Update linters (anchore#100)

* upgrade linter version + update Makefile targets Signed-off-by: Alex Goodman <[email protected]> * remove linter ignores for existing providers Signed-off-by: Alex Goodman <[email protected]> * fixes for ruff 0.0.254 update Signed-off-by: Alex Goodman <[email protected]> * upgrade black to v23.1.0 Signed-off-by: Alex Goodman <[email protected]> * make exception for python 3.9 upgrade rule Signed-off-by: Alex Goodman <[email protected]> * enable access to token for the github provider Signed-off-by: Alex Goodman <[email protected]> * bump submodule to the latest labels Signed-off-by: Alex Goodman <[email protected]> * show year limit and require NVD for github provider changes Signed-off-by: Alex Goodman <[email protected]> * bump yardstick to v0.4.4 Signed-off-by: Alex Goodman <[email protected]> * bump and unpin syft in quality gate Signed-off-by: Alex Goodman <[email protected]> * add submodules to checkout for quality gate (for labels) Signed-off-by: Alex Goodman <[email protected]> * allow for using provider cache for the subject under test Signed-off-by: Alex Goodman <[email protected]> * remove latest indeterminate label check and cache rhel provider for qg runs Signed-off-by: Alex Goodman <[email protected]> * bump to include more el labels Signed-off-by: Alex Goodman <[email protected]> * fix end of line for qg check Signed-off-by: Alex Goodman <[email protected]> --------- Signed-off-by: Alex Goodman <[email protected]>
luhring · Mar 10, 2023 · 337d8f0 · 337d8f0
1 parent 0a2d2ee
commit 337d8f0
Show file tree

Hide file tree

Showing 49 changed files with 425 additions and 403 deletions.
diff --git a/.github/workflows/nightly-quality-gate.yaml b/.github/workflows/nightly-quality-gate.yaml
@@ -47,6 +47,8 @@ jobs:
         with:
           # in order to properly resolve the version from git
           fetch-depth: 0
+          # we need submodules for the quality gate to work (requires vulnerability-match-labels repo)
+          submodules: true
 
       - name: Bootstrap environment
         uses: ./.github/actions/bootstrap
@@ -57,6 +59,9 @@ jobs:
         uses: ./.github/actions/quality-gate
         with:
           provider: ${{ matrix.provider }}
+        env:
+          # needed as a secret for the github provider
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   # note: the name for this check is referenced in release.yaml, do not change here without changing there
   Nightly-Quality-Gate:

diff --git a/.github/workflows/pr-quality-gate.yaml b/.github/workflows/pr-quality-gate.yaml
@@ -57,6 +57,8 @@ jobs:
         with:
           # in order to properly resolve the version from git
           fetch-depth: 0
+          # we need submodules for the quality gate to work (requires vulnerability-match-labels repo)
+          submodules: true
 
       - name: Bootstrap environment
         uses: ./.github/actions/bootstrap
@@ -67,6 +69,9 @@ jobs:
         uses: ./.github/actions/quality-gate
         with:
           provider: ${{ matrix.provider }}
+        env:
+          # needed as a secret for the github provider
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   evaluate-quality-gate:
     runs-on: ubuntu-20.04
@@ -88,7 +93,7 @@ jobs:
             echo
             echo "This could happen for a couple of reasons:"
             echo "  - A provider test failed, in which case see the logs in previous jobs for more details"
-            echo "  - A required provider test was skipped. You might need to add the 'run-pr-quality-gate' label to your PR to prevent skipping the test.
+            echo "  - A required provider test was skipped. You might need to add the 'run-pr-quality-gate' label to your PR to prevent skipping the test."
             exit 1
           fi
           echo "🟢 Quality gate passed! (all tests passed)"
diff --git a/Makefile b/Makefile
@@ -1,17 +1,24 @@
 TEMP_DIR = ./.tmp
+IMAGE_NAME = ghcr.io/anchore/vunnel
 BIN_DIR = ./bin
 ABS_BIN_DIR = $(shell realpath $(BIN_DIR))
 
 # path to the grype repo, defaults to ../grype if not set in the GRYPE_PATH environment variable (same for the grype-db repo)
 GRYPE_PATH ?= ../grype
 GRYPE_DB_PATH ?= ../grype-db
 
+# Command templates #################################
+
 CRANE = $(TEMP_DIR)/crane
 CHRONICLE = $(TEMP_DIR)/chronicle
 GLOW = $(TEMP_DIR)/glow
-IMAGE_NAME = ghcr.io/anchore/vunnel
 
-# formatting support
+# Tool versions #################################
+CHRONICLE_VERSION = v0.6.0
+GLOW_VERSION = v1.4.1
+CRANE_VERSION = v0.12.1
+
+# Formatting variables #################################
 BOLD := $(shell tput -T linux bold)
 PURPLE := $(shell tput -T linux setaf 5)
 GREEN := $(shell tput -T linux setaf 2)
@@ -28,10 +35,6 @@ PACKAGE_VERSION = v$(shell poetry run dunamai from git --style semver --dirty --
 COMMIT = $(shell git rev-parse HEAD)
 COMMIT_TAG = git-$(COMMIT)
 
