diff --git a/.editorconfig b/.editorconfig index 1166a4a..b53e68c 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,6 +1,3 @@ -# EditorConfig is awesome: https://EditorConfig.org - -# top-most EditorConfig file root = true [*] @@ -9,4 +6,7 @@ indent_size = 2 end_of_line = lf charset = utf-8 trim_trailing_whitespace = true -insert_final_newline = false \ No newline at end of file +insert_final_newline = false + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitignore b/.gitignore index cdcaed9..ba69fff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ -*.tgz +charts +node_modules +target values2.yml -values2.yaml \ No newline at end of file +values2.yaml +*.tgz diff --git a/.helmignore b/.helmignore index 22b5ff9..a954747 100644 --- a/.helmignore +++ b/.helmignore @@ -2,6 +2,7 @@ # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store + # Common VCS dirs .git/ .gitignore @@ -10,23 +11,50 @@ .hg/ .hgignore .svn/ + # Common backup files *.swp *.bak *.tmp *.orig *~ + # Various IDEs .project .idea/ *.tmproj .vscode/ + # drone .drone.yml -# markdownlint -.markdownlint.yaml + +# editorconfig +.editorconfig + # customized values values2.yml values2.yaml + # helm packages -*.tgz \ No newline at end of file +*.tgz +.helmignore +unittests + +# markdownlint +.markdownlint.yml +.markdownlint.yaml +.markdownlintignore + +# npm +.prettierignore +.npmrc +package* + +# yamllint +.yamllint.yaml + +# Others +CONTRIBUTING.md +CODEOWNERS +Makefile +renovate.json diff --git a/.markdownlint.yaml b/.markdownlint.yaml index c158976..5156987 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -45,9 +45,9 @@ MD012: # MD013/line-length - Line length MD013: # Number of characters - line_length: 80 + line_length: 120 # Number of characters for headings - heading_line_length: 80 + heading_line_length: 120 # Number of characters for code blocks code_block_line_length: 80 # Include code blocks @@ -56,8 +56,6 @@ MD013: tables: false # Include headings headings: true - # Include headings - headers: true # Strict length checking strict: false # Stern length checking @@ -73,7 +71,7 @@ MD022: # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content MD024: # Only check sibling headings - allow_different_nesting: true + siblings_only: true # MD025/single-title/single-h1 - Multiple top-level headings in the same document MD025: @@ -128,8 +126,22 @@ MD041: # MD044/proper-names - Proper names should have the correct capitalization MD044: # List of proper names - # names: - # - drone + names: + - Git + - GitDevOps + - Gitea + - GitHub + - GitLab + - GitOps + - kube-prometheus-stack + - Memcached + - Oracle + - ORBIS U + - PostgreSQL + - Prometheus + - prometheus-exporter + - SSL + - TLS # Include code blocks code_blocks: false @@ -141,4 +153,4 @@ MD046: # MD048/code-fence-style - Code fence style MD048: # Code fence syle - style: "backtick" \ No newline at end of file + style: "backtick" diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..9fe4803 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1,4 @@ +.github/ +Chart.lock +charts/ +node_modules/ \ No newline at end of file diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..b6f27f1 --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +engine-strict=true diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..fafeafa --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +Chart.lock \ No newline at end of file diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..90128be --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,20 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..af45fc8 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @volker.raschek diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..6347fe2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,82 @@ +# Contributing + +I am very happy if you would like to provide a pull request 👍 + +The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR). + +1. [Valid Git commits](#valid-git-commits) + +## Valid Git commits + +### Commit message + +The repository is subject to a strict commit message template. This states that there are several types of commits. For +example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below. + +| type | description | +| ------------------- | ----------------------------------------------------------------- | +| `feat` | New feature. | +| `fix` | Fixes a bug. | +| `refac` | Refactoring production code. | +| `style` | Fixes formatting issues. No production code change. | +| `docs` | Adapt documentation. No production code change. | +| `test` | Adds new or modifies existing tests. No production code change. | +| `chore` | Updating grunt tasks. Is everything which the user does not see. | + +Based on these types, commit messaged can then be created. Here are a few examples: + +```text +style(README): Wrong indentation +feat(deployment): support restartPolicy +fix(my-app): Add missing volume +docs(CONTRIBUTING): Describe how to commit correctly +``` + +This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a +pull request PR to be combined into one commit (squashing). + +### Smart commits + +Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of +commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only +needs to be added to the merge commit. + +This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history +of a merge without having to select individual commits. The following history illustrates the correct use of smart commits. + +```text +* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers +|\ +| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes +| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers +| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers +|/ +* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers +``` + +### Commit signing + +Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker +can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the +Linux kernel. + +```bash +git config --global user.name 'Linux Torvalds' +git config --global user.email 'torvalds@linux-foundation.org' +``` + +To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct +delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed +commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked. + +The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail +address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account. +Otherwise will be marked the Git commit as *Unverified*. + +1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) +2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) + +Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed. + +Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For +example an external USB drive. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e3813d0 --- /dev/null +++ b/Makefile @@ -0,0 +1,107 @@ +# CONTAINER_RUNTIME +CONTAINER_RUNTIME?=$(shell which podman) + +# HELM_IMAGE +HELM_IMAGE_REGISTRY_HOST?