From 760a3e69d5acd4a3465e4b8a4ab0334817333945 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Sat, 4 Jan 2025 22:11:50 +0100 Subject: [PATCH] fix(ci): impl project defaults --- .editorconfig | 8 ++-- .gitignore | 7 ++- .helmignore | 34 ++++++++++++-- .markdownlint.yaml | 28 ++++++++---- .markdownlintignore | 4 ++ .npmrc | 1 + .prettierignore | 1 + .yamllint.yaml | 20 +++++++++ CODEOWNERS | 1 + CONTRIBUTING.md | 82 +++++++++++++++++++++++++++++++++ Makefile | 107 ++++++++++++++++++++++++++++++++++++++++++++ README.md | 17 +++---- package.json | 21 +++++++++ renovate.json | 57 ++++++++++++++--------- 14 files changed, 340 insertions(+), 48 deletions(-) create mode 100644 .markdownlintignore create mode 100644 .npmrc create mode 100644 .prettierignore create mode 100644 .yamllint.yaml create mode 100644 CODEOWNERS create mode 100644 CONTRIBUTING.md create mode 100644 Makefile create mode 100644 package.json diff --git a/.editorconfig b/.editorconfig index 1166a4a..b53e68c 100644 --- a/.editorconfig +++ b/.editorconfig @@ -1,6 +1,3 @@ -# EditorConfig is awesome: https://EditorConfig.org - -# top-most EditorConfig file root = true [*] @@ -9,4 +6,7 @@ indent_size = 2 end_of_line = lf charset = utf-8 trim_trailing_whitespace = true -insert_final_newline = false \ No newline at end of file +insert_final_newline = false + +[Makefile] +indent_style = tab \ No newline at end of file diff --git a/.gitignore b/.gitignore index cdcaed9..ba69fff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ -*.tgz +charts +node_modules +target values2.yml -values2.yaml \ No newline at end of file +values2.yaml +*.tgz diff --git a/.helmignore b/.helmignore index 22b5ff9..a954747 100644 --- a/.helmignore +++ b/.helmignore @@ -2,6 +2,7 @@ # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store + # Common VCS dirs .git/ .gitignore @@ -10,23 +11,50 @@ .hg/ .hgignore .svn/ + # Common backup files *.swp *.bak *.tmp *.orig *~ + # Various IDEs .project .idea/ *.tmproj .vscode/ + # drone .drone.yml -# markdownlint -.markdownlint.yaml + +# editorconfig +.editorconfig + # customized values values2.yml values2.yaml + # helm packages -*.tgz \ No newline at end of file +*.tgz +.helmignore +unittests + +# markdownlint +.markdownlint.yml +.markdownlint.yaml +.markdownlintignore + +# npm +.prettierignore +.npmrc +package* + +# yamllint +.yamllint.yaml + +# Others +CONTRIBUTING.md +CODEOWNERS +Makefile +renovate.json diff --git a/.markdownlint.yaml b/.markdownlint.yaml index c158976..5156987 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -45,9 +45,9 @@ MD012: # MD013/line-length - Line length MD013: # Number of characters - line_length: 80 + line_length: 120 # Number of characters for headings - heading_line_length: 80 + heading_line_length: 120 # Number of characters for code blocks code_block_line_length: 80 # Include code blocks @@ -56,8 +56,6 @@ MD013: tables: false # Include headings headings: true - # Include headings - headers: true # Strict length checking strict: false # Stern length checking @@ -73,7 +71,7 @@ MD022: # MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content MD024: # Only check sibling headings - allow_different_nesting: true + siblings_only: true # MD025/single-title/single-h1 - Multiple top-level headings in the same document MD025: @@ -128,8 +126,22 @@ MD041: # MD044/proper-names - Proper names should have the correct capitalization MD044: # List of proper names - # names: - # - drone + names: + - Git + - GitDevOps + - Gitea + - GitHub + - GitLab + - GitOps + - kube-prometheus-stack + - Memcached + - Oracle + - ORBIS U + - PostgreSQL + - Prometheus + - prometheus-exporter + - SSL + - TLS # Include code blocks code_blocks: false @@ -141,4 +153,4 @@ MD046: # MD048/code-fence-style - Code fence style MD048: # Code fence syle - style: "backtick" \ No newline at end of file + style: "backtick" diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..9fe4803 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1,4 @@ +.github/ +Chart.lock +charts/ +node_modules/ \ No newline at end of file diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..b6f27f1 --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +engine-strict=true diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000..fafeafa --- /dev/null +++ b/.prettierignore @@ -0,0 +1 @@ +Chart.lock \ No newline at end