Initial commit

validatedpatterns-sandbox · Feb 28, 2024 · c67cfdc · c67cfdc
commit c67cfdc
Show file tree

Hide file tree

Showing 392 changed files with 158,298 additions and 0 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -0,0 +1,18 @@
+# Vim filetype=yaml
+---
+offline: false
+#requirements: ansible/execution_environment/requirements.yml
+
+exclude_paths:
+  - .cache/
+  - .github/
+  - charts/
+  - common/
+  - tests/
+
+# warn_list:
+#   - yaml
+#   - schema
+#   - experimental
+#   - risky-file-permissions
+#   - var-spacing
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+---
+version: 2
+updates:
+  # Check for updates to GitHub Actions every week
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml
@@ -0,0 +1,8 @@
+[whitelist]
+# As of v4, gitleaks only matches against filename, not path in the
+# files directive.  Leaving content for backwards compatibility.
+files = [
+  "ansible/plugins/modules/*.py",
+  "ansible/tests/unit/test_*.py",
+  "ansible/tests/unit/*.yaml",
+]
diff --git a/.github/linters/.markdown-lint.yml b/.github/linters/.markdown-lint.yml
@@ -0,0 +1,6 @@
+{
+    "default": true,
+    "MD003": false,
+    "MD013": false,
+    "MD033": false
+}
diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
@@ -0,0 +1,17 @@
+name: Ansible Lint # feel free to pick your own name
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Important: This sets up your GITHUB_WORKSPACE environment variable
+      - uses: actions/checkout@v4
+
+      - name: Lint Ansible Playbook
+        uses: ansible/ansible-lint-action@v6
+        # Let's point it to the path
+        with:
+          path: "ansible/"
diff --git a/.github/workflows/jsonschema.yaml b/.github/workflows/jsonschema.yaml
@@ -0,0 +1,72 @@
+---
+name: Verify json schema
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+  jsonschema_tests:
+    # Name the Job
+    name: Json Schema tests
+    strategy:
+      matrix:
+        python-version: [3.11]
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install check-jsonschema
+
+      - name: Install yq
+        uses: chrisdickinson/setup-yq@latest
+        with:
+          yq-version: v4.30.7
+
+      - name: Verify secrets json schema against templates
+        run: |
+          # check-jsonschema needs .yaml as an extension
+          cp ./values-secret.yaml.template ./values-secret.yaml
+          check-jsonschema --schemafile ./common/ansible/roles/vault_utils/values-secrets.v2.schema.json values-secret.yaml
+          rm -f ./values-secret.yaml
+
+      - name: Verify ClusterGroup values.schema.json against values-*yaml files
+        run: |
+          set -e; for i in values-hub.yaml values-group-one.yaml; do
+            echo "$i"
+            # disable shellcheck of single quotes in yq
+            # shellcheck disable=2016
+            yq eval-all '. as $item ireduce ({}; . * $item )' values-global.yaml "$i" > tmp.yaml
+            check-jsonschema --schemafile ./common/clustergroup/values.schema.json tmp.yaml
+            rm -f tmp.yaml
+          done
+
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -0,0 +1,65 @@
+---
+name: Unit tests
+
+#
+# Documentation:
+# https://help.github.com/en/articles/workflow-syntax-for-github-actions
+#
+
+#############################
+# Start the job on all push #
+#############################
+on: [push, pull_request]
+
+###############
+# Set the Job #
+###############
+jobs:
+  build:
+    # Name the Job
+    name: Unit Test Code Base
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    ##################
+    # Load all steps #
+    ##################
+    steps:
+      ##########################
+      # Checkout the code base #
+      ##########################
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+      - name: Setup helm
+        uses: azure/setup-helm@v3
+        with:
+          version: 'v3.13.2'
+        id: install
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      # - name: Lint Code Base
+      #   uses: github/super-linter@v4
+      #   env:
+      #     VALIDATE_ALL_CODEBASE: false
+      #     DEFAULT_BRANCH: main
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run make test
+        run: |
+          make test
+
+      - name: Run make helmlint
+        run: |
+          make helmlint
+
+      # Disable kubeconform for the time being
+      # - name: Run make helm kubeconform
+      #   run: |
+      #     curl -L -O https://github.com/yannh/kubeconform/releases/download/v0.4.13/kubeconform-linux-amd64.tar.gz
+      #     tar xf kubeconform-linux-amd64.tar.gz
+      #     sudo mv -v kubeconform /usr/local/bin
+      #     make kubeconform
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
@@ -0,0 +1,38 @@
+---
+name: Super linter
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    # Name the Job
+    name: Super linter
+    # Set the agent to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          # Full git history is needed to get a proper list of changed files within `super-linter`
+          fetch-depth: 0
+
+      ################################
+      # Run Linter against code base #
+      ################################
+      - name: Lint Code Base
+        uses: github/super-linter/slim@v5
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # These are the validation we disable atm
+          VALIDATE_BASH: false
+          VALIDATE_JSCPD: false
+          VALIDATE_KUBERNETES_KUBECONFORM: false
+          VALIDATE_YAML: false
+          VALIDATE_ANSIBLE: false
+          # VALIDATE_DOCKERFILE_HADOLINT: false
+          # VALIDATE_MARKDOWN: false
+          # VALIDATE_NATURAL_LANGUAGE: false
+          # VALIDATE_TEKTON: false
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,9 @@
+*~
+*.swp
+*.swo
+values-secret*
+.*.expected.yaml
+pattern-vault.init
+vault.init
+super-linter.log
+common/pattern-vault.init
diff --git a/.gitleaks.toml b/.gitleaks.toml
@@ -0,0 +1 @@
+.github/linters/.gitleaks.toml