=docker.io +HELM_IMAGE_REPOSITORY=volkerraschek/helm +HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm +HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} + +# MARKDOWNLINKCHECKER_IMAGE +MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST?=ghcr.io +MARKDOWNLINKCHECK_IMAGE_REPOSITORY=tcort/markdown-link-check +MARKDOWNLINKCHECK_IMAGE_VERSION?=3.12.2 # renovate: datasource=docker registryUrl=https://ghcr.io depName=tcort/markdown-link-check +MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED=${MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST}/${MARKDOWNLINKCHECK_IMAGE_REPOSITORY}:${MARKDOWNLINKCHECK_IMAGE_VERSION} + +# NODE_IMAGE +NODE_IMAGE_REGISTRY_HOST?=docker.io +NODE_IMAGE_REPOSITORY=library/node +NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node +NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} + +# MISSING DOT +# ============================================================================== +missing-dot: + grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml + +# CONTAINER RUN - README +# ============================================================================== +PHONY+=container-run/readme +container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters + +container-run/readme/link: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:link + +container-run/readme/lint: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:lint + +container-run/readme/parameters: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:parameters + +# CONTAINER RUN - HELM UNITTESTS +# ============================================================================== +PHONY+=container-run/helm-unittests +container-run/helm-unittests: + ${CONTAINER_RUNTIME} run \ + --env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ + --env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + unittest --strict --file 'unittests/**/*.yaml' ./ + +# CONTAINER RUN - HELM UPDATE DEPENDENCIES +# ============================================================================== +PHONY+=container-run/helm-update-dependencies +container-run/helm-update-dependencies: + ${CONTAINER_RUNTIME} run \ + --env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ + --env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + dependency update + +# CONTAINER RUN - MARKDOWN-LINT +# ============================================================================== +PHONY+=container-run/helm-lint +container-run/helm-lint: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + lint --values values.yaml . + +# CONTAINER RUN - MARKDOWN-LINK-CHECK +# ============================================================================== +PHONY+=container-run/markdown-link-check +container-run/markdown-link-check: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):/work \ + ${MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED} \ + *.md + +# PHONY +# ============================================================================== +# Declare the contents of the PHONY variable as phony. We keep that information +# in a variable so we can use it in if_changed. +.PHONY: ${PHONY} \ No newline at end of file diff --git a/README.md b/README.md index d3d5df7..695a994 100644 --- a/README.md +++ b/README.md @@ -3,15 +3,13 @@ [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) -This helm chart contains a daemonset to deploy a fail2ban metric exporter on -kubernetes nodes, which have fail2ban locally installed and configured. +This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban +locally installed and configured. -The fail2ban exporter was repackaged to make it possible to deploy the -application on kubernetes. The forked fail2ban exporter can be found -[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter). +The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban +exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter). -This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and -can be installed via helm. +This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm. ```bash helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek @@ -22,6 +20,5 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp All [configuration options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12) -can be defined in the `values.yml` file below the `config` section. -Alternatively can be the options passed via the `--set` flag of the `helm -install` command. +can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the +`--set` flag of the `helm install` command. diff --git a/package.json b/package.json new file mode 100644 index 0000000..9647e6c --- /dev/null +++ b/package.json @@ -0,0 +1,21 @@ +{ + "name": "prometheus-fail2ban-exporter-chart", + "homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git", + "license": "MIT", + "private": true, + "engineStrict": true, + "engines": { + "node": ">=16.0.0", + "npm": ">=8.0.0" + }, + "scripts": { + "readme:link": "markdown-link-check *.md", + "readme:lint": "markdownlint *.md -f", + "readme:parameters": "readme-generator -v values.yaml -r README.md" + }, + "devDependencies": { + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdown-link-check": "^3.13.6", + "markdownlint-cli": "^0.43.0" + } +} diff --git a/renovate.json b/renovate.json index 8955df9..0bf6a0e 100644 --- a/renovate.json +++ b/renovate.json @@ -1,24 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "assignees": [ "volker.raschek" ], - "labels": [ "renovate" ], - "packageRules": [ - { - "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ], - "automerge": true, - "matchManagers": "droneci", - "matchUpdateTypes": [ "minor", "patch"] - }, - { - "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ], - "automerge": false, - "matchPackageNames": [ "prometheus-fail2ban-exporter" ], - "matchManagers": [ "regex" ] - } - ], - "rebaseLabel": "renovate/rebase", - "rebaseWhen": "behind-base-branch", - "regexManagers": [ + "customManagers": [ { "description": "Update container image reference", "fileMatch": [ @@ -28,8 +11,40 @@ "appVersion: \"(?.*?)\"\\s+" ], "datasourceTemplate": "docker", - "depNameTemplate": "prometheus-fail2ban-exporter", - "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter" + "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter", + "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter", + "versioningTemplate": "semver" + }, + { + "description": "Detect helm chart version in README", + "fileMatch": [ + "^README\\.md$" + ], + "matchStrings": [ + "^CHART_VERSION=(?.*)$" + ], + "datasourceTemplate": "git-tags", + "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart", + "packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart", + "versioningTemplate": "semver" } - ] + ], + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/automerge", "renovate/droneci" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/automerge", "renovate/npm" ], + "automerge": true, + "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ], + "matchManagers": [ "npm" ], + "matchUpdateTypes": [ "minor", "patch"] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch" }