#534: Add yaml linter (#543)

finos · Nov 22, 2024 · e9c54b3 · e9c54b3
1 parent f7e93b4
commit e9c54b3
Show file tree

Hide file tree

Showing 50 changed files with 869 additions and 694 deletions.
diff --git a/.config/.markdownlint.yaml b/.config/.markdownlint.yaml
@@ -84,7 +84,7 @@ MD022:
 MD023: true
 
 # MD024/no-duplicate-heading : Multiple headings with the same content : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md024.md
-MD024: 
+MD024:
   siblings_only: true
 
 # MD025/single-title/single-h1 : Multiple top-level headings in the same document : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md025.md
@@ -246,4 +246,4 @@ MD055:
   style: "consistent"
 
 # MD056/table-column-count : Table column count : https://github.com/DavidAnson/markdownlint/blob/v0.34.0/doc/md056.md
-MD056: true
+MD056: true
diff --git a/.config/.yamllint b/.config/.yamllint
@@ -0,0 +1,15 @@
+extends: relaxed
+
+ignore:
+  - .config
+  - .gitvote.yml
+
+rules:
+  indentation:
+    level: error
+    spaces: 2 # Enforce 2 spaces for indentation
+  line-length:
+    level: error
+    max: 120 # Allow up to 120 characters per line
+  new-lines:
+    type: unix
diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml
@@ -10,14 +10,14 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-      
+
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: '16'
-  
+          node-version: "16"
+
       - name: Install Prettier
         run: npm install --save-dev prettier
-  
+
       - name: Check formatting with Prettier
-        run: npx prettier --check "**/*.md" --config ./.config/.prettierrc
+        run: npx prettier --check "**/*.md" --config ./.config/.prettierrc
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
@@ -13,6 +13,6 @@ jobs:
         id: lychee
         uses: lycheeverse/lychee-action@v1
         with:
-            args: --base . --verbose --no-progress './**/*.md'
-            output: lychee/results.md
-            token: ${{ secrets.GITHUB_TOKEN }}
+          args: --base . --verbose --no-progress './**/*.md'
+          output: lychee/results.md
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/linting-check.yml b/.github/workflows/linting-check.yml
@@ -20,4 +20,25 @@ jobs:
         run: npm install -g markdownlint-cli
 
       - name: Run markdownlint
-        run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
+        run: markdownlint '**/*.md' --config ./.config/.markdownlint.yaml
+
+  yaml-lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.x" # Use any compatible Python 3 version
+
+      - name: Install yamllint
+        run: |
+          python -m pip install --upgrade pip
+          pip install yamllint
+
+      - name: Run yamllint
+        run: |
+          yamllint -c ./.config/.yamllint .
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -10,17 +10,18 @@ jobs:
     permissions:
       pull-requests: write
       contents: read
-      
+
   run-linting-check:
-      uses: ./.github/workflows/linting-check.yml
-      permissions:
-        pull-requests: write
+    uses: ./.github/workflows/linting-check.yml
+    permissions:
+      pull-requests: write
 
   link-checker:
-        uses: ./.github/workflows/links.yml
-        permissions:
-          pull-requests: write
-          contents: read
+    uses: ./.github/workflows/links.yml
+    permissions:
+      pull-requests: write
+      contents: read
+
   yaml-checker:
     uses: ./.github/workflows/yaml-check.yml
     permissions:
@@ -32,4 +33,3 @@ jobs:
     permissions:
       pull-requests: write
       contents: read
-
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -4,10 +4,10 @@ on:
   workflow_dispatch:
     inputs:
       build_target:
-        description: 'Build Target (e.g storage/object)'
+        description: "Build Target (e.g storage/object)"
         required: true
       tag:
-        description: 'Tag for this release'
+        description: "Tag for this release"
         required: true
 
 # TODO: Add in pre-release tag to distinguish whether or not we want to have an official release
@@ -27,13 +27,13 @@ jobs:
 
       - name: Install dependencies
         run: go mod download
-  
+
       - name: Get Build Target
         id: process_target
         run: |
           # Read the input for a single build target
           build_target="${{ github.event.inputs.build_target }}"
-          
+
           # Print and save the build target
           echo "Build target: $build_target"
           echo "target=$build_target" >> $GITHUB_OUTPUT
@@ -46,12 +46,12 @@ jobs:
           go run . "yaml" --build-target $build_target
           go run . "md" --build-target $build_target
           go run . "release-notes" --build-target $build_target
-          
+
           # Create PDF files from MD files
           echo "Converting MD file to PDF"
           for md_file in ./artifacts/*.md; do
             filename=$(basename "$md_file" .md)
-            
+
             # Check if the filename contains "release-notes"
             if [[ $filename != *"release_notes"* ]]; then
                 echo "Converting $md_file to $filename.pdf"
@@ -61,7 +61,6 @@ jobs:
             fi
           done
 
