adoptium · gdams · Aug 5, 2024
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -0,0 +1,72 @@
+# ********************************************************************************
+# Copyright (c) 2020 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made
+# available under the terms of the Apache Software License 2.0
+# which is available at https://www.apache.org/licenses/LICENSE-2.0.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************
+
+---
+    ###########################
+    ###########################
+    ## Linter GitHub Actions ##
+    ###########################
+    ###########################
+    name: Linter
+
+    #
+    # Documentation:
+    # https://help.github.com/en/articles/workflow-syntax-for-github-actions
+    #
+
+    #############################
+    # Start the job on all push #
+    #############################
+    on:
+      pull_request:
+        branches: [ main ]
+
+    ###############
+    # Set the Job #
+    ###############
+    permissions:
+      contents: read
+
+    jobs:
+      linter:
+        permissions:
+          contents: read  # for actions/checkout to fetch code
+          statuses: write  # for github/super-linter to mark status of each linter run
+        # Name the Job
+        name: Lint Code Base
+        # Set the agent to run on
+        runs-on: ubuntu-latest
+
+        ##################
+        # Load all steps #
+        ##################
+        steps:
+          ##########################
+          # Checkout the code base #
+          ##########################
+          - name: Checkout Code
+            uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+            with:
+              # Full git history is needed to get a proper list of changed files within `super-linter`
+              fetch-depth: 0
+
+          ################################
+          # Run Linter against code base #
+          ################################
+          - name: Lint Code Base
+            uses: github/super-linter@45fc0d88288beee4701c62761281edfee85655d7 # v5.0.0
+            env:
+              VALIDATE_ALL_CODEBASE: true
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              # Markdown lint complains about the issue templates
+              FILTER_REGEX_EXCLUDE: .github/ISSUE_TEMPLATE/*
diff --git a/.test/config.sh b/.test/config.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+# shellcheck disable=SC2154
 imageTests[openjdk]+='
 	java-ca-certificates-update
 '

diff --git a/.test/tests/java-ca-certificates-update/run.sh b/.test/tests/java-ca-certificates-update/run.sh
@@ -2,11 +2,13 @@
 
 set -o pipefail
 
+# shellcheck disable=SC2128
 testDir="$(readlink -f "$(dirname "$BASH_SOURCE")")"
+# shellcheck disable=SC2128
 runDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
 
 # CMD1 in each run is just a `date` to make sure nothing is broken with or without the entrypoint
-CMD1=date
+CMD1="date"
 
 # CMD2 in each run is to check for the `dockerbuilder` certificate in the Java keystore. Entrypoint export $CACERT to
 # point to the Java keystore.
@@ -36,86 +38,86 @@ EOF
 #
 
 # Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
-docker run --rm "$1" $CMD1 >&/dev/null
+docker run --rm "$1" "$CMD1" >&/dev/null
 echo -n $?
 docker run --rm "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
 # expect CMD1 to succeed and CMD2 to fail.
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
 echo -n $?
 docker run --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
 # be activated. We expect CMD1 to succeed and CMD2 to fail.
-docker run --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
+docker run --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
 # environment variable is set. We expect both CMD1 and CMD2 to succeed.
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
 # CMD1 to succeed and CMD2 to fail.
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
 echo -n $?
-docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
+docker run --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 #
 # PHASE 2: Non-root containers
 #
 
 # Test run 1: No added certificates and environment variable is not set. We expect CMD1 to succeed and CMD2 to fail.
-docker run --read-only --user 1000:1000 --rm "$1" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 --rm "$1" "$CMD1" >&/dev/null
 echo -n $?
 docker run --read-only --user 1000:1000 --rm "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 2: No added certificates, but the environment variable is set. Since there are no certificates, we still
 # expect CMD1 to succeed and CMD2 to fail.
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "$CMD1" >&/dev/null
 echo -n $?
 docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 3: Certificates are mounted, but the environment variable is not set, i.e. certificate importing should not
 # be activated. We expect CMD1 to succeed and CMD2 to fail.
-docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --read-only --user 1000:1000 --rm --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --read-only --user 1000:1000 --rm --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 4: Certificates are mounted and the environment variable is set. We expect both CMD1 and CMD2 to succeed.
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 5: Certificates are mounted and are symlinks (e.g. in Kubernetes as `Secret`s or `ConfigMap`s) and the
 # environment variable is set. We expect both CMD1 and CMD2 to succeed.
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "$CMD1" >&/dev/null
 echo -n $?
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs_symlink:/certificates "$1" "${CMD2[@]}" >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs_symlink:/certificates" "$1" "${CMD2[@]}" >&/dev/null
 echo -n $?
 
