diff --git a/.automation/generated/linter-helps.json b/.automation/generated/linter-helps.json index f342021e358..6bf02c6e9e1 100644 --- a/.automation/generated/linter-helps.json +++ b/.automation/generated/linter-helps.json @@ -2168,6 +2168,109 @@ " Accepted values: [error | warning | info | style |", " ignore | none] (default: info)" ], + "helm": [ + "The Kubernetes package manager", + "", + "Common actions for Helm:", + "", + "- helm search: search for charts", + "- helm pull: download a chart to your local directory to view", + "- helm install: upload the chart to Kubernetes", + "- helm list: list releases of charts", + "", + "Environment variables:", + "", + "| Name | Description |", + "|------------------------------------|---------------------------------------------------------------------------------------------------|", + "| $HELM_CACHE_HOME | set an alternative location for storing cached files. |", + "| $HELM_CONFIG_HOME | set an alternative location for storing Helm configuration. |", + "| $HELM_DATA_HOME | set an alternative location for storing Helm data. |", + "| $HELM_DEBUG | indicate whether or not Helm is running in Debug mode |", + "| $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory, sql. |", + "| $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use. |", + "| $HELM_MAX_HISTORY | set the maximum number of helm release history. |", + "| $HELM_NAMESPACE | set the namespace used for the helm operations. |", + "| $HELM_NO_PLUGINS | disable plugins. Set HELM_NO_PLUGINS=1 to disable plugins. |", + "| $HELM_PLUGINS | set the path to the plugins directory |", + "| $HELM_REGISTRY_CONFIG | set the path to the registry config file. |", + "| $HELM_REPOSITORY_CACHE | set the path to the repository cache directory |", + "| $HELM_REPOSITORY_CONFIG | set the path to the repositories file. |", + "| $KUBECONFIG | set an alternative Kubernetes configuration file (default \"~/.kube/config\") |", + "| $HELM_KUBEAPISERVER | set the Kubernetes API Server Endpoint for authentication |", + "| $HELM_KUBECAFILE | set the Kubernetes certificate authority file. |", + "| $HELM_KUBEASGROUPS | set the Groups to use for impersonation using a comma-separated list. |", + "| $HELM_KUBEASUSER | set the Username to impersonate for the operation. |", + "| $HELM_KUBECONTEXT | set the name of the kubeconfig context. |", + "| $HELM_KUBETOKEN | set the Bearer KubeToken used for authentication. |", + "| $HELM_KUBEINSECURE_SKIP_TLS_VERIFY | indicate if the Kubernetes API server's certificate validation should be skipped (insecure) |", + "| $HELM_KUBETLS_SERVER_NAME | set the server name used to validate the Kubernetes API server certificate |", + "| $HELM_BURST_LIMIT | set the default burst limit in the case the server contains many CRDs (default 100, -1 to disable)|", + "", + "Helm stores cache, configuration, and data based on the following configuration order:", + "", + "- If a HELM_*_HOME environment variable is set, it will be used", + "- Otherwise, on systems supporting the XDG base directory specification, the XDG variables will be used", + "- When no other location is set a default location will be used based on the operating system", + "", + "By default, the default directories depend on the Operating System. The defaults are listed below:", + "", + "| Operating System | Cache Path | Configuration Path | Data Path |", + "|------------------|---------------------------|--------------------------------|-------------------------|", + "| Linux | $HOME/.cache/helm | $HOME/.config/helm | $HOME/.local/share/helm |", + "| macOS | $HOME/Library/Caches/helm | $HOME/Library/Preferences/helm | $HOME/Library/helm |", + "| Windows | %TEMP%\\helm | %APPDATA%\\helm | %APPDATA%\\helm |", + "", + "Usage:", + " helm [command]", + "", + "Available Commands:", + " completion generate autocompletion scripts for the specified shell", + " create create a new chart with the given name", + " dependency manage