of file diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000..90128be --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,20 @@ +--- +extends: default + +ignore: | + .yamllint + node_modules + templates + + +rules: + truthy: + allowed-values: ['true', 'false'] + check-keys: False + level: error + line-length: disable + document-start: disable + comments: + min-spaces-from-content: 1 + braces: + max-spaces-inside: 2 \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..af45fc8 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @volker.raschek diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..6347fe2 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,82 @@ +# Contributing + +I am very happy if you would like to provide a pull request 👍 + +The content of this file describes which requirements contributors should fulfill before submitting a pull request (PR). + +1. [Valid Git commits](#valid-git-commits) + +## Valid Git commits + +### Commit message + +The repository is subject to a strict commit message template. This states that there are several types of commits. For +example, `fix`, `chore`, `refac`, `test` or `doc`. All types are described in more detail below. + +| type | description | +| ------------------- | ----------------------------------------------------------------- | +| `feat` | New feature. | +| `fix` | Fixes a bug. | +| `refac` | Refactoring production code. | +| `style` | Fixes formatting issues. No production code change. | +| `docs` | Adapt documentation. No production code change. | +| `test` | Adds new or modifies existing tests. No production code change. | +| `chore` | Updating grunt tasks. Is everything which the user does not see. | + +Based on these types, commit messaged can then be created. Here are a few examples: + +```text +style(README): Wrong indentation +feat(deployment): support restartPolicy +fix(my-app): Add missing volume +docs(CONTRIBUTING): Describe how to commit correctly +``` + +This type of commit message makes it easier for me as maintainer to keep an overview and does not cause the commits of a +pull request PR to be combined into one commit (squashing). + +### Smart commits + +Smart commits are excellent when it comes to tracking bugs or issues. In this repository, however, the rebasing of +commits is prohibited, which means that only merge commits are possible. This means that a smart commit message only +needs to be added to the merge commit. + +This has the advantage that the maintainer can use the smart commit to find the merge commit and undo the entire history +of a merge without having to select individual commits. The following history illustrates the correct use of smart commits. + +```text +* 823edbc7 Volker Raschek (G) | [Close #2] feat(deployment): support additional containers +|\ +| * 321aebc3 Volker Raschek (G) | doc(README): generate README with new deployment attributes +| * 8d101dd3 Volker Raschek (G) | test(deployment): Extend unittest of additional containers +| * 6f2abd93 Volker Raschek (G) | fix(deployment): Extend deployment of additional containers +|/ +* aa5ebda bob (N) | [Close #1] feat(deployment): support initContainers +``` + +### Commit signing + +Another problem with Git is the chain of trust. Git allows the configuration of any name and e-mail address. An attacker +can impersonate any person and submit pull requests under a false identity. For as Linux Torvalds, the maintainer of the +Linux kernel. + +```bash +git config --global user.name 'Linux Torvalds' +git config --global user.email 'torvalds@linux-foundation.org' +``` + +To avoid this, some Git repositories expect signed commits. In particular, repositories that are subject to direct +delivery to customers. For this reason, the repository is subject to a branch protection rule that only allows signed +commits. *Until* there is *no verified* and *no signed* commit, the pull request is blocked. + +The following articles describes how Git can be configured to sign commits. Please keep in mind, that the e-mail +address, which is used as UID of the GPG keyring must also be defined in the profile settings of your GitHub account. +Otherwise will be marked the Git commit as *Unverified*. + +1. [Signing Commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits) +2. [Tell Git about your signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key) + +Inspect your Git commit via `git log`. There should be mentioned, that your commit is signed. + +Furthermore, the GPG key is unique. **Don't loose your private GPG key**. Backup your private key on a safe device. For +example an external USB drive. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e3813d0 --- /dev/null +++ b/Makefile @@ -0,0 +1,107 @@ +# CONTAINER_RUNTIME +CONTAINER_RUNTIME?=$(shell which podman) + +# HELM_IMAGE +HELM_IMAGE_REGISTRY_HOST?=docker.io +HELM_IMAGE_REPOSITORY=volkerraschek/helm +HELM_IMAGE_VERSION?=3.16.1 # renovate: datasource=docker registryUrl=https://docker.io depName=volkerraschek/helm +HELM_IMAGE_FULLY_QUALIFIED=${HELM_IMAGE_REGISTRY_HOST}/${HELM_IMAGE_REPOSITORY}:${HELM_IMAGE_VERSION} + +# MARKDOWNLINKCHECKER_IMAGE +MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST?=ghcr.io +MARKDOWNLINKCHECK_IMAGE_REPOSITORY=tcort/markdown-link-check +MARKDOWNLINKCHECK_IMAGE_VERSION?=3.12.2 # renovate: datasource=docker registryUrl=https://ghcr.io depName=tcort/markdown-link-check +MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED=${MARKDOWNLINKCHECK_IMAGE_REGISTRY_HOST}/${MARKDOWNLINKCHECK_IMAGE_REPOSITORY}:${MARKDOWNLINKCHECK_IMAGE_VERSION} + +# NODE_IMAGE +NODE_IMAGE_REGISTRY_HOST?=docker.io +NODE_IMAGE_REPOSITORY=library/node +NODE_IMAGE_VERSION?=22.9.0-alpine # renovate: datasource=docker registryUrl=https://docker.io depName=library/node +NODE_IMAGE_FULLY_QUALIFIED=${NODE_IMAGE_REGISTRY_HOST}/${NODE_IMAGE_REPOSITORY}:${NODE_IMAGE_VERSION} + +# MISSING DOT +# ============================================================================== +missing-dot: + grep --perl-regexp '## @(param|skip).*[^.]$$' values.yaml + +# CONTAINER RUN - README +# ============================================================================== +PHONY+=container-run/readme +container-run/readme: container-run/readme/link container-run/readme/lint container-run/readme/parameters + +container-run/readme/link: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:link + +container-run/readme/lint: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:lint + +container-run/readme/parameters: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${NODE_IMAGE_FULLY_QUALIFIED} \ + npm install && npm run readme:parameters + +# CONTAINER RUN - HELM UNITTESTS +# ============================================================================== +PHONY+=container-run/helm-unittests +container-run/helm-unittests: + ${CONTAINER_RUNTIME} run \ + --env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ + --env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + unittest --strict --file 'unittests/**/*.yaml' ./ + +# CONTAINER RUN - HELM UPDATE DEPENDENCIES +# ============================================================================== +PHONY+=container-run/helm-update-dependencies +container-run/helm-update-dependencies: + ${CONTAINER_RUNTIME} run \ + --env HELM_REPO_PASSWORD=${CHART_SERVER_PASSWORD} \ + --env HELM_REPO_USERNAME=${CHART_SERVER_USERNAME} \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + dependency update + +# CONTAINER RUN - MARKDOWN-LINT +# ============================================================================== +PHONY+=container-run/helm-lint +container-run/helm-lint: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):$(shell pwd) \ + --workdir $(shell pwd) \ + ${HELM_IMAGE_FULLY_QUALIFIED} \ + lint --values values.yaml . + +# CONTAINER RUN - MARKDOWN-LINK-CHECK +# ============================================================================== +PHONY+=container-run/markdown-link-check +container-run/markdown-link-check: + ${CONTAINER_RUNTIME} run \ + --rm \ + --volume $(shell pwd):/work \ + ${MARKDOWNLINKCHECK_IMAGE_FULLY_QUALIFIED} \ + *.md + +# PHONY +# ============================================================================== +# Declare the contents of the PHONY variable as phony. We keep that information +# in a variable so we can use it in if_changed. +.PHONY: ${PHONY} \ No newline at end of file diff --git a/README.md b/README.md index d3d5df7..695a994 100644 --- a/README.md +++ b/README.md @@ -3,15 +3,13 @@ [![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter-charts/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-charts) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/volker-raschek)](https://artifacthub.io/packages/search?repo=volker-raschek) -This