 # Test run 6: Certificates are mounted and the environment variable is set, but the entrypoint is overridden. We expect
 # CMD1 to succeed and CMD2 to fail.
 #
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" $CMD1 >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "$CMD1" >&/dev/null
 echo -n $?
-docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume=$testDir/certs:/certificates "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
+docker run --read-only --user 1000:1000 -v /tmp --rm -e USE_SYSTEM_CA_CERTS=1 --volume="$testDir/certs:/certificates" "$TESTIMAGE" "${CMD2[@]}" >&/dev/null
 echo -n $?
diff --git a/dockerhub_doc_config_update.sh b/dockerhub_doc_config_update.sh
@@ -41,14 +41,12 @@ oses="alpine ubuntu ubi windowsservercore-ltsc2022 nanoserver-ltsc2022 windowsse
 # The image which is used by default when pulling shared tags on linux e.g 8-jdk
 default_linux_image="noble"
 
-git_repo="https://github.com/adoptium/containers/blob/master"
-
 # Get the latest git commit of the current repo.
 # This is assumed to have all the latest dockerfiles already.
 gitcommit=$(git log | head -1 | awk '{ print $2 }')
 
 print_official_text() {
-	echo "$*" >> ${official_docker_image_file}
+	echo "$*" >> "${official_docker_image_file}"
 }
 
 print_official_header() {
@@ -71,9 +69,9 @@ function generate_official_image_tags() {
 	ojdk_version=${ojdk_version//+/_}
 
 	case $os in
-		"ubuntu") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
-		"ubi") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
-		"windows") distro=$(echo $dfdir | awk -F '/' '{ print $4 }' ) ;;
+		"ubuntu") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
+		"ubi") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
+		"windows") distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' ) ;;
 		*) distro=$os;;
 	esac
 
@@ -82,10 +80,8 @@ function generate_official_image_tags() {
 	# 8u212-jdk
 	full_ver_tag="${ojdk_version}-${pkg}"
 
-	unset extra_shared_tags extra_ver_tags
+	unset extra_shared_tags
 	full_ver_tag="${full_ver_tag}-${distro}"
-	# Commented out as this added the -hotspot tag which we don't need for temurin
-	# extra_ver_tags=", ${ver}-${pkg}"
 
 	ver_tag="${ver}-${pkg}-${distro}"
 	all_tags="${full_ver_tag}, ${ver_tag}"
@@ -94,7 +90,6 @@ function generate_official_image_tags() {
 		jdk_tag="${ver}-${distro}"
 		all_tags="${all_tags}, ${jdk_tag}"
 		# make "eclipse-temurin:latest" point to newest supported JDK
-		# shellcheck disable=SC2154
 		if [ "${ver}" == "${latest_version}" ]; then
 			if [ "${vm}" == "hotspot" ]; then
 				extra_shared_tags=", latest"
@@ -103,44 +98,46 @@ function generate_official_image_tags() {
 	fi
 
 	unset windows_shared_tags
-	shared_tags=$(echo ${all_tags} | sed "s/-$distro//g")
-	if [ $os == "windows" ]; then
-		windows_version=$(echo $distro | awk -F '-' '{ print $1 }' )
-		windows_version_number=$(echo $distro | awk -F '-' '{ print $2 }' )
-		windows_shared_tags=$(echo ${all_tags} | sed "s/$distro/$windows_version/g")
+	shared_tags="${all_tags//-$distro/}"
+
+	if [ "$os" == "windows" ]; then
+		windows_version=$(echo "$distro" | awk -F '-' '{ print $1 }' )
+		windows_version_number=$(echo "$distro" | awk -F '-' '{ print $2 }' )
+		windows_shared_tags="${all_tags//$distro/$windows_version}"
 		case $distro in
 			nanoserver*) 
 				constraints="${distro}, windowsservercore-${windows_version_number}"
 				all_shared_tags="${windows_shared_tags}"
 				;;
 			*) 
 				constraints="${distro}"
-				all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_ver_tags}${extra_shared_tags}"
+				all_shared_tags="${windows_shared_tags}, ${shared_tags}${extra_shared_tags}"
 				;;
 		esac
 	else
-	all_shared_tags="${shared_tags}${extra_ver_tags}${extra_shared_tags}"
+	all_shared_tags="${shared_tags}${extra_shared_tags}"
 	fi
 }
 
