diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 82f9610..2311e26 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,4 +8,4 @@ updates: - package-ecosystem: 'github-actions' # See documentation for possible values directory: '/' # Location of package manifests schedule: - interval: 'weekly' + interval: 'daily' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 771e40c..615da1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: DOCKERHUB_USERNAME: ${{ github.repository_owner }} DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} steps: - - uses: actions/checkout@v3.6.0 + - uses: actions/checkout@v4 - name: Free up disk space uses: ./.github/actions/free-space @@ -132,9 +132,6 @@ jobs: type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-${{ matrix.codename }},mode=max # this will give us some useful information about the build provenance: mode=max - # for PRs the SBOM will be built in Docker Scout - # sbom: true - # depended on the event type, we either push or load the image push: true # outputs: type=image,name=${{ env.REGISTRY_IMAGE }}:${{ matrix.from-version }}-${{ github.head_ref || github.ref_name }},push=true env: @@ -146,12 +143,12 @@ jobs: continue-on-error: true uses: docker/scout-action@v0.23.4 with: - command: recommendations,sbom,compare + command: sbom,compare image: ${{ steps.meta.outputs.tags }} to: ${{ format('{0}/{1}:{2}', env.REGISTRY, env.IMAGE_REPOSITORY, matrix.from-version) }} organization: ${{ github.repository_owner }} ignore-unchanged: true - only-severities: high + only-severities: critical write-comment: ${{ github.actor != 'nektos/act' }} keep-previous-comments: true summary: ${{ github.actor != 'nektos/act' }} diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml index e390d13..9e5367a 100644 --- a/.github/workflows/dockerhub-description.yml +++ b/.github/workflows/dockerhub-description.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@v4 - name: Docker Hub Description - uses: peter-evans/dockerhub-description@v3 + uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 with: username: ${{ github.repository_owner }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index d700175..b9991e1 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -22,7 +22,7 @@ concurrency: permissions: # Give the default GITHUB_TOKEN write permission to commit and push, comment issues & post new PR # Remove the ones you do not need - contents: write + contents: read issues: write pull-requests: write @@ -30,6 +30,8 @@ jobs: build: name: MegaLinter runs-on: ubuntu-latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: # Git Checkout - name: Checkout Code diff --git a/.mega-linter.yml b/.mega-linter.yml index 16308a0..6ae7e39 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -10,7 +10,7 @@ APPLY_FIXES: all # all, none, or list of linter keys SHOW_ELAPSED_TIME: true FILEIO_REPORTER: false # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass -FILTER_REGEX_EXCLUDE: '(tmp/|\\.example|megalinter-reports)' +FILTER_REGEX_EXCLUDE: '(megalinter-reports/)' YAML_V8R_FILTER_REGEX_EXCLUDE: '(\.prettierrc\.yaml)' VALIDATE_ALL_CODEBASE: true SPELL_LYCHEE_FILTER_REGEX_EXCLUDE: '(.github/workflows|\.mega-linter\.yml)' diff --git a/README.md b/README.md index bba0345..fceae1e 100644 --- a/README.md +++ b/README.md @@ -45,19 +45,23 @@ The easiest way is to add those lines in your `~/.actrc`: For further Informations about nektos/arc and how to use it, checkout the [nektos documentation📖](https://nektosact.com/beginner/index.html) -## How I run act on my M2-Max +## How I run act on my M2-Max 💻 - didnt work properly when installed via brew, so I installed it via GitHub-CLI: - `gh extension install https://github.com/nektos/gh-act` + ```bash + gh extension install https://github.com/nektos/gh-act + ``` - set an alias: - `alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"'` + ```bash + alias act='gh act -s GITHUB_TOKEN="$(gh auth token)"' + ``` - export DOCKER_HOST env - ```sh + ```bash DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}') export DOCKER_HOST ``` @@ -66,11 +70,11 @@ For further Informations about nektos/arc and how to use it, checkout the - Advanced: - :heavy_check_mark: Allow the default Docker socket to be used (requires password) + ✔️ Allow the default Docker socket to be used (requires password) - Features in Development: - All Beta Features enabled (containerd, wasm, rosetta and builds view) + ✔️ All Beta Features enabled (containerd, wasm, rosetta and builds view) - `~/.actrc`: @@ -85,8 +89,9 @@ For further Informations about nektos/arc and how to use it, checkout the To execute the mega-linter locally: -```sh +```bash npx mega-linter-runner \ - -e GITHUB_TOKEN=$(gh auth token) \ + --flavor salesforce \ + -e GITHUB_TOKEN="$(gh auth token)" \ --remove-container ``` diff --git a/linux/ubuntu/Dockerfile b/linux/ubuntu/Dockerfile