helm chart contains a daemonset to deploy a fail2ban metric exporter on -kubernetes nodes, which have fail2ban locally installed and configured. +This helm chart contains a daemonset to deploy a fail2ban metric exporter on kubernetes nodes, which have fail2ban +locally installed and configured. -The fail2ban exporter was repackaged to make it possible to deploy the -application on kubernetes. The forked fail2ban exporter can be found -[here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter). +The fail2ban exporter was repackaged to make it possible to deploy the application on kubernetes. The forked fail2ban +exporter can be found [here](https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter). -This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and -can be installed via helm. +This helm chart can be found on [artifacthub.io](https://artifacthub.io/) and can be installed via helm. ```bash helm repo add volker.raschek https://charts.cryptic.systems/volker.raschek @@ -22,6 +20,5 @@ helm install prometheus-fail2ban-exporter volker.raschek/prometheus-fail2ban-exp All [configuration options](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/235d34114bdf6c99f8b8154240c007b2491248ea/cfg/cfg.go#L12) -can be defined in the `values.yml` file below the `config` section. -Alternatively can be the options passed via the `--set` flag of the `helm -install` command. +can be defined in the `values.yml` file below the `config` section. Alternatively can be the options passed via the +`--set` flag of the `helm install` command. diff --git a/package.json b/package.json new file mode 100644 index 0000000..9647e6c --- /dev/null +++ b/package.json @@ -0,0 +1,21 @@ +{ + "name": "prometheus-fail2ban-exporter-chart", + "homepage": "https://git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart.git", + "license": "MIT", + "private": true, + "engineStrict": true, + "engines": { + "node": ">=16.0.0", + "npm": ">=8.0.0" + }, + "scripts": { + "readme:link": "markdown-link-check *.md", + "readme:lint": "markdownlint *.md -f", + "readme:parameters": "readme-generator -v values.yaml -r README.md" + }, + "devDependencies": { + "@bitnami/readme-generator-for-helm": "^2.5.0", + "markdown-link-check": "^3.13.6", + "markdownlint-cli": "^0.43.0" + } +} diff --git a/renovate.json b/renovate.json index 8955df9..0bf6a0e 100644 --- a/renovate.json +++ b/renovate.json @@ -1,24 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "assignees": [ "volker.raschek" ], - "labels": [ "renovate" ], - "packageRules": [ - { - "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ], - "automerge": true, - "matchManagers": "droneci", - "matchUpdateTypes": [ "minor", "patch"] - }, - { - "addLabels": [ "renovate/prometheus-fail2ban-exporter", "renovate/automerge" ], - "automerge": false, - "matchPackageNames": [ "prometheus-fail2ban-exporter" ], - "matchManagers": [ "regex" ] - } - ], - "rebaseLabel": "renovate/rebase", - "rebaseWhen": "behind-base-branch", - "regexManagers": [ + "customManagers": [ { "description": "Update container image reference", "fileMatch": [ @@ -28,8 +11,40 @@ "appVersion: \"(?.*?)\"\\s+" ], "datasourceTemplate": "docker", - "depNameTemplate": "prometheus-fail2ban-exporter", - "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter" + "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter", + "lookupNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter", + "versioningTemplate": "semver" + }, + { + "description": "Detect helm chart version in README", + "fileMatch": [ + "^README\\.md$" + ], + "matchStrings": [ + "^CHART_VERSION=(?.*)$" + ], + "datasourceTemplate": "git-tags", + "depNameTemplate": "volker.raschek/prometheus-fail2ban-exporter-chart", + "packageNameTemplate": "git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter-chart", + "versioningTemplate": "semver" } - ] + ], + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/automerge", "renovate/droneci" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + }, + { + "addLabels": [ "renovate/automerge", "renovate/npm" ], + "automerge": true, + "matchPackageNames": [ "markdownlint-cli", "@bitnami/readme-generator-for-helm" ], + "matchManagers": [ "npm" ], + "matchUpdateTypes": [ "minor", "patch"] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch" }