projectcalico · danudey · Nov 14, 2024 · Nov 14, 2024
@@ -0,0 +1,35 @@
+# Lint YAML files present in the repository.
+#
+# Currently we only lint semaphore yaml files, to
+# avoid excessive confusion from developers by
+# throwing unnecessary warnings or errors on arbitrary
+# yaml files.
+#
+# If you want to lint other YAML files in this
+# repository, *add a second workflow* and make
+# sure that you're specifying file paths in the
+# on:pull_request section and in the `with:file_or_dir`
+# section of the block itself.
+---
+name: Yaml Lint
+on:  # yamllint disable-line rule:truthy
+  pull_request:
+    paths:
+      - '.semaphore/**/*.yml'
+      - '.semaphore/.yamllint.yml'
+
+jobs:
+  lintSemaphoreYaml:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - id: yaml-lint
+        uses: ibiqlik/action-yamllint@v3
+        with:
+          file_or_dir: .semaphore/**/*.yml
+          config_file: .semaphore/.yamllint.yml
+      - uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: yamllint-logfile
+          path: ${{ steps.yaml-lint.outputs.logfile }}
@@ -0,0 +1,8 @@
+extends: default
+
+rules:
+  line-length: disable
+  document-start: disable
+  empty-lines: disable
+  indentation:
+    indent-sequences: whatever
@@ -4,10 +4,8 @@ agent:
   machine:
     type: f1-standard-4
     os_image: ubuntu2004
-
 execution_time_limit:
   minutes: 800
-
 blocks:
   - name: "Publish official release"
     dependencies: []
@@ -23,50 +21,50 @@ blocks:
         - name: openstack-signing-publishing
       prologue:
         commands:
-        # Load the github access secrets.  First fix the permissions.
-        - chmod 0600 /home/semaphore/.keys/git_ssh_rsa
-        - ssh-add /home/semaphore/.keys/git_ssh_rsa
-        # For some reason, /mnt is 100 GB and has a qemu-nbd image file.
-        # Let's delete it and use it for our own purposes (building calico
-        # without running out of space)
-        - sudo killall qemu-nbd || true
-        - sudo rm -f /mnt/docker.qcow2
-        - sudo chown $(id -u):$(id -g) /mnt/
-        - mkdir calico
-        - sudo mount --bind /mnt calico
-        # Checkout the code and unshallow it.
-        # (this is going to throw an error because it can't remove
-        # the `calico` directory, which is a mount, but it will
-        # continue anyway)
-        - checkout
-        - retry git fetch --quiet --unshallow
-        # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
-        # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
-        # how much we churn docker containers during the build.  Disable it.
-        - sudo systemctl stop docker
-        - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
-        - sudo systemctl start docker
-        # Log in to container registries needed for release.
-        - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
-        - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
-        # Credentials for accessing gcloud, needed to push images to gcr
-        - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
-        - gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
-        # Manually log in to GCR until we can test the gcr credentials helper
-        - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io
-        - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io
-        - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io
-        - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
+          # Load the github access secrets.  First fix the permissions.
+          - chmod 0600 /home/semaphore/.keys/git_ssh_rsa
+          - ssh-add /home/semaphore/.keys/git_ssh_rsa
+          # For some reason, /mnt is 100 GB and has a qemu-nbd image file.
+          # Let's delete it and use it for our own purposes (building calico
+          # without running out of space)
+          - sudo killall qemu-nbd || true
+          - sudo rm -f /mnt/docker.qcow2
+          - sudo chown $(id -u):$(id -g) /mnt/
+          - mkdir calico
+          - sudo mount --bind /mnt calico
+          # Checkout the code and unshallow it.
+          # (this is going to throw an error because it can't remove
+          # the `calico` directory, which is a mount, but it will
+          # continue anyway)
+          - checkout
+          - retry git fetch --quiet --unshallow
+          # Semaphore mounts a copy-on-write FS as /var/lib/docker in order to provide a pre-loaded cache of
+          # some images. However, the cache is not useful to us and the copy-on-write FS is a big problem given
+          # how much we churn docker containers during the build.  Disable it.
+          - sudo systemctl stop docker
+          - sudo umount /var/lib/docker && sudo killall qemu-nbd || true
+          - sudo systemctl start docker
+          # Log in to container registries needed for release.
+          - echo $DOCKER_TOKEN | docker login --username "$DOCKER_USER" --password-stdin
+          - echo $QUAY_TOKEN | docker login --username "$QUAY_USER" --password-stdin quay.io
+          # Credentials for accessing gcloud, needed to push images to gcr
+          - export GOOGLE_APPLICATION_CREDENTIALS=$HOME/secrets/gcr-credentials.json
+          - gcloud auth activate-service-account --key-file=${GOOGLE_APPLICATION_CREDENTIALS}
+          # Manually log in to GCR until we can test the gcr credentials helper
+          - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://gcr.io
+          - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://eu.gcr.io
+          - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://asia.gcr.io
+          - cat ${GOOGLE_APPLICATION_CREDENTIALS} | docker login -u _json_key --password-stdin https://us.gcr.io
       jobs:
-      - name: "Release on Semaphore VM"
-        execution_time_limit:
-          minutes: 360
-        env_vars:
-        - name: VAR_FILE
-          value: /home/semaphore/secrets/release.tfvars
-        commands:
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi
-        - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi
+        - name: "Release on Semaphore VM"
+          execution_time_limit:
+            minutes: 360
+          env_vars:
+            - name: VAR_FILE
+              value: /home/semaphore/secrets/release.tfvars
+          commands:
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release; fi
+            - if [ -z "${SEMAPHORE_GIT_PR_NUMBER}" ]; then make GIT_BRANCH=${SEMAPHORE_GIT_BRANCH} release-publish; fi
   - name: "Build Openstack Packages"
     dependencies: ["Publish official release"]
     skip:
@@ -80,17 +78,17 @@ blocks:
         - name: openstack-signing-publishing
       prologue:
         commands:
-        # Load the github access secrets.  First fix the permissions.
-        - chmod 0600 /home/semaphore/.keys/git_ssh_rsa
-        - ssh-add /home/semaphore/.keys/git_ssh_rsa
-        # Checkout the code (we don't need to unshallow it like we usually do)
-        - checkout
-        # Authenticate to google cloud (to upload RPM binaries to the repo)
-        - gcloud config set project tigera-wp-tcp-redirect
-        - gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
-        # Install more tools
-        - sudo apt update
-        - sudo apt install -y moreutils patchelf
+          # Load the github access secrets.  First fix the permissions.
+          - chmod 0600 /home/semaphore/.keys/git_ssh_rsa
+          - ssh-add /home/semaphore/.keys/git_ssh_rsa
+          # Checkout the code (we don't need to unshallow it like we usually do)
+          - checkout
+          # Authenticate to google cloud (to upload RPM binaries to the repo)
+          - gcloud config set project tigera-wp-tcp-redirect
+          - gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS
+          # Install more tools
+          - sudo apt update
+          - sudo apt install -y moreutils patchelf
       jobs:
         - name: "Build Openstack Packages"
           execution_time_limit:
@@ -100,5 +98,5 @@ blocks:
       epilogue:
         always:
           commands:
-          - test -d release/packaging/output  && mv -v release/packaging/output release/packaging/openstack
-          - artifact push workflow release/packaging/openstack
+            - test -d release/packaging/output  && mv -v release/packaging/output release/packaging/openstack
+            - artifact push workflow release/packaging/openstack