From b71766ecfdb1a5a9602463d0c3aab38ce25e5b50 Mon Sep 17 00:00:00 2001
From: Tomas Nevrlka <tnevrlka@redhat.com>
Date: Mon, 23 Sep 2024 08:56:35 +0200
Subject: [PATCH] ci: migrate yamllint to GitHub Actions

- Container image used in yaml-lint task is outdated and using it causes rate-limiting issues with docker.io
- Remove the task and create a GitHub Action that installs yamllint and then runs it
---
 .github/workflows/yaml-lint.yaml | 15 ++++++++++
 .tekton/pull-request.yaml        | 16 +---------
 .tekton/tasks/yaml-lint.yaml     | 50 --------------------------------
 partners/README.md               |  1 -
 4 files changed, 16 insertions(+), 66 deletions(-)
 create mode 100644 .github/workflows/yaml-lint.yaml
 delete mode 100644 .tekton/tasks/yaml-lint.yaml

diff --git a/.github/workflows/yaml-lint.yaml b/.github/workflows/yaml-lint.yaml
new file mode 100644
index 0000000000..14cb792072
--- /dev/null
+++ b/.github/workflows/yaml-lint.yaml
@@ -0,0 +1,15 @@
+---
+name: yamllint
+on:
+  pull_request:
+    branches: [main]
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install yamllint
+        run: pip install yamllint
+      - name: Lint YAML files
+        run: yamllint .
diff --git a/.tekton/pull-request.yaml b/.tekton/pull-request.yaml
index e3081951d7..52a9948a0b 100644
--- a/.tekton/pull-request.yaml
+++ b/.tekton/pull-request.yaml
@@ -5,8 +5,7 @@ metadata:
   name: build-definitions-pull-request
   annotations:
     pipelinesascode.tekton.dev/on-cel-expression: (event == "pull_request" && target_branch == "main" && ( !has(body.pull_request) || !body.pull_request.draft) ) || (event == "push" && target_branch.startsWith("gh-readonly-queue/main/"))
-    pipelinesascode.tekton.dev/task: "[task/git-clone/0.1/git-clone.yaml, .tekton/tasks/buildah.yaml, .tekton/tasks/yaml-lint.yaml, .tekton/tasks/e2e-test.yaml, task/sast-snyk-check/0.2/sast-snyk-check.yaml]"
-    pipelinesascode.tekton.dev/task-2: "yaml-lint"
+    pipelinesascode.tekton.dev/task: "[task/git-clone/0.1/git-clone.yaml, .tekton/tasks/buildah.yaml, .tekton/tasks/e2e-test.yaml, task/sast-snyk-check/0.2/sast-snyk-check.yaml]"
     pipelinesascode.tekton.dev/max-keep-runs: "5"
 spec:
   params:
@@ -37,17 +36,6 @@ spec:
             value: $(params.revision)
           - name: depth
             value: "0"
-      - name: yaml-lint-check
-        runAfter:
-          - fetch-repository
-        taskRef:
-          name: yaml-lint
-        workspaces:
-          - name: shared-workspace
-            workspace: workspace
-        params:
-        - name: args
-          value: [".", "-c", "/workspace/shared-workspace/source/.yamllint"]
       - name: sast-snyk-check
         runAfter:
           - fetch-repository
@@ -57,8 +45,6 @@ spec:
           - name: workspace
             workspace: workspace
       - name: build-container
-        runAfter:
-          - yaml-lint-check
         params:
           - name: IMAGE
             value: quay.io/konflux-ci/pull-request-builds:appstudio-utils-{{revision}}
diff --git a/.tekton/tasks/yaml-lint.yaml b/.tekton/tasks/yaml-lint.yaml
deleted file mode 100644
index 74c6b8c5ab..0000000000
--- a/.tekton/tasks/yaml-lint.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-apiVersion: tekton.dev/v1
-kind: Task
-metadata:
-  name: yaml-lint
-  labels:
-    app.kubernetes.io/version: "0.1"
-  annotations:
-    tekton.dev/pipelines.minVersion: "0.12.1"
-    tekton.dev/categories: Code Quality
-    tekton.dev/tags: linter
-    tekton.dev/displayName: "YAML linter"
-    tekton.dev/platforms: "linux/amd64"
-spec:
-  description: >-
-    This task can be used to perform lint check on YAML files
-  workspaces:
-    - name: shared-workspace
-      description: A workspace that contains the fetched git repository.
-  params:
-    - name: args
-      type: array
-      description: extra args needs to append
-      default: ["--help"]
-  steps:
-    - name: lint-yaml-files
-      image: docker.io/cytopia/yamllint:1.26@sha256:1bf8270a671a2e5f2fea8ac2e80164d627e0c5fa083759862bbde80628f942b2  # tag: 1.23
-      # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
-      # the cluster will set imagePullPolicy to IfNotPresent
-      workingDir: $(workspaces.shared-workspace.path)/source
-      command:
-        - yamllint
-      args:
-        - $(params.args)
-    - name: ensure-params-not-in-script
-      image: quay.io/konflux-ci/appstudio-utils:ab6b0b8e40e440158e7288c73aff1cf83a2cc8a9@sha256:24179f0efd06c65d16868c2d7eb82573cce8e43533de6cea14fec3b7446e0b14
-      # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
-      # the cluster will set imagePullPolicy to IfNotPresent
-      script: |
-        #!/bin/bash
-        for task in $(find task -name '*.yaml'); do
-          if yq '.spec?.steps[] | .script' $task | grep -q '\$(params\.'; then
-            FAILED_TASKS="$FAILED_TASKS $task"
-          fi
-        done
-        if [ -n "$FAILED_TASKS" ]; then
-          echo "Tasks contains params in script section (https://tekton.dev/docs/pipelines/tasks/#substituting-in-script-blocks)"
-          echo $FAILED_TASKS | tr ' ' '\n' | sort
-          exit 1
-        fi
-      workingDir: $(workspaces.shared-workspace.path)/source
diff --git a/partners/README.md b/partners/README.md
index e65d81540e..d219b6eeeb 100644
--- a/partners/README.md
+++ b/partners/README.md
@@ -20,7 +20,6 @@ Send a pull request to the [build-definitions](https://github.com/konflux-ci/bui
 ### How to debug the CI failures in my submitted Task?
 
 Check the logs of the `check-partner-tasks` Task in the `build-definitions-pull-request` PR check.
-If you see the Task `yaml-lint-check` has failed, then your Task YAML contains yaml-lint errors.
 
 ### Checks