a chart's dependencies", + " env helm client environment information", + " get download extended information of a named release", + " help Help about any command", + " history fetch release history", + " install install a chart", + " lint examine a chart for possible issues", + " list list releases", + " package package a chart directory into a chart archive", + " plugin install, list, or uninstall Helm plugins", + " pull download a chart from a repository and (optionally) unpack it in local directory", + " push push a chart to remote", + " registry login to or logout from a registry", + " repo add, list, remove, update, and index chart repositories", + " rollback roll back a release to a previous revision", + " search search for a keyword in charts", + " show show information of a chart", + " status display the status of the named release", + " template locally render templates", + " test run tests for a release", + " uninstall uninstall a release", + " upgrade upgrade a release", + " verify verify that a chart at the given path has been signed and is valid", + " version print the client version information", + "", + "Flags:", + " --burst-limit int client-side default throttling limit (default 100)", + " --debug enable verbose output", + " -h, --help help for helm", + " --kube-apiserver string the address and the port for the Kubernetes API server", + " --kube-as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups.", + " --kube-as-user string username to impersonate for the operation", + " --kube-ca-file string the certificate authority file for the Kubernetes API server connection", + " --kube-context string name of the kubeconfig context to use", + " --kube-insecure-skip-tls-verify if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure", + " --kube-tls-server-name string server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used", + " --kube-token string bearer token used for authentication", + " --kubeconfig string path to the kubeconfig file", + " -n, --namespace string namespace scope for this request", + " --registry-config string path to the registry config file (default \"/root/.config/helm/registry/config.json\")", + " --repository-cache string path to the file containing cached repository indexes (default \"/root/.cache/helm/repository\")", + " --repository-config string path to the file containing repository names and URLs (default \"/root/.config/helm/repositories.yaml\")", + "", + "Use \"helm [command] --help\" for more information about a command." + ], "htmlhint": [ "Usage: htmlhint [options]", "", diff --git a/.automation/generated/linter-links-previews.json b/.automation/generated/linter-links-previews.json index 7d71801ca73..8b413fad8fa 100644 --- a/.automation/generated/linter-links-previews.json +++ b/.automation/generated/linter-links-previews.json @@ -184,6 +184,11 @@ "image": "https://avatars1.githubusercontent.com/u/34047791?s=400&v=4", "title": "hadolint/hadolint" }, + "helm": { + "description": "Helm - The Kubernetes Package Manager.", + "image": "https://helm.sh/img/og-image.png", + "title": "Helm Lint" + }, "htmlhint": { "description": "\u2699\ufe0f The static code analysis tool you need for your HTML - htmlhint/HTMLHint", "image": "https://avatars0.githubusercontent.com/u/42865284?s=400&v=4", diff --git a/.automation/generated/linter-versions.json b/.automation/generated/linter-versions.json index 8791fc0242a..53f47e2455a 100644 --- a/.automation/generated/linter-versions.json +++ b/.automation/generated/linter-versions.json @@ -35,6 +35,7 @@ "goodcheck": "3.1.0", "graphql-schema-linter": "3.0.1", "hadolint": "2.12.0", + "helm": "3.10.2", "htmlhint": "1.1.4", "isort": "5.12.0", "jscpd": "3.5.3", diff --git a/.automation/test/kubernetes_helm/bad/Chart.yaml b/.automation/test/kubernetes_helm/bad/Chart.yaml new file mode 100644 index 00000000000..1e777b5ff26 --- /dev/null +++ b/.automation/test/kubernetes_helm/bad/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: hello-world +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" \ No newline at end of file diff --git a/.automation/test/kubernetes_helm/good/Chart.yaml b/.automation/test/kubernetes_helm/good/Chart.yaml new file mode 100644 index 00000000000..eab16ce0cf7 --- /dev/null +++ b/.automation/test/kubernetes_helm/good/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: hello-world +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" \ No newline at end of file diff --git a/.github/workflows/deploy-BETA-linters.yml b/.github/workflows/deploy-BETA-linters.yml index b2d554adf8d..bfe764d7305 100644 --- a/.github/workflows/deploy-BETA-linters.yml +++ b/.github/workflows/deploy-BETA-linters.yml @@ -111,6 +111,7 @@ jobs: "kotlin_ktlint", "kubernetes_kubeval", "kubernetes_kubeconform", + "kubernetes_helm", "latex_chktex", "lua_luacheck", "makefile_checkmake", diff --git a/.github/workflows/deploy-DEV-linters.yml b/.github/workflows/deploy-DEV-linters.yml index 4d711bb5722..119d191c87f 100644 --- a/.github/workflows/deploy-DEV-linters.yml +++ b/.github/workflows/deploy-DEV-linters.yml @@ -113,6 +113,7 @@ jobs: "kotlin_ktlint", "kubernetes_kubeval", "kubernetes_kubeconform", + "kubernetes_helm", "latex_chktex", "lua_luacheck", "makefile_checkmake", diff --git a/.github/workflows/deploy-RELEASE-linters.yml b/.github/workflows/deploy-RELEASE-linters.yml index 1294d5864cb..a73f1541ee4 100644 --- a/.github/workflows/deploy-RELEASE-linters.yml +++ b/.github/workflows/deploy-RELEASE-linters.yml @@ -87,6 +87,7 @@ jobs: "kotlin_ktlint", "kubernetes_kubeval", "kubernetes_kubeconform", + "kubernetes_helm", "latex_chktex", "lua_luacheck", "makefile_checkmake", diff --git a/.gitignore b/.gitignore index 3d5e18ea75f..3f56adb217e 100644 --- a/.gitignore +++ b/.gitignore @@ -110,3 +110,5 @@ megalinter-reports/ github_conf/ Pipfile + +run_local_linter.sh \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index c6f2af5c81b..5471995be02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-linter.yml file, or with `oxsecurity/megalinter:beta` docker image +- Add helm lint, by @ThomasSanson in https://github.com/oxsecurity/megalinter/pull/2386 + - Linter versions upgrades - [ansible-lint](https://ansible-lint.readthedocs.io/) from 6.14.1 to **6.14.2** on 2023-03-11 - [checkstyle](https://checkstyle.sourceforge.io) from 10.8.0 to **10.8.1** on 2023-03-11 diff --git a/Dockerfile b/Dockerfile index 1cd821e24ee..ac89e552ad0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -116,6 +116,7 @@ RUN apk add --update --no-cache \ npm \ yarn \ go \ + helm \ openssl \ readline-dev \ g++ \ diff --git a/docs/standalone-linters.md b/docs/standalone-linters.md index ff07b84b85f..1af7502784b 100644 --- a/docs/standalone-linters.md +++ b/docs/standalone-linters.md @@ -44,6 +44,7 @@ | KOTLIN_KTLINT | oxsecurity/megalinter-only-kotlin_ktlint:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-kotlin_ktlint/beta) | | KUBERNETES_KUBEVAL | oxsecurity/megalinter-only-kubernetes_kubeval:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-kubernetes_kubeval/beta) | | KUBERNETES_KUBECONFORM | oxsecurity/megalinter-only-kubernetes_kubeconform:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-kubernetes_kubeconform/beta) | +| KUBERNETES_HELM | oxsecurity/megalinter-only-kubernetes_helm:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-kubernetes_helm/beta) | | LATEX_CHKTEX | oxsecurity/megalinter-only-latex_chktex:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-latex_chktex/beta) | | LUA_LUACHECK | oxsecurity/megalinter-only-lua_luacheck:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-lua_luacheck/beta) | | MAKEFILE_CHECKMAKE | oxsecurity/megalinter-only-makefile_checkmake:beta | ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/oxsecurity/megalinter-only-makefile_checkmake/beta) | diff --git a/flavors/cupcake/Dockerfile b/flavors/cupcake/Dockerfile index 8809e150026..522ec03374c 