index 46b2437..ec06eda 100644 --- a/linux/ubuntu/Dockerfile +++ b/linux/ubuntu/Dockerfile @@ -49,14 +49,21 @@ RUN sed 's|"||g' -i "/etc/environment" \ # add ssh keys of github and azure devops # hadolint ignore=SC2174 -RUN mkdir -m 0700 -p ~/.ssh \ - && ssh-keyscan -t rsa github.com >>/etc/ssh/ssh_known_hosts \ - && ssh-keyscan -t rsa ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts +RUN ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts \ + && ssh-keyscan ssh.dev.azure.com >>/etc/ssh/ssh_known_hosts + +# Install current version of git +RUN add-apt-repository -y ppa:git-core/ppa \ + && apt-get -y update \ + && apt-get -y install --no-install-recommends git \ + && apt-get clean \ + && rm -rf /etc/apt/sources.list.d/* \ + && rm -rf /var/lib/apt/lists/* # Install dependencies -RUN apt-get -yq update \ +RUN apt-get -y update \ && packages=(gawk sudo jq gnupg-agent ca-certificates software-properties-common apt-transport-https zstd zip unzip xz-utils) \ - && apt-get -yq install --no-install-recommends --no-install-suggests \ + && apt-get -y install --no-install-recommends --no-install-suggests \ "${packages[@]}" \ && apt-get clean \ && rm -rf /etc/apt/sources.list.d/* \ @@ -70,7 +77,7 @@ RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/ilikenwf/apt-fast/ma # Install Git-LFS RUN curl -Ls https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash \ - && apt-get -yq install --no-install-recommends --no-install-suggests \ + && apt-get -y install --no-install-recommends --no-install-suggests \ git-lfs \ && apt-get clean \ && rm -rf /etc/apt/sources.list.d/* \ @@ -81,8 +88,8 @@ RUN echo "deb https://packages.microsoft.com/ubuntu/$(lsb_release -rs)/prod $(ls | tee /etc/apt/sources.list.d/microsoft-prod.list \ && curl -sL https://packages.microsoft.com/keys/microsoft.asc \ | gpg --dearmor >/etc/apt/trusted.gpg.d/microsoft.gpg \ - && apt-get -yq update \ - && apt-get -yq install --no-install-recommends --no-install-suggests \ + && apt-get -y update \ + && apt-get -y install --no-install-recommends --no-install-suggests \ moby-cli \ moby-buildx \ moby-compose \ @@ -108,8 +115,8 @@ RUN export fromVersion=${FROM_VERSION} \ && deps=("libc6" "libgcc1" "libgssapi-krb5-2" "libstdc++6" "zlib1g") \ && if [ "${fromVersion}" = "20.04" ]; then deps+=("libicu66" "libssl1.1"); fi \ && if [ "${fromVersion}" = "22.04" ]; then deps+=("libicu70" "libssl3" "libunwind8"); fi \ - && apt-get -yq update \ - && apt-get -yq install --no-install-recommends \ + && apt-get -y update \ + && apt-get -y install --no-install-recommends \ "${deps[@]}" \ && curl -L https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh \ && chmod +x ./dotnet-install.sh \ @@ -148,8 +155,8 @@ RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg \ && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ && echo "deb [arch=${TARGETARCH} signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" \ | tee /etc/apt/sources.list.d/github-cli.list >/dev/null \ - && apt-get -yq update \ - && apt-get -yq install --no-install-recommends \ + && apt-get -y update \ + && apt-get -y install --no-install-recommends \ gh \ && apt-get clean \ && rm -rf /etc/apt/sources.list.d/* \ @@ -160,8 +167,8 @@ RUN [[ $(curl -sL https://packages.microsoft.com/repos/azure-cli/dists/) =~ $(ls && (curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor >/etc/apt/trusted.gpg.d/microsoft.gpg \ && echo "deb [arch=$(dpkg --print-architecture)] https://packages.microsoft.com/repos/azure-cli/ $(lsb_release -cs) main" \ >/etc/apt/sources.list.d/azure-cli.list \ - && apt-get -yq update \ - && apt-get -yq install --no-install-recommends \ + && apt-get -y update \ + && apt-get -y install --no-install-recommends \ azure-cli \ && az extension add -n azure-devops \ && az bicep install --target-platform "linux-$(cat /tmp/targetproc)" \ @@ -185,10 +192,10 @@ COPY linux/${DISTRO}/toolsets/${FROM_VERSION_MAJOR}${FROM_VERSION_MINOR}.json ${ # install apt packages from toolset # hadolint ignore=SC2207 -RUN apt-get -yq update \ +RUN apt-get -y update \ && packages=() \ && while IFS='' read -r line; do packages+=("${line}"); done < <(jq -r '.apt|.vital_packages[],.common_packages[],.cmd_packages[]' ${TOOLSET}) \ - && apt-get -yq install --no-install-recommends --no-upgrade \ + && apt-get -y install --no-install-recommends --no-upgrade \ "${packages[@]}" \ && apt-get clean \ && rm -rf /etc/apt/sources.list.d/* \ @@ -211,7 +218,7 @@ RUN pwsh -NonInteractive -Command "Set-PSRepository -Name PSGallery -Installatio && while IFS='' read -r azVersion; do echo "installing Az ${azVersion}" && pwsh -NonInteractive -Command "Install-Module -Name Az -RequiredVersion ${azVersion} -Scope AllUsers -Repository PSGallery"; done < <(jq -r '.azureModules[].versions[]' ${TOOLSET}) # cleanup step -RUN apt-get -yq clean \ +RUN apt-get -y clean \ && rm -rf \ /var/cache/* \ /var/log/* \