fix: Resolve linter checks

Author: PavelYadrov

.github/linters/.checkov.yaml

@@ -2,21 +2,33 @@
 
 quiet: true
 
+directory:
+  - backup-daemon
+  - docker-zookeeper
+  - integration-tests
+  - monitoring
+  - operator/charts/helm
+
 skip-check:
-# https://www.checkov.io/5.Policy%20Index/kubernetes.html
-- CKV_K8S_15 # Image Pull Policy should be Always
-- CKV_K8S_21 # The default namespace should not be used
-- CKV_K8S_22 # Use read-only filesystem for containers where possible
-- CKV_K8S_35 # Prefer using secrets as files over secrets as environment variables
-- CKV_K8S_38 # Ensure that Service Account Tokens are only mounted where necessary
-- CKV_K8S_40 # Containers should run as a high UID to avoid host conflict
-- CKV_K8S_43 # Image should use digest
-- CKV2_K8S_5 # No ServiceAccount/Node should be able to read all secrets
-- CKV2_K8S_6 # Minimize the admission of pods which lack an associated NetworkPolicy
-# https://www.checkov.io/5.Policy%20Index/dockerfile.html
-- CKV_DOCKER_2 # Ensure that HEALTHCHECK instructions have been added to container images
-# https://www.checkov.io/5.Policy%20Index/secrets.html
-- CKV_SECRET_6 # Base64 High Entropy String
-# https://www.checkov.io/5.Policy%20Index/github_actions.html
-- CKV2_GHA_1 # Ensure top-level permissions are not set to write-all
-- CKV_GHA_7 # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.
+  # https://www.checkov.io/5.Policy%20Index/kubernetes.html
+  - CKV_K8S_8  # Liveness Probe Should be Configured
+  - CKV_K8S_9  # Readiness Probe Should be Configured
+  - CKV_K8S_15 # Image Pull Policy should be Always
+  - CKV_K8S_21 # The default namespace should not be used
+  - CKV_K8S_22 # Use read-only filesystem for containers where possible
+  - CKV_K8S_35 # Prefer using secrets as files over secrets as environment variables
+  - CKV_K8S_38 # Ensure that Service Account Tokens are only mounted where necessary
+  - CKV_K8S_40 # Containers should run as a high UID to avoid host conflict
+  - CKV_K8S_43 # Image should use digest
+  - CKV_K8S_49 # Minimize wildcard use in Roles and ClusterRoles
+  - CKV2_K8S_5 # No ServiceAccount/Node should be able to read all secrets
+  - CKV2_K8S_6 # Minimize the admission of pods which lack an associated NetworkPolicy
+  # https://www.checkov.io/5.Policy%20Index/dockerfile.html
+  - CKV_DOCKER_2 # Ensure that HEALTHCHECK instructions have been added to container images
+  - CKV_DOCKER_10 # Ensure that WORKDIR values are absolute paths
+  - CKV2_DOCKER_3 # Ensure that certificate validation isn't disabled with wget
+  # https://www.checkov.io/5.Policy%20Index/secrets.html
+  - CKV_SECRET_6 # Base64 High Entropy String
+  # https://www.checkov.io/5.Policy%20Index/github_actions.html
+  - CKV2_GHA_1 # Ensure top-level permissions are not set to write-all
+  - CKV_GHA_7 # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.

.github/linters/.hadolint.yaml

@@ -0,0 +1,5 @@
+failure-threshold: error
+
+ignored:
+  - DL3018
+  - DL3033

.markdownlint.yaml .github/linters/.markdown-lint.yml.markdownlint.yaml renamed to .github/linters/.markdown-lint.yml

@@ -25,5 +25,9 @@ MD037: false
 MD004: false
 # MD007/ul-indent Unordered list indentation
 MD007: false
+# MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: <?>]
+MD009: false
 # MD010/no-hard-tabs Hard tabs
-MD010: false
+MD010: false
+# MD051/Link fragments should be valid
+MD051: false

.github/linters/.yaml-lint.yml

@@ -3,16 +3,16 @@
 # Rules: https://yamllint.readthedocs.io/en/stable/rules.html
 
 # Exclude not required files
-# ignore-from-file:
-# - .gitignore
-# - .yamlignore
+ignore-from-file:
+  - .gitignore
+  - .yamlignore
 
 rules:
   braces:
-    min-spaces-inside: 1
+    min-spaces-inside: 0
     max-spaces-inside: 1
-    min-spaces-inside-empty: 0
-    max-spaces-inside-empty: 0
+    min-spaces-inside-empty: -1
+    max-spaces-inside-empty: -1
   brackets:
     min-spaces-inside: 0
     max-spaces-inside: 1

.markdownlintignore

@@ -0,0 +1,3 @@
+**/.github/workflows/*
+**/charts/*/*
+**/charts/*/templates/*.yaml

.yamlignore

@@ -18,7 +18,7 @@ The Qubership platform provides ZooKeeper deployment to Kubernetes/OpenShift usi
 The deployment procedure and additional features include the following:
 
 * Support of Qubership deployment jobs for HA scheme and different configurations. For more detailed information, refer to [Installation Guide](/docs/public/installation.md).
-* Backup and restore. For more detailed information, refer to [ZooKeeper Backup Daemon Guide](https://github.com/Netcracker/qubership-zookeeper-backup-daemon/blob/main/documentation/maintenance-guide/development-guide/README.md).
+* Backup and restore. For more detailed information, refer to [ZooKeeper Backup Daemon Guide](./development-guide.md).
 * Monitoring integration with Grafana Dashboard and Prometheus Alerts. For more detailed information, refer to [Monitoring Guide](/docs/public/monitoring.md).
 
 # ZooKeeper Components

docs/public/architecture.md

@@ -24,7 +24,7 @@ request body:
 curl -XPOST -u username:password -v -H "Content-Type: application/json" -d '{"mode":"transactional"}' http://localhost:8080/backup
 ```
 
-For more information about `Backup Modes` see [Backup Modes](../backup-modes/backup-modes).
+For more information about `Backup Modes` see [Backup Modes](./backup-modes.md).
 
 ### Not Evictable Backup