100644 --- a/flavors/cupcake/Dockerfile +++ b/flavors/cupcake/Dockerfile @@ -91,6 +91,7 @@ RUN apk add --update --no-cache \ npm \ yarn \ go \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/cupcake/flavor.json b/flavors/cupcake/flavor.json index 83ecbc94378..68d3153c37e 100644 --- a/flavors/cupcake/flavor.json +++ b/flavors/cupcake/flavor.json @@ -43,6 +43,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/documentation/Dockerfile b/flavors/documentation/Dockerfile index c55ac14cb5b..d7f15a25b90 100644 --- a/flavors/documentation/Dockerfile +++ b/flavors/documentation/Dockerfile @@ -65,6 +65,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/documentation/flavor.json b/flavors/documentation/flavor.json index 906cb5e742b..63855835a48 100644 --- a/flavors/documentation/flavor.json +++ b/flavors/documentation/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/dotnet/Dockerfile b/flavors/dotnet/Dockerfile index 29c3d64af28..1bc4ed3c463 100644 --- a/flavors/dotnet/Dockerfile +++ b/flavors/dotnet/Dockerfile @@ -81,6 +81,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/dotnet/flavor.json b/flavors/dotnet/flavor.json index 8f6f25ff80e..3e47052347e 100644 --- a/flavors/dotnet/flavor.json +++ b/flavors/dotnet/flavor.json @@ -39,6 +39,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/go/Dockerfile b/flavors/go/Dockerfile index 2d3ac272461..89871986e17 100644 --- a/flavors/go/Dockerfile +++ b/flavors/go/Dockerfile @@ -72,6 +72,7 @@ RUN apk add --update --no-cache \ npm \ yarn \ go \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/go/flavor.json b/flavors/go/flavor.json index 53562877bc5..4e0e93b596b 100644 --- a/flavors/go/flavor.json +++ b/flavors/go/flavor.json @@ -29,6 +29,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/java/Dockerfile b/flavors/java/Dockerfile index 036efc21a10..4b7eec554e1 100644 --- a/flavors/java/Dockerfile +++ b/flavors/java/Dockerfile @@ -65,6 +65,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/java/flavor.json b/flavors/java/flavor.json index 887a58597a2..c8ca947681e 100644 --- a/flavors/java/flavor.json +++ b/flavors/java/flavor.json @@ -31,6 +31,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/javascript/Dockerfile b/flavors/javascript/Dockerfile index ef13946f77a..5bf90bbbb4a 100644 --- a/flavors/javascript/Dockerfile +++ b/flavors/javascript/Dockerfile @@ -64,6 +64,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/javascript/flavor.json b/flavors/javascript/flavor.json index b6ce44edbe6..acfa03efe41 100644 --- a/flavors/javascript/flavor.json +++ b/flavors/javascript/flavor.json @@ -34,6 +34,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/php/Dockerfile b/flavors/php/Dockerfile index 8b5ff3ba57a..1e795b4bd42 100644 --- a/flavors/php/Dockerfile +++ b/flavors/php/Dockerfile @@ -76,6 +76,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/php/flavor.json b/flavors/php/flavor.json index bf6b63dea7a..f89d4ba24cd 100644 --- a/flavors/php/flavor.json +++ b/flavors/php/flavor.json @@ -28,6 +28,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/python/Dockerfile b/flavors/python/Dockerfile index cbeb1ccb6bb..cd984eda28f 100644 --- a/flavors/python/Dockerfile +++ b/flavors/python/Dockerfile @@ -65,6 +65,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/python/flavor.json b/flavors/python/flavor.json index 31c09ff92ea..771ad26dc8f 100644 --- a/flavors/python/flavor.json +++ b/flavors/python/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", diff --git a/flavors/ruby/Dockerfile b/flavors/ruby/Dockerfile index 1f2bfca0063..c66644752e3 100644 --- a/flavors/ruby/Dockerfile +++ b/flavors/ruby/Dockerfile @@ -64,6 +64,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/ruby/flavor.json b/flavors/ruby/flavor.json index 1a7caa05aeb..fa98da7c67d 100644 --- a/flavors/ruby/flavor.json +++ b/flavors/ruby/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/rust/Dockerfile b/flavors/rust/Dockerfile index 