-jsonschema==0.28.0
+
+      - name: Download UDS Bundle Schema
+        run: curl -o uds.schema.json https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/uds.schema.json
+
+      - name: Validate uds-bundle.yaml
+        run: |
+          check-jsonschema bundles/dev/gpu/uds-bundle.yaml --schemafile uds.schema.json
+          check-jsonschema bundles/dev/cpu/uds-bundle.yaml --schemafile uds.schema.json
+          check-jsonschema bundles/latest/gpu/uds-bundle.yaml --schemafile uds.schema.json
+          check-jsonschema bundles/latest/cpu/uds-bundle.yaml --schemafile uds.schema.json
diff --git a/.github/workflows/zarf-lint.yaml b/.github/workflows/zarf-lint.yaml
@@ -0,0 +1,54 @@
+name: Zarf Lint
+
+on:
+  push:
+    branches:
+    - "main"
+    paths:
+    - "packages"
+    - ".github/workflows/zarf-lint.yaml"
+  pull_request:
+    branches:
+    - "main"
+    paths:
+    - "packages"
+    - ".github/workflows/zarf-lint.yaml"
+
+concurrency:
+  group: zarf-lint-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  zarf-lint:
+    runs-on: ubuntu-latest
+    name: Lint Zarf Manifest
+
+    permissions:
+      contents: read
+
+    steps:
+    - name: Checkout Repo
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+    - name: Set up Python
+      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      with:
+        python-version-file: 'pyproject.toml'
+
+    - name: Download Zarf Package Schema
+      # TODO: renovate setup
+      run: curl -o zarf.schema.json https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/zarf.schema.json
+
+    - name: Install jsonschema
+      run: pip install check-jsonschema==0.28.0
+
+    - name: Validate zarf.yaml
+      run: |
+        check-jsonschema packages/api/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/llama-cpp-python/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/repeater/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/supabase/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/text-embeddings/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/ui/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/vllm/zarf.yaml --schemafile zarf.schema.json
+        check-jsonschema packages/whisper/zarf.yaml --schemafile zarf.schema.json
diff --git a/.gitignore b/.gitignore
@@ -30,6 +30,7 @@ src/leapfrogai_api/config.yaml
 node_modules
 package.json
 package-lock.json
+**/*.schema.json
 
 # local model and tokenizer files
 *.bin

diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -0,0 +1,8 @@
+failure-threshold: error
+# ignore: use of latest, --no-cache-dir, shell usage warning, apt-get list, --no-install-recommends
+ignored:
+  - "DL3007"
+  - "DL3042"
+  - "DL4006"
+  - "DL3009"
+  - "DL3015"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -9,9 +9,6 @@ repos:
         name: Large Files Check
         args: ["--maxkb=1024"]
 
-      - id: check-merge-conflict
-        name: Check for Upstream Merge Conflicts
-
       - id: detect-aws-credentials
         name: Check AWS Credentials
         args:
@@ -59,7 +56,14 @@ repos:
     rev: v0.12.1
     hooks:
       - id: markdownlint-cli2
-        name: Markdown Lint
+        name: Markdown Linti
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.0
+    hooks:
+      - id: hadolint-docker
+        name: Dockerfile Lint
+        args: ["--config", ".hadolint.yaml"]
 
   - repo: local
     hooks:
@@ -76,3 +80,53 @@ repos:
         name: Ruff Lint
       - id: ruff-format # Run the formatter.
         name: Ruff Format
+
+  - repo: https://github.com/gruntwork-io/pre-commit
+    rev: v0.1.23
+    hooks:
+      - id: helmlint
+        name: Helm Lint
+
+  #############
+  # UDS v0.14.0
+  #############
+
+  # ZARF PACKAGE CHECK
+  - repo: local
+    hooks:
+      - id: download-schema
+        name: "Download Zarf Schema"
+        entry: |
+          bash -c 'if [! -f zarf-v0.14.0.schema.json ]; \
+            then curl -o zarf-v0.14.0.schema.json https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/zarf.schema.json; \
+            else exit 0; fi'
+        language: system
+
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.14.0
+    hooks:
+      - id: check-jsonschema
+        name: "Validate Zarf Configs Against Schema"
+        files: "zarf.yaml"
+        types: [yaml]
+        args: ["--schemafile", "zarf-v0.14.0.schema.json"]
+
+  # UDS BUNDLE CHECK
+  - repo: local
+    hooks:
+      - id: download-schema
+        name: "Download UDS Bundle Schema"
+        entry: |
+          bash -c 'if [! -f uds-v0.14.0.schema.json ]; \
+            then curl -o uds-v0.14.0.schema.json https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.14.0/uds.schema.json; \
+            else exit 0; fi'
+        language: system
+
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.14.0
+    hooks:
+      - id: check-jsonschema
+        name: "Validate UDS Bundles Against Schema"
+        files: "uds-bundle.yaml"
+        types: [yaml]
+        args: ["--schemafile", "uds-v0.14.0.schema.json"]