-      
       - name: Upload Artifacts
         uses: actions/[email protected]
         with:
@@ -104,4 +103,4 @@ jobs:
               -H "Content-Type: application/octet-stream" \
               --data-binary @"$file" \
               "${{ steps.create_release.outputs.upload_url }}=$filename&label=$filename"
-          done
+          done
diff --git a/.github/workflows/sonatype_scan.yaml b/.github/workflows/sonatype_scan.yaml
@@ -1,9 +1,8 @@
-
 name: Sonatype SCA Scanning
 on:
   workflow_dispatch:
   pull_request_target:
-    paths: 
+    paths:
       - "**.go"
       - "**/go.mod"
       - "**/go.sum"
@@ -44,4 +43,3 @@ jobs:
           sbom-standard: spdx
           sbom-version: 2.3
           artifact-name: ${{ env.SonatypeAppId }}-sonatype-bom
-
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -7,27 +7,29 @@ name: Mark stale issues and pull requests
 
 on:
   schedule:
-  - cron: '18 22 * * *'
+    - cron: "18 22 * * *"
 
 jobs:
   stale:
-
     runs-on: ubuntu-latest
     permissions:
       issues: write
       pull-requests: write
 
     steps:
-    - uses: actions/stale@v5
-      with:
-        repo-token: ${{ secrets.GITHUB_TOKEN }}
-        stale-issue-label: stale
-        stale-pr-label: stale
-        labels-to-remove-when-unstale: stale
-        days-before-stale: 30
-        days-before-close: 7
-        exempt-issue-labels: longstanding issue
-        stale-issue-message: This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
-        stale-pr-message: This issue will be closed as stale in 7 days. If this issue is blocked, please tag or assign the appropriate party to move this forward.
-        close-issue-message: Closed as stale. An update may reopen this issue.
-        close-pr-message: Closed as stale. An update may reopen this PR.
+      - uses: actions/stale@v5
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-label: stale
+          stale-pr-label: stale
+          labels-to-remove-when-unstale: stale
+          days-before-stale: 30
+          days-before-close: 7
+          exempt-issue-labels: longstanding issue
+          stale-issue-message: |
+            This issue will be closed as stale in 7 days. Please update this issue if it is still needed.
+          stale-pr-message: |
+            This issue will be closed as stale in 7 days. If this issue is blocked,
+            please tag or assign the appropriate party to move this forward.
+          close-issue-message: Closed as stale. An update may reopen this issue.
+          close-pr-message: Closed as stale. An update may reopen this PR.
diff --git a/.github/workflows/stale_meeting.yml b/.github/workflows/stale_meeting.yml
@@ -1,8 +1,8 @@
 name: Auto Close Stale Meeting Issues
 
 on:
-    schedule:
-    - cron: '18 22 * * *'
+  schedule:
+    - cron: "18 22 * * *"
 
 jobs:
   close-stale-meeting:

diff --git a/.github/workflows/todo-check.yml b/.github/workflows/todo-check.yml
@@ -1,7 +1,7 @@
 name: TODO Checker
 
 on:
-    workflow_call:
+  workflow_call:
 
 jobs:
   find-todos:
@@ -11,8 +11,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Check for TODOs in services directory         
+      - name: Check for TODOs in services directory
         uses: damienjburks/[email protected]
-        with: 
+        with:
           path: "./services"
-
diff --git a/.github/workflows/yaml-check.yml b/.github/workflows/yaml-check.yml
@@ -1,7 +1,7 @@
 name: YAML Check
 
 on:
-    workflow_call:
+  workflow_call:
 
 jobs:
   yaml-check:
@@ -14,10 +14,10 @@ jobs:
       - name: Validate YAML Schema
         uses: InoUno/yaml-ls-check@develop
         with:
-            schemaMapping: |
-              {
-                "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
-                "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
-                "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
-                "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
-              }
+          schemaMapping: |
+            {
+              "schemas/controls-schema.json": [ "services/**/controls.yml", "services/**/controls.yaml" ],
+              "schemas/features-schema.json": [ "services/**/features.yml", "services/**/features.yaml" ],
+              "schemas/metadata-schema.json": [ "services/**/metadata.yml", "services/**/metadata.yaml" ],
+              "schemas/threats-schema.json": [ "services/**/threats.yml", "services/**/threats.yaml" ]
+            }
diff --git a/.gitvote.yml b/.gitvote.yml
@@ -12,4 +12,4 @@ profiles:
     periodic_status_check: null
 
     # Close vote on passing
-    close_on_passing: true
+    close_on_passing: true
diff --git a/docs/resources/templates/controls.yaml b/docs/resources/templates/controls.yaml
@@ -23,4 +23,4 @@ controls:
           - tlp_clear
           - tlp_green
           - tlp_amber
-          - tlp_red
+          - tlp_red
diff --git a/docs/resources/templates/metadata.yaml b/docs/resources/templates/metadata.yaml
@@ -19,4 +19,4 @@ release_details:
     contributors:
       - name: <Your First and Last Name>
         github_id: <Your GitHub Id>
-        company: <Your company name>
+        company: <Your company name>
diff --git a/docs/resources/templates/threats.yaml b/docs/resources/templates/threats.yaml
@@ -6,6 +6,6 @@ threats:
     description: <Complete description of the threat>
     features:
       - CCC.<category-id>.F<#>
-    mitre_technique: 
+    mitre_technique:
       - <Mitre ATT&CK tactic ID>
       - <Mitre ATT&CK technique ID>