812259f5366..414ae01ec12 100644 --- a/flavors/rust/Dockerfile +++ b/flavors/rust/Dockerfile @@ -64,6 +64,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/rust/flavor.json b/flavors/rust/flavor.json index ee66213a12f..8ef06b937b9 100644 --- a/flavors/rust/flavor.json +++ b/flavors/rust/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/salesforce/Dockerfile b/flavors/salesforce/Dockerfile index de80220e964..1f91f9e6fc1 100644 --- a/flavors/salesforce/Dockerfile +++ b/flavors/salesforce/Dockerfile @@ -64,6 +64,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/salesforce/flavor.json b/flavors/salesforce/flavor.json index bc2d5ece479..28c2348320b 100644 --- a/flavors/salesforce/flavor.json +++ b/flavors/salesforce/flavor.json @@ -29,6 +29,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile index 3f05eee9f38..ba27344f494 100644 --- a/flavors/security/Dockerfile +++ b/flavors/security/Dockerfile @@ -58,6 +58,7 @@ RUN apk add --update --no-cache \ make \ musl-dev \ openssh \ + helm \ icu-libs \ libcurl \ libintl \ diff --git a/flavors/security/flavor.json b/flavors/security/flavor.json index ae0130130ba..922c29af528 100644 --- a/flavors/security/flavor.json +++ b/flavors/security/flavor.json @@ -9,6 +9,7 @@ "DOCKERFILE_HADOLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "PYTHON_BANDIT", "REPOSITORY_CHECKOV", "REPOSITORY_DEVSKIM", diff --git a/flavors/swift/Dockerfile b/flavors/swift/Dockerfile index 3cf0b1a07c6..67b5c3cbe5f 100644 --- a/flavors/swift/Dockerfile +++ b/flavors/swift/Dockerfile @@ -66,6 +66,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/swift/flavor.json b/flavors/swift/flavor.json index 53910bb7a7a..e2eac6c4d3b 100644 --- a/flavors/swift/flavor.json +++ b/flavors/swift/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/flavors/terraform/Dockerfile b/flavors/terraform/Dockerfile index fad620d886c..fd86a5a2d3e 100644 --- a/flavors/terraform/Dockerfile +++ b/flavors/terraform/Dockerfile @@ -70,6 +70,7 @@ RUN apk add --update --no-cache \ nodejs \ npm \ yarn \ + helm \ libc-dev \ libxml2-dev \ libxml2-utils \ diff --git a/flavors/terraform/flavor.json b/flavors/terraform/flavor.json index c5a025be188..f9baff70d24 100644 --- a/flavors/terraform/flavor.json +++ b/flavors/terraform/flavor.json @@ -27,6 +27,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/linters/kubernetes_helm/Dockerfile b/linters/kubernetes_helm/Dockerfile new file mode 100644 index 00000000000..b64f5dd857e --- /dev/null +++ b/linters/kubernetes_helm/Dockerfile @@ -0,0 +1,209 @@ +# syntax=docker/dockerfile:1 +########################################### +########################################### +## Dockerfile to run MegaLinter ## +########################################### +########################################### + +# @not-generated + +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# +#FROM__START + +#FROM__END + +################## +# Get base image # +################## +FROM python:3.11.2-alpine3.17 +ARG GITHUB_TOKEN + +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# +#ARG__START + +#ARG__END + +#################### +# Run APK installs # +#################### + +WORKDIR / + +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# +#APK__START +RUN apk add --update --no-cache \ + bash \ + ca-certificates \ + curl \ + gcc \ + git \ + git-lfs \ + libffi-dev \ + make \ + musl-dev \ + openssh \ + helm \ + && git config --global core.autocrlf true +#APK__END + +# PATH for golang & python +ENV GOROOT=/usr/lib/go \ + GOPATH=/go + # PYTHONPYCACHEPREFIX="$HOME/.cache/cpython/" NV: not working for all packages :/ +# hadolint ignore=DL3044 +ENV PATH="$PATH":"$GOROOT"/bin:"$GOPATH"/bin +RUN mkdir -p ${GOPATH}/src ${GOPATH}/bin || true && \ + # Ignore npm package issues + yarn config set ignore-engines true || true + +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# +#PIP__START + +#PIP__END + +#PIPVENV__START + +#PIPVENV__END + +############################ +# Install NPM dependencies # +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# + +ENV NODE_OPTIONS="--max-old-space-size=8192" \ + NODE_ENV=production +#NPM__START + +#NPM__END + +# Add node packages to path # +ENV PATH="/node-deps/node_modules/.bin:${PATH}" \ + NODE_PATH="/node-deps/node_modules" + +############################## +# Installs ruby dependencies # +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# + +#GEM__START + +#GEM__END + +############################## +# Installs rust dependencies # +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# + +#CARGO__START + +#CARGO__END + +############################## +# COPY instructions # +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# + +#COPY__START + +#COPY__END + +############################################################################################# +## @generated by .automation/build.py using descriptor files, please do not update manually ## +############################################################################################# +#OTHER__START + +#OTHER__END + +################################ +# Installs python dependencies # +################################ +COPY megalinter /megalinter +RUN PYTHONDONTWRITEBYTECODE=1 python /megalinter/setup.py install \ + && PYTHONDONTWRITEBYTECODE=1 python /megalinter/setup.py clean --all \ + && rm -rf /var/cache/apk/* \ + && find . | grep -E "(/__pycache__$|\.pyc$|\.pyo$)" | xargs rm -rf + +####################################### +# Copy scripts and rules to container # +####################################### +COPY megalinter/descriptors /megalinter-descriptors +COPY TEMPLATES /action/lib/.automation + +########################### +# Get the build arguments # +########################### +ARG BUILD_DATE +ARG BUILD_REVISION +ARG BUILD_VERSION + +################################################# +# Set ENV values used for debugging the version # +################################################# +ENV BUILD_DATE=$BUILD_DATE \ + BUILD_REVISION=$BUILD_REVISION \ + BUILD_VERSION=$BUILD_VERSION + +#FLAVOR__START +ENV MEGALINTER_FLAVOR=none +#FLAVOR__END + +######################################### +# Label the instance and set maintainer # +######################################### +LABEL com.github.actions.name="MegaLinter" \ + com.github.actions.description="The ultimate linters aggregator to make sure your projects are clean" \ + com.github.actions.icon="code" \ + com.github.actions.color="red" \ + maintainer="Nicolas Vuillamy " \ + org.opencontainers.image.created=$BUILD_DATE \ + org.opencontainers.image.revision=$BUILD_REVISION \ + org.opencontainers.image.version=$BUILD_VERSION \ + org.opencontainers.image.authors="Nicolas Vuillamy " \ + org.opencontainers.image.url="https://megalinter.io" \ + org.opencontainers.image.source="https://github.com/oxsecurity/megalinter" \ + org.opencontainers.image.documentation="https://megalinter.io" \ + org.opencontainers.image.vendor="Nicolas Vuillamy" \ + org.opencontainers.image.description="Lint your code base with GitHub Actions" + +#EXTRA_DOCKERFILE_LINES__START +ENV ENABLE_LINTERS=KUBERNETES_HELM \ + FLAVOR_SUGGESTIONS=false \ + SINGLE_LINTER=KUBERNETES_HELM \ + PRINT_ALPACA=false \ + LOG_FILE=none \ + SARIF_REPORTER=true \ + TEXT_REPORTER=false \ + UPDATED_SOURCES_REPORTER=false \ + GITHUB_STATUS_REPORTER=false \ + GITHUB_COMMENT_REPORTER=false \ + EMAIL_REPORTER=false \ + FILEIO_REPORTER=false \ + CONFIG_REPORTER=false \ + SARIF_TO_HUMAN=false +RUN mkdir /root/docker_ssh && mkdir /usr/bin/megalinter-sh +EXPOSE 22 +COPY entrypoint.sh /entrypoint.sh +COPY sh /usr/bin/megalinter-sh +COPY sh/megalinter_exec /usr/bin/megalinter_exec +COPY sh/motd /etc/motd +RUN find /usr/bin/megalinter-sh/ -type f -iname "*.sh" -exec chmod +x {} \; && \ + chmod +x entrypoint.sh && \ + chmod +x /usr/bin/megalinter_exec && \ + echo "alias megalinter='python -m megalinter.run'" >> ~/.bashrc && source ~/.bashrc && \ + echo "alias