Merge pull request 'Add yamllint to Woodpecker CI' (#154) from improce_ci into main

Reviewed-on: #154 Reviewed-by: Aaron Riedel <git@ar21.de>
2024-10-07 13:45:49 +02:00 · 2024-10-07 13:45:49 +02:00 · e868463399
commit e868463399
parent adbdc97a31 842355bbe0
67 changed files with 702 additions and 631 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,7 +1,8 @@
 ---
 kind: pipeline
 name: deploy
 steps:
- name: kustomize build dashboard (prod + staging)
+  - name: kustomize build dashboard (prod + staging)
    image: git.ar21.de/aaron/kustomize-ci
    commands:
      - cd /deployment-repo
@ -18,7 +19,7 @@ steps:
        - main
      event:
        - push
- name: kustomize build dashboard (staging)
+  - name: kustomize build dashboard (staging)
    image: git.ar21.de/aaron/kustomize-ci
    commands:
      - cd /deployment-repo
@ -38,7 +39,7 @@ steps:
          - main
      event:
        - push
- name: kustomize push dashboard changes (prod + staging)
+  - name: kustomize push dashboard changes (prod + staging)
    image: appleboy/drone-git-push
    settings:
      branch: main
@ -57,7 +58,7 @@ steps:
        - main
      event:
        - push
- name: kustomize push dashboard changes (staging)
+  - name: kustomize push dashboard changes (staging)
    image: appleboy/drone-git-push
    settings:
      branch: main
@ -78,9 +79,9 @@ steps:
      event:
        - push
 volumes:
- name: deployment-repo
+  - name: deployment-repo
    temp: {}
- name: staging-repo
+  - name: staging-repo
    temp: {}
 when:
  event:
--- a/.woodpecker/.yamllint.yaml
+++ b/.woodpecker/.yamllint.yaml
@ -0,0 +1,8 @@
 ---
 steps:
  - name: linting
    image: cytopia/yamllint:latest
    commands:
      - yamllint -f colored -s .
 when:
  - event: push
--- a/.yamllint
+++ b/.yamllint
@ -0,0 +1,10 @@
 ---
 yaml-files:
  - '*.yaml'
  - '*.yml'
  - '.yamllint'
 extends: default
 rules:
  line-length: disable
--- a/argo/kustomization.yaml
+++ b/argo/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/argo/secret-generator.yaml
+++ b/argo/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/argo/secret.yaml
+++ b/argo/secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/argo/sops-secret.yaml
+++ b/argo/sops-secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/argo/values.yaml
+++ b/argo/values.yaml
@ -1,3 +1,4 @@
 ---
 global:
  domain: argo.services.yolokube.de
 configs:
--- a/authentik/kustomization.yaml
+++ b/authentik/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/authentik/manifest.yaml
+++ b/authentik/manifest.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/authentik/secret-generator.yaml
+++ b/authentik/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/authentik/secret.yaml
+++ b/authentik/secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/cert-manager/namespace.yaml
+++ b/cert-manager/namespace.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/cert-manager/values.yaml
+++ b/cert-manager/values.yaml
@ -1,3 +1,4 @@
 ---
 namespace: cert-manager
 replicaCount: 3
 podDisruptionBudget:
--- a/cilium/values.yaml
+++ b/cilium/values.yaml
@ -1,3 +1,4 @@
 ---
 encryption:
  enabled: false
 ipam:
--- a/dashboard/base/dashboard.yaml
+++ b/dashboard/base/dashboard.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/dashboard/base/kustomization.yaml
+++ b/dashboard/base/kustomization.yaml
@ -1,4 +1,5 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