-CHRONICLE_VERSION = v0.6.0
-GLOW_VERSION = v1.4.1
-CRANE_VERSION = v0.12.1
-
 
 ifndef PACKAGE_VERSION
 	$(error PACKAGE_VERSION is not set)
@@ -42,6 +45,34 @@ endif
 .PHONY: all
 all: static-analysis test  ## Run all validations
 
+.PHONY: static-analysis
+static-analysis: virtual-env-check  ## Run all static analyses
+	pre-commit run -a --hook-stage push
+
+.PHONY: test
+test: unit  ## Run all tests
+
+virtual-env-check:
+	@ if [ "${VIRTUAL_ENV}" = "" ]; then \
+		echo "$(ERROR)Not in a virtual environment. Try running with 'poetry run' or enter a 'poetry shell' session.$(RESET)"; \
+		exit 1; \
+	fi
+
+
+## Bootstrapping targets #################################
+
+.PHONY: bootstrap
+bootstrap: $(TEMP_DIR)  ## Download and install all tooling dependencies
+	curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMP_DIR)/ $(CHRONICLE_VERSION)
+	GOBIN="$(abspath $(TEMP_DIR))" go install github.com/charmbracelet/glow@$(GLOW_VERSION)
+	GOBIN="$(abspath $(TEMP_DIR))" go install github.com/google/go-containerregistry/cmd/crane@$(CRANE_VERSION)
+
+$(TEMP_DIR):
+	mkdir -p $(TEMP_DIR)
+
+
+## Development targets #################################
+
 .PHONY: dev
 dev:  ## Get a development shell with locally editable grype, grype-db, and vunnel repos
 	@DEV_VUNNEL_BIN_DIR=$(ABS_BIN_DIR) .github/scripts/dev-shell.sh $(provider) $(providers)
@@ -62,21 +93,13 @@ update-db: check-dev-shell ## Build and import a grype database based off of the
 check-dev-shell:
 	@test -n "$$DEV_VUNNEL_SHELL" || (echo "$(RED)DEV_VUNNEL_SHELL is not set. Run 'make dev provider=\"...\"' first$(RESET)" && exit 1)
 
-$(TEMP_DIR):
-	mkdir -p $(TEMP_DIR)
 
-.PHONY: bootstrap
-bootstrap: $(TEMP_DIR)  ## Download and install all tooling dependencies
-	curl -sSfL https://raw.githubusercontent.com/anchore/chronicle/main/install.sh | sh -s -- -b $(TEMP_DIR)/ $(CHRONICLE_VERSION)
-	GOBIN="$(abspath $(TEMP_DIR))" go install github.com/charmbracelet/glow@$(GLOW_VERSION)
-	GOBIN="$(abspath $(TEMP_DIR))" go install github.com/google/go-containerregistry/cmd/crane@$(CRANE_VERSION)
 
-.PHONY: test
-test: unit  ## Run all tests
+## Static analysis targets #################################
 
-.PHONY: static-analysis
-static-analysis: virtual-env-check  ## Run all static analyses
-	pre-commit run -a --hook-stage push
+.PHONY: lint
+lint: virtual-env-check  ## Show linting issues (ruff)
+	ruff check .
 
 .PHONY: lint-fix
 lint-fix: virtual-env-check  ## Fix linting issues (ruff)
@@ -90,13 +113,15 @@ format: virtual-env-check  ## Format all code (black)
 check-types: virtual-env-check  ## Run type checks (mypy)
 	mypy --config-file ./pyproject.toml src/vunnel
 
+
+## Testing targets #################################
+
 .PHONY: unit
 unit: virtual-env-check  ## Run unit tests
 	pytest --cov-report html --cov vunnel -v tests/unit/
 
-.PHONY: version
-version:
-	@echo $(PACKAGE_VERSION)
+
+## Build-related targets #################################
 
 .PHONY: build
 build:  ## Run build assets
@@ -107,6 +132,10 @@ build:  ## Run build assets
 		-t $(IMAGE_NAME):$(COMMIT_TAG) \
 		.
 
+.PHONY: version
+version:
+	@echo $(PACKAGE_VERSION)
+
 .PHONY: ci-check
 ci-check:
 	@.github/scripts/ci-check.sh
@@ -129,11 +158,8 @@ changelog:
 release:
 	@.github/scripts/trigger-release.sh
 
-virtual-env-check:
-	@ if [ "${VIRTUAL_ENV}" = "" ]; then \
-		echo "$(ERROR)Not in a virtual environment. Try running with 'poetry run' or enter a 'poetry shell' session.$(RESET)"; \
-		exit 1; \
-	fi
+
+## Halp! #################################
 
 .PHONY: help
 help:

diff --git a/poetry.lock b/poetry.lock