 function generate_official_image_arches() {
 	# Generate the supported arches for the above tags.
-	# Official images supports amd64, arm64vX, s390x, ppc64le amd windows-amd64
-	if [ $os == "windows" ]; then
+	# Official images support amd64, arm64vX, s390x, ppc64le, and windows-amd64
+	if [ "$os" == "windows" ]; then
 		arches="windows-amd64"
 	else
 		# shellcheck disable=SC2046,SC2005,SC1003,SC2086,SC2063
 		arches=$(echo $(grep ') \\' ${file} | grep -v "*" | sed 's/) \\//g; s/|//g'))
-		arches=$(echo ${arches} | sed 's/x86_64/amd64/g') # replace x86_64 with amd64
-		arches=$(echo ${arches} | sed 's/ppc64el/ppc64le/g') # replace ppc64el with ppc64le
-		arches=$(echo ${arches} | sed 's/arm64/arm64v8/g') # replace arm64 with arm64v8
-		arches=$(echo ${arches} | sed 's/aarch64/arm64v8/g') # replace aarch64 with arm64v8
-		arches=$(echo ${arches} | sed 's/armhf/arm32v7/g') # replace armhf with arm32v7
+		arches="${arches//x86_64/amd64}" # replace x86_64 with amd64
+		arches="${arches//ppc64el/ppc64le}" # replace ppc64el with ppc64le
+		arches="${arches//arm64/arm64v8}" # replace arm64 with arm64v8
+		arches="${arches//aarch64/arm64v8}" # replace aarch64 with arm64v8
+		arches="${arches//armhf/arm32v7}" # replace armhf with arm32v7
 		# sort arches alphabetically
-		arches=$(echo ${arches} | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
+		arches=$(echo "${arches}" | tr ' ' '\n' | sort | tr '\n' ' ' | sed 's/ /, /g' | sed 's/, $//')
 	fi
 }
 
+
 function print_official_image_file() {
 	# Retrieve the latest manifest block
 	official_manifest=$(sed -n "/${all_tags}/,/^$/p" official-eclipse-temurin)
@@ -178,15 +175,15 @@ function print_official_image_file() {
 	  echo "Architectures: ${arches}"
 	  echo "GitCommit: ${commit}"
 	  echo "Directory: ${dfdir}"
-	  if [ $os == "windows" ]; then
+	  if [ "$os" == "windows" ]; then
 	  	echo "Builder: classic"
 		echo "Constraints: ${constraints}"
 	  fi
 	  echo ""
-	} >> ${official_docker_image_file}
+	} >> "${official_docker_image_file}"
 }
 
-rm -f ${official_docker_image_file}
+rm -f "${official_docker_image_file}"
 print_official_header
 
 official_os_ignore_array=(clefos debian debianslim leap tumbleweed)
@@ -201,7 +198,7 @@ function generate_official_image_info() {
 		fi
 	done
 	if [ "${os}" == "windows" ]; then
-		distro=$(echo $dfdir | awk -F '/' '{ print $4 }' )
+		distro=$(echo "$dfdir" | awk -F '/' '{ print $4 }' )
 		# 20h2 and 1909 is not supported upstream
 		if [[ "${distro}" == "windowsservercore-20h2" ]] || [[ "${distro}" == "windowsservercore-1909" ]] || [[ "${distro}" == "windowsservercore-ltsc2019" ]] ; then
 			return;
@@ -210,10 +207,6 @@ function generate_official_image_info() {
 			return;
 		fi
 	fi
-	# We do not push our nightly and slim images either.
-	if [ "${build}" == "nightly" ] || [ "${btype}" == "slim" ]; then
-		return;
-	fi
 
 	generate_official_image_tags
 	generate_official_image_arches
@@ -239,14 +232,8 @@ do
 					# dockerfile name
 					dfname=$(basename "${file}")
 					# dockerfile dir
-					dfdir=$(dirname $file | cut -c 3-)
+					dfdir=$(dirname "${file}" | cut -c 3-)
 					os=$(echo "${file}" | awk -F '/' '{ print $4 }')
-					# build = release or nightly
-					# build=$(echo "${dfname}" | awk -F "." '{ print $3 }')
-					build="release"
-					# btype = full or slim
-					# btype=$(echo "${dfname}" | awk -F "." '{ print $4 }')
-					build="full"
 					generate_official_image_info
 				done
 			done