- dashboard.yaml
+  - dashboard.yaml
--- a/dashboard/overlays/prod/kustomization.yaml
+++ b/dashboard/overlays/prod/kustomization.yaml
@ -1,9 +1,10 @@
 ---
 resources:
- ../../base
+  - ../../base
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
- name: git.ar21.de/yolokube/dashboard
+  - name: git.ar21.de/yolokube/dashboard
    newName: git.ar21.de/yolokube/dashboard
    newTag: "96"
 namespace: dashboard
--- a/dashboard/overlays/staging/kustomization.yaml
+++ b/dashboard/overlays/staging/kustomization.yaml
@ -1,28 +1,29 @@
 ---
 resources:
- ../../base
+  - ../../base
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
- name: git.ar21.de/yolokube/dashboard
+  - name: git.ar21.de/yolokube/dashboard
    newName: git.ar21.de/yolokube/dashboard
    newTag: staging-95
 namespace: dashboard-staging
 patches:
- patch: |-
+  - patch: |-
      - op: replace
        path: /spec/rules/0/host
        value: "dashboard-staging.services.yolokube.de"
    target:
      kind: Ingress
      name: dashboard-ingress
- patch: |-
+  - patch: |-
      - op: replace
        path: /spec/tls/0/hosts/0
        value: "dashboard-staging.services.yolokube.de"
    target:
      kind: Ingress
      name: dashboard-ingress
- patch: |-
+  - patch: |-
      - op: replace
        path: /spec/replicas
        value: 1
--- a/ingress/values.yaml
+++ b/ingress/values.yaml
@ -1,3 +1,4 @@
 ---
 controller:
  enableSnippets: true
  hostNetwork: true
--- a/loki/kustomization.yaml
+++ b/loki/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/loki/namespace.yaml
+++ b/loki/namespace.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/loki/secret-generator.yaml
+++ b/loki/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/loki/secret.yaml
+++ b/loki/secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/loki/values.yaml
+++ b/loki/values.yaml
@ -1,3 +1,4 @@
 ---
 loki:
  auth_enabled: false
  persistence:
--- a/longhorn/kustomization.yaml
+++ b/longhorn/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/longhorn/namespace.yaml
+++ b/longhorn/namespace.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/longhorn/recurringjobs.yaml
+++ b/longhorn/recurringjobs.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: longhorn.io/v1beta1
 kind: RecurringJob
 metadata:
--- a/longhorn/secret-generator.yaml
+++ b/longhorn/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/longhorn/secret.yaml
+++ b/longhorn/secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
@ -7,11 +8,11 @@ type: Opaque
 data:
    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:78iskasj0MX32r8qp4LCmTsf5q8r3W5nCs7BrA==,iv:dQFU/Pm+bQQKWfWKq7c63XTW2+czjOeIZuoL2mrPKbM=,tag:we+rZ+YoMpeiAve7zcH6pg==,type:str]
    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:zR3LNrmweWn9ONkpOlgNGfJ0ERJeNgNsurvBcsX7JZox/vyaZRb6lt4VEjdBDMdTZ+dWRvtvHUw=,iv:CCLoHHixnzVaT0SX3uOjyb7SCNyAe5H30acmMEIgubI=,tag:c7nWPRTZQXqgp8jVgtU57g==,type:str]
-    #ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
+    # ENC[AES256_GCM,data:p1aNW086iJ/xbZGc3A9VFitml4AB0ly8BOyJztOoIBd9I7Ld,iv:5um8w4PL9EfHcCHlfIW0Yr6aqvgs5FVh4Y54RDQDOLY=,tag:17ELSDORVx0aj2hzFDaxUA==,type:comment]
    AWS_ENDPOINTS: ENC[AES256_GCM,data:Cm4ISXx3mosAwVCzFqK5461gFIAqWtSwazvhfe/01blpOLOGpEW7b7S00fnRMviR,iv:Zflw/1JEQjcKarQPOrpBSpCprdL/2Ry6FH74K3/NfFo=,tag:l6idxnQStu2ycr0og2/otw==,type:str]