megalinter_exec='/usr/bin/megalinter_exec'" >> ~/.bashrc && source ~/.bashrc +RUN export STANDALONE_LINTER_VERSION="$(python -m megalinter.run --input /tmp --linterversion)" && \ + echo $STANDALONE_LINTER_VERSION +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] +#EXTRA_DOCKERFILE_LINES__END diff --git a/megalinter/descriptors/all_flavors.json b/megalinter/descriptors/all_flavors.json index dc713405561..aeae62445fb 100644 --- a/megalinter/descriptors/all_flavors.json +++ b/megalinter/descriptors/all_flavors.json @@ -72,6 +72,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -148,6 +149,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -216,6 +218,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -278,6 +281,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -338,6 +342,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -401,6 +406,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -461,6 +467,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -520,6 +527,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MAKEFILE_CHECKMAKE", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", @@ -586,6 +594,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -642,6 +651,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -700,6 +710,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -740,6 +751,7 @@ "DOCKERFILE_HADOLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "PYTHON_BANDIT", "REPOSITORY_CHECKOV", "REPOSITORY_DEVSKIM", @@ -785,6 +797,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", @@ -841,6 +854,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "MARKDOWN_MARKDOWNLINT", "MARKDOWN_MARKDOWN_LINK_CHECK", "MARKDOWN_MARKDOWN_TABLE_FORMATTER", diff --git a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml index 1cdc6430e5b..b9c6c7df5df 100644 --- a/megalinter/descriptors/kubernetes.megalinter-descriptor.yml +++ b/megalinter/descriptors/kubernetes.megalinter-descriptor.yml @@ -70,3 +70,28 @@ linters: && mv ${ML_THIRD_PARTY_DIR}/kubeconform /usr/local/bin \ && rm ${ML_THIRD_PARTY_DIR}/kubeconform-linux-amd64.tar.gz \ && find ${ML_THIRD_PARTY_DIR} -type f -not -name 'LICENSE*' -delete -o -type d -empty -delete + + # HELM LINT + - linter_name: helm + name: KUBERNETES_HELM + linter_repo: https://github.com/helm/helm + linter_url: https://helm.sh/docs/helm/helm_lint/ + files_sub_directory: "" + test_folder: kubernetes_helm + active_only_if_file_found: + - Chart.yml + - Chart.yaml + cli_lint_mode: project + cli_help_arg_name: help + cli_version_arg_name: version + cli_lint_extra_args: + - "lint" + linter_banner_image_url: https://helm.sh/img/helm.svg + linter_text: | + `helm lint` examine a chart for possible issues. + examples: + - helm lint . + - helm lint --with-subcharts . + install: + apk: + - helm diff --git a/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json b/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json index 9028988f45b..816e1c18f5a 100644 --- a/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json +++ b/megalinter/descriptors/schemas/megalinter-configuration.jsonschema.json @@ -154,6 +154,7 @@ "KOTLIN_KTLINT", "KUBERNETES_KUBEVAL", "KUBERNETES_KUBECONFORM", + "KUBERNETES_HELM", "LATEX_CHKTEX", "LUA_LUACHECK", "MAKEFILE_CHECKMAKE", diff --git a/megalinter/tests/test_megalinter/linters/kubernetes_helm_test.py b/megalinter/tests/test_megalinter/linters/kubernetes_helm_test.py new file mode 100644 index 00000000000..c908d47bbb9 --- /dev/null +++ b/megalinter/tests/test_megalinter/linters/kubernetes_helm_test.py @@ -0,0 +1,14 @@ +# !/usr/bin/env python3 +""" +Unit tests for KUBERNETES linter helm +This class has been automatically @generated by .automation/build.py, please do not update it manually +""" + +from unittest import TestCase + +from megalinter.tests.test_megalinter.LinterTestRoot import LinterTestRoot + + +class kubernetes_helm_test(TestCase, LinterTestRoot): + descriptor_id = "KUBERNETES" + linter_name = "helm"