Fix megalinter lint errors

Signed-off-by: Andres Tobon <andrest2455@gmail.com>

Author: andrest50

.github/workflows/project-api-build.yml

@@ -3,8 +3,7 @@
 ---
 name: "Project API Build"
 
-on:
-  - pull_request
+"on": [pull_request]
 
 permissions:
   contents: read

.gitignore

@@ -3,3 +3,7 @@
 bin/
 gen/
 .env*
+
+# Linter generated files
+megalinter-reports/
+revive.log

.gitleaks.toml

@@ -0,0 +1,28 @@
+
+title = "gitleaks config"
+
+[extend]
+# useDefault will extend the base configuration with the default gitleaks config:
+# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
+useDefault = true
+
+[allowlist]
+description = "Allowlisted files"
+paths = [
+    '''.automation/test''',
+    '''megalinter-reports''',
+    '''.github/linters''',
+    '''node_modules''',
+    '''.mypy_cache''',
+    '''./cmd/project-api/service_handler_test.go''',
+    '''./cmd/project-api/service_endpoint_test.go''',
+    '''(.*?)gitleaks\.toml$''',
+    '''(?i)(.*?)(png|jpeg|jpg|gif|doc|docx|pdf|bin|xls|xlsx|pyc|zip)$''',
+    '''(go.mod|go.sum)$''',
+    '''(.*?)(swagger\.yml|swagger\.yaml)$''',
+    '''(.*?)(serverless\.yml|serverless\.yaml)$''',
+]
+regexTarget = "match"
+regexes = [
+    '''eyJhbGciOiJQUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.iOeNU4dAFFeBwNj6qdhdvm-IvDQrTa6R22lQVJVuWJxorJfeQww5Nwsra0PjaOYhAMj9jNMO5YLmud8U7iQ5gJK2zYyepeSuXhfSi8yjFZfRiSkelqSkU19I-Ja8aQBDbqXf2SAWA8mHF8VS3F08rgEaLCyv98fLLH4vSvsJGf6ueZSLKDVXz24rZRXGWtYYk_OYYTVgR1cg0BLCsuCvqZvHleImJKiWmtS0-CymMO4MMjCy_FIl6I56NqLE9C87tUVpo1mT-kbg5cHDD8I7MjCW5Iii5dethB4Vid3mZ6emKjVYgXrtkOQ-JyGMh6fnQxEFN1ft33GX2eRHluK9eg''',
+]

.gitleaksignore

@@ -0,0 +1,2 @@
+46d11606320853a027a623c203238656cda3d36e:service_test.go:jwt:571
+874abaf0c197e135ec27253c169f6b2deead5806:service_test.go:jwt:571

.mega-linter.yml

@@ -0,0 +1,44 @@
+# Copyright The Linux Foundation and each contributor to LFX.
+# SPDX-License-Identifier: MIT
+---
+GITHUB_COMMENT_REPORTER: false
+DISABLE_LINTERS:
+  # We are setting KUBERNETES_DIRECTORY to the helm chart so the
+  # KUBERNETES_HELM linter can find the chart, but then this linter expects to
+  # find raw Kubernetes manifests in this directory, which isn't the case.
+  # If we added a PRE_ command with a `helm template` step, and further
+  # restricted the included files for this linter, it *might* work.
+  - KUBERNETES_KUBECONFORM
+  # TBD how to use this from Megalinter with our setup.
+  - KUBERNETES_KUBESCAPE
+  # Repository-wide link checking returns mostly false positives (like internal
+  # service URLs in templates).
+  - SPELL_LYCHEE
+  - SPELL_CSPELL
+  # yamllint is sufficient for us.
+  - YAML_PRETTIER
+DISABLE_ERRORS_LINTERS:
+  # Include grammar checks only as warnings.
+  - SPELL_PROSELINT
+  - SPELL_VALE
+  # This may be informative but doesn't need to break the build.
+  - COPYPASTE_JSCPD
+  # TBD! Need to work through these.
+  - REPOSITORY_TRIVY
+  - REPOSITORY_CHECKOV
+  - REPOSITORY_DEVSKIM
+REPOSITORY_KICS_ARGUMENTS: >-
+  scan --no-progress --exclude-severities "medium,low,info,trace"
+SPELL_CSPELL_ANALYZE_FILE_NAMES: false
+# Make sure Vale is setup to run with the styles it needs.
+SPELL_VALE_PRE_COMMANDS:
+  - command: mkdir -p styles
+    cwd: "workspace"
+  - command: vale sync
+    cwd: "workspace"
+
+# Ignore YAML files with templating macros; these typically fail linting and/or
+# schema checking.
+FILTER_REGEX_EXCLUDE: '(templates/.*\.yml|templates/.*\.yaml)'
+KUBERNETES_DIRECTORY: charts/lfx-v2-project-service
+KUBERNETES_HELM_ARGUMENTS: charts/lfx-v2-project-service

.yamllint

@@ -6,6 +6,7 @@ ignore: |
   .git
   megalinter-reports
   styles
+  gen/
 rules:
   line-length:
     max: 120

Dockerfile

@@ -4,7 +4,7 @@
 # checkov:skip=CKV_DOCKER_7:No free access to Chainguard versioned labels.
 # hadolint global ignore=DL3007
 
-FROM --platform=$BUILDPLATFORM cgr.dev/chainguard/go:latest AS builder
+FROM cgr.dev/chainguard/go:latest AS builder
 
 # Expose port 8080 for the project service API.
 EXPOSE 8080

charts/lfx-v2-project-service/templates/deployment.yaml

@@ -19,10 +19,12 @@ spec:
       containers:
         - name: app
           image: linuxfoundation/lfx-v2-project-service:0.1.0
-          imagePullPolicy: Never # todo: fix this
+          securityContext:
+            allowPrivilegeEscalation: false
+          imagePullPolicy: Never  # todo: fix this
           env:
             - name: NATS_URL
-              value: "nats://nats.lfx.svc.cluster.local:4222"
+              value: {{.Values.nats.url}}
           ports:
             - containerPort: 8080
               name: web

charts/lfx-v2-project-service/values.yaml

@@ -1,5 +1,7 @@
 # Copyright The Linux Foundation and each contributor to LFX.
 # SPDX-License-Identifier: MIT
 ---
+# nats is the configuration for the NATS server
 nats:
+  # url is the URL of the NATS server
   url: nats://nats.lfx.svc.cluster.local:4222

cmd/project-api/design/project.go

@@ -1,11 +1,15 @@
 // Copyright The Linux Foundation and each contributor to LFX.
 // SPDX-License-Identifier: MIT
+
+// Package design contains the DSL for the project service Goa API generation.
 package design
 
 import (
+	//nolint:staticcheck // ST1001: the recommended way of using the goa GSL package is with the . import
 	. "goa.design/goa/v3/dsl"
 )
 
+// JWTAuth is the DSL JWT security type for authentication.
 var JWTAuth = JWTSecurity("jwt", func() {
 	Description("Heimdall authorization")
 })