-    #ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
+    # ENC[AES256_GCM,data:0QVDgxSYpM+pFAiXf2+xcAnZath1zSzyZDy/zS8L36kZrSQnBSDN91OwAKLYpOb1m+cbex6lWN9OYFRYcIhUjA==,iv:Cm7bwYZS6F4XkRFaqUcBehXUQXmUI/48l+cDBPjlao8=,tag:jBUadTKqWJbPqpljshBoRg==,type:comment]
-    #ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
+    # ENC[AES256_GCM,data:oxfKvt9xbus8la9hJGLOCVBfyQMCP4wpD4QZcEIw/SFWysMm2NaFzUHtUH39QAG2kCw1C5gKtTQ5EhJ1C2bgxVB6qlC6DUhO5uwlIoXtDqNsfhnsyWuIvJMH5jnPwAfO8Y+plLk2g4dV3aMmYt8Hfg==,iv:Ai/0l0GDbJzTaVy7Xhp1offyaqKD/Ge/oU9YDiGXC28=,tag:wIGYy7TBnCZYrbKDd1y7xQ==,type:comment]
-    #ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
+    # ENC[AES256_GCM,data:6IieK5gwtUr+u3PjRjOXs5fJafO3N14yLmDCxBdU5VBfgOpIV4P5nX07DJ5jXw9BJgr6nqsQA0tlgeddT0vnO/cQNKJFBeQXVCzjxLHlrNv7JLg6EbtXZoO/eNow0XBGCLyg6Mq+6S83J2p8pix4tEae4YQrwveQ+dD0A15hK7n5gWOdFz50qE5IImbZsm9aR3ymxs1o9fjkZYTNycsneWe069SNCdb2gFtf4Q==,iv:N30tKPf2ajQT2s0/GYZPV8ipy1Qkkfh+dAlJ4pdGm9M=,tag:qtfr6TY8nyAoMykRONC3kQ==,type:comment]
 sops:
    kms: []
    gcp_kms: []
--- a/longhorn/storageclass.yaml
+++ b/longhorn/storageclass.yaml
@ -1,3 +1,4 @@
 ---
 # this is the storageclass manifest for the logs and metrics volumes
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
--- a/longhorn/values.yaml
+++ b/longhorn/values.yaml
@ -1,3 +1,4 @@
 ---
 persistence:
  recurringJobSelector:
    enable: true
--- a/longhorn/volumesnapshotclass.yaml
+++ b/longhorn/volumesnapshotclass.yaml
@ -1,3 +1,4 @@
 ---
 kind: VolumeSnapshotClass
 apiVersion: snapshot.storage.k8s.io/v1
 metadata:
--- a/node-labeler/node-labeler.yaml
+++ b/node-labeler/node-labeler.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/prometheus/kustomization.yaml
+++ b/prometheus/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/prometheus/namespace.yaml
+++ b/prometheus/namespace.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/prometheus/secret-generator.yaml
+++ b/prometheus/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/prometheus/secret.yaml
+++ b/prometheus/secret.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/prometheus/service-monitor-longhorn.yaml
+++ b/prometheus/service-monitor-longhorn.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
--- a/prometheus/templates.yaml
+++ b/prometheus/templates.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
--- a/prometheus/values.yaml
+++ b/prometheus/values.yaml
@ -1,3 +1,4 @@
 ---
 alertmanager:
  alertmanagerSpec:
    podAntiAffinity: "hard"
--- a/quota/quotad.yaml
+++ b/quota/quotad.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
--- a/tests/test-egress.yaml
+++ b/tests/test-egress.yaml
@ -1,17 +1,17 @@
-#---
+# ---
-#apiVersion: v1
+# apiVersion: v1
-#kind: Namespace
+# kind: Namespace
-#metadata:
+# metadata:
 #   name: egress
-#---
+# ---
-#apiVersion: apps/v1
+# apiVersion: apps/v1
-#kind: Deployment
+# kind: Deployment
-#metadata:
+# metadata:
 #   name: egress-deployment
 #   namespace: egress
 #   labels:
 #     app: egress
-#spec:
+# spec:
 #   replicas: 3
 #   selector:
 #     matchLabels:
@ -26,15 +26,15 @@
 #           image: curlimages/curl
 #           command: ['/usr/bin/curl']
 #           args: ['-s', '-L', '-4', 'ip.hetzner.com']
-#---
+# ---
-#apiVersion: apps/v1
+# apiVersion: apps/v1
-#kind: Deployment
+# kind: Deployment
-#metadata:
+# metadata:
 #   name: egress6-deployment
 #   namespace: egress
 #   labels:
 #     app: egress6
-#spec:
+# spec:
 #   replicas: 3
 #   selector:
 #     matchLabels:
--- a/tests/test-storage.yaml
+++ b/tests/test-storage.yaml
@ -1,31 +1,31 @@
-### example app "privatebin" to test storage
+# ## example app "privatebin" to test storage
-#---
+# ---
-#apiVersion: v1
+# apiVersion: v1
-#kind: Namespace
+# kind: Namespace
-#metadata:
+# metadata:
 #   name: paste
-#---
+# ---
-#apiVersion: v1
+# apiVersion: v1
-#kind: PersistentVolumeClaim
+# kind: PersistentVolumeClaim
-#metadata:
+# metadata:
 #   name: paste-pvc
 #   namespace: paste
-#spec:
+# spec:
 #   accessModes:
 #     - ReadWriteOnce
 #   volumeMode: Filesystem
 #   resources:
 #     requests:
 #       storage: 8Gi
-#---
+# ---
-#apiVersion: apps/v1
+# apiVersion: apps/v1
-#kind: Deployment
+# kind: Deployment
-#metadata:
+# metadata:
 #   name: paste-deployment
 #   namespace: paste
 #   labels:
 #     app: paste
-#spec:
+# spec:
 #   replicas: 1
 #   selector:
 #     matchLabels:
@ -49,28 +49,28 @@
 #         - name: paste-volume
 #           persistentVolumeClaim:
 #             claimName: paste-pvc
-#---
+# ---
-#apiVersion: v1
+# apiVersion: v1
-#kind: Service
+# kind: Service
-#metadata:
+# metadata:
 #   name: paste-service
 #   namespace: paste
-#spec:
+# spec:
 #   selector:
 #     app: paste
 #   ports:
 #     - protocol: TCP
 #       port: 80
 #       targetPort: 8080
-#---
+# ---
-#apiVersion: networking.k8s.io/v1
+# apiVersion: networking.k8s.io/v1
-#kind: Ingress
+# kind: Ingress
-#metadata:
+# metadata:
 #   annotations:
 #     kubernetes.io/tls-acme: "true"
 #   name: paste-ingress
 #   namespace: paste
-#spec:
+# spec:
 #   rules:
 #     - host: "paste.apps.yolokube.de"
 #       http:
--- a/thanos/2-objectstore-secret.enc.yaml
+++ b/thanos/2-objectstore-secret.enc.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/thanos/kustomization.yaml
+++ b/thanos/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/thanos/secret-generator.yaml
+++ b/thanos/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/traefik/basicauth.yaml
+++ b/traefik/basicauth.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
--- a/traefik/secondingressclass.yaml
+++ b/traefik/secondingressclass.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: networking.k8s.io/v1
 kind: IngressClass
 metadata:
--- a/traefik/values.yaml
+++ b/traefik/values.yaml
@ -1,3 +1,4 @@
 ---
 deployment:
  kind: DaemonSet
  minReadySeconds: 120
--- a/vcluster/aaron.yaml
+++ b/vcluster/aaron.yaml
@ -1,3 +1,4 @@
 ---
 controlPlane:
  distro:
    k8s:
--- a/vcluster/ingress-aaron.yaml
+++ b/vcluster/ingress-aaron.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
--- a/vcluster/tom.yaml
+++ b/vcluster/tom.yaml
@ -1,3 +1,4 @@
 ---
 controlPlane:
  distro:
    k8s:
--- a/woodpecker/secrets/kustomization.yaml
+++ b/woodpecker/secrets/kustomization.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 generators:
--- a/woodpecker/secrets/secret-generator.yaml
+++ b/woodpecker/secrets/secret-generator.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: viaduct.ai/v1
 kind: ksops
 metadata:
--- a/woodpecker/secrets/secrets.enc.yaml
+++ b/woodpecker/secrets/secrets.enc.yaml
@ -1,3 +1,4 @@
 ---
 apiVersion: v1
 kind: Secret
 metadata:
--- a/woodpecker/values/values.yaml
+++ b/woodpecker/values/values.yaml
@ -1,3 +1,4 @@
 ---
 server:
  ingress:
    # -- Enable the ingress for the server component