Initial plugin source.

Author: sschnabe

.github/workflows/lint.yaml

@@ -0,0 +1,35 @@
+name: Lint
+
+on: push
+
+jobs:
+
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/renovate-config-validator
+
+  markdownlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/markdownlint
+
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/yamllint
+
+  hadolint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/hadolint
+
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@main
+      - uses: docker://kokuwaio/shellcheck

.hadolint.yaml

@@ -0,0 +1,7 @@
+# https://github.com/hadolint/hadolint#configure
+failure-threshold: style
+strict-labels: true
+disable-ignore-pragma: true
+ignored:
+  - DL3008  # Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+trustedRegistries: [docker.io]

.justfile

@@ -0,0 +1,57 @@
+# https://just.systems/man/en/
+set fallback := true
+set unstable := true
+set script-interpreter := ["bash", "-eu"]
+
+REGISTRY_IMAGE := "docker.io/library/registry:2.8.3"
+REGISTRY_NAME := "kaniko-registry"
+REGISTRY_PORT := "5001"
+IMAGE := replace("localhost:_/shellcheck", '_', REGISTRY_PORT)
+
+[private]
+@default:
+	just --list --unsorted
+
+# Run linter.
+@lint:
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/shellcheck
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/hadolint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/yamllint
+	docker run --rm --read-only --volume=$(pwd):$(pwd):rw --workdir=$(pwd) kokuwaio/markdownlint --fix
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) kokuwaio/renovate-config-validator
+
+# Build using local repository as cache.
+@build: registry-up
+	docker run --rm --net=host --volume=$(pwd):/workspace:ro gcr.io/kaniko-project/executor:v1.23.2 --context=/workspace --destination={{IMAGE}}
+
+# Run image against local repository.
+run: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm --read-only --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Inspect image layers with `dive`.
+@dive: registry-up
+	docker pull {{IMAGE}} >/dev/null
+	docker run --rm -it --volume=/var/run/docker.sock:/var/run/docker.sock:ro wagoodman/dive:latest {{IMAGE}}
+
+# Build with local docker daemon.
+docker: registry-up
+	docker buildx build . --load --quiet --tag={{IMAGE}}:amd64 --platform=linux/amd64
+	docker buildx build . --load --quiet --tag={{IMAGE}}:arm64 --platform=linux/arm64
+	docker push {{IMAGE}} --all-tags --quiet
+	docker manifest rm {{IMAGE}} || true
+	docker manifest create {{IMAGE}} --insecure --amend {{IMAGE}}:amd64 --amend {{IMAGE}}:arm64
+	docker manifest inspect {{IMAGE}} --verbose
+	docker manifest push {{IMAGE}} --purge
+	docker pull {{IMAGE}}
+	docker image inspect {{IMAGE}}
+	docker run --rm --read-only --env=CI=1 --volume=$(pwd):$(pwd):ro --workdir=$(pwd) {{IMAGE}}
+
+# Start local image registry at `http://localhost:{{REGISTRY_PORT}}`.
+@registry-up:
+	docker volume create {{REGISTRY_NAME}} >/dev/null
+	docker ps --format '{{{{.Names}}' | grep {{REGISTRY_NAME}} >/dev/null || docker run --quiet --detach --volume={{REGISTRY_NAME}}:/var/lib/registry --publish={{REGISTRY_PORT}}:5000 --name={{REGISTRY_NAME}} {{REGISTRY_IMAGE}} >/dev/null
+
+# Shutdown local image registry.
+@registry-down:
+	docker rm {{REGISTRY_NAME}} --force >/dev/null 2>&1

.markdownlint.yaml

@@ -0,0 +1,9 @@
+# Default state for all rules
+default: true
+
+# MD009 - Trailing spaces
+MD009:
+  strict: true
+
+# MD013 - Line length
+MD013: false

.woodpecker/build.yaml

@@ -0,0 +1,38 @@
+when:
+  event: [manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  build:
+    image: gcr.io/kaniko-project/executor:v1.23.2-debug
+    commands: /kaniko/executor
+        --context=$CI_WORKSPACE
+        --destination=ci-registry.schnabel.org/kokuwaio/shellcheck:$CI_PIPELINE_NUMBER-$PLATFORM
+        --reproducible
+        --cache
+        --cache-copy-layers
+        --cache-run-layers
+        --cache-repo=$DOCKER_CACHE/cache/kokuwaio/shellcheck
+        --insecure-registry=$DOCKER_CACHE
+        --insecure-registry=$DOCKER_MIRROR
+        --registry-mirror=$DOCKER_MIRROR
+        --skip-default-registry-fallback
+        --label=org.opencontainers.image.title="Shellcheck Plugin"
+        --label=org.opencontainers.image.description="A Woodpecker CI plugin for Renovate configuration validation."
+        --label=org.opencontainers.image.url=$CI_REPO_URL
+        --label=org.opencontainers.image.documentation=$CI_REPO_URL
+        --label=org.opencontainers.image.source=$CI_REPO_CLONE_URL
+        --label=org.opencontainers.image.vendor=kokuwa.io
+        --label=org.opencontainers.image.licenses=GPL-3.0-or-later
+        --label=org.opencontainers.image.version=v0.10.0
+
+  test:
+    image: ci-registry.schnabel.org/kokuwaio/shellcheck:${CI_PIPELINE_NUMBER}-${PLATFORM}
+    pull: true

.woodpecker/dockerhub.yaml

@@ -0,0 +1,17 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/shellcheck
+  event: push
+  branch: main
+  path: README.md
+
+steps:
+
+  metadata:
+    image: kokuwaio/dockerhub-metadata
+    settings:
+      repository: kokuwaio/shellcheck
+      description-short: A Woodpecker CI plugin for Renovate configuration validation.
+      categories: [developer-tools, integration-and-delivery]
+      username: {from_secret: DOCKERHUB_USERNAME}
+      password: {from_secret: DOCKERHUB_PASSWORD}

.woodpecker/lint.yaml

@@ -0,0 +1,31 @@
+when:
+  event: [cron, manual, push, pull_request]
+  branch: main
+  path: [.woodpecker/lint.yaml, renovate.json, "**/*.yaml", "**/*.md", "**/*.sh", "**/Dockerfile"]
+
+steps:
+
+  renovate:
+    image: kokuwaio/renovate-config-validator
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, renovate.json]]
+
+  yaml:
+    image: kokuwaio/yamllint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .yamllint.yaml, "**/*.yaml"]]
+
+  markdown:
+    image: kokuwaio/markdownlint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .markdownlint.yaml, "**/*.md"]]
+
+  dockerfile:
+    image: kokuwaio/hadolint
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, .hadolint.yaml, "**/Dockerfile"]]
+
+  shellcheck:
+    image: kokuwaio/shellcheck
+    depends_on: []
+    when: [path: [.woodpecker/lint.yaml, "**/*.sh"]]

.woodpecker/push.yaml

@@ -0,0 +1,39 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/shellcheck
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [build]
+skip_clone: true
+
+steps:
+
+  manifest:
+    image: mplatform/manifest-tool:alpine-v2.1.9
+    commands: manifest-tool push from-args
+        --platforms=linux/amd64,linux/arm64
+        --template=ci-registry.schnabel.org/kokuwaio/shellcheck:$CI_PIPELINE_NUMBER-ARCH
+        --target=ci-registry.schnabel.org/kokuwaio/shellcheck:$CI_PIPELINE_NUMBER
+
+  docker.io: &push
+    image: quay.io/skopeo/stable:v1.17.0
+    depends_on: [manifest]
+    commands:
+      - echo "$AUTH" > /tmp/auth.json
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/shellcheck:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/shellcheck:v0.10.0
+      - skopeo copy --all --preserve-digests --dest-precompute-digests
+          docker://ci-registry.schnabel.org/kokuwaio/shellcheck:$CI_PIPELINE_NUMBER
+          docker://$URL/kokuwaio/shellcheck:latest
+    environment:
+      URL: docker.io
+      AUTH: {from_secret: DOCKER_IO_AUTH}
+
+  ghcr.io:
+    <<: *push
+    environment:
+      URL: ghcr.io
+      AUTH: {from_secret: GHCR_IO_AUTH}

.woodpecker/test.yaml

@@ -0,0 +1,18 @@
+when:
+  instance: ci.schnabel.org
+  repo: kokuwaio/shellcheck
+  event: push
+  branch: main
+  path: [.woodpecker/build.yaml, .woodpecker/push.yaml, .woodpecker/test.yaml, Dockerfile, Dockerfile.dockerignore, entrypoint.sh]
+
+depends_on: [push]
+matrix:
+  PLATFORM: [amd64, arm64]
+labels:
+  platform: linux/${PLATFORM}
+
+steps:
+
+  test:
+    image: kokuwaio/shellcheck
+    pull: true

.yamllint.yaml

@@ -0,0 +1,23 @@
+extends: default
+
+## see https://yamllint.readthedocs.io/en/stable/rules.html
+rules:
+
+  # no need for document start
+  document-start: disable
+
+  # line length is not important
+  line-length: disable
+
+  # reduce space from 2
+  comments:
+    min-spaces-from-content: 1
+
+  # force double quotes everywhere
+  quoted-strings:
+    quote-type: double
+    required: only-when-needed
+
+  # allow everything on keys
+  truthy:
+    check-keys: false