Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(lint): Fix super linter (again) #14

Merged

Conversation

MaxMustermann2
Copy link
Contributor

The super linter workflow is running differently between a branch push and a pull request. As a consequence, we see a failure on the branch here when a run on the corresponding pull request passed. This change attempts to fix the issue.

If a variable name contains the word KEY, gitleaks does not like it and
flags it as a potential secret. I have changed the name of the variable
in these files from KEYALGO to ALGO since it is not a secret but rather
the algorithm of the key generation. That silences gitleaks.
added a blank line at the end of `.golangci.yml`
The previous commit worked on the markdownlint from the super-linter.
The OS keyring may not always be available.
It can potentially reduce the number of layers in the image, making it
smaller and more efficient to build and pull.
Note that this file is used from the root of the project via `make
localnet-build`, which is why the paths work.
@MaxMustermann2 MaxMustermann2 force-pushed the fix/super-linter-v2 branch 2 times, most recently from e2493e2 to a36167d Compare March 11, 2024 10:34
@MaxMustermann2
Copy link
Contributor Author

MaxMustermann2 commented Mar 11, 2024

On the develop branch, these Lint items were run.

BASH
BASH_EXEC
DOCKERFILE_HADOLINT
GITHUB_ACTIONS
GITLEAKS
JSON
MARKDOWN
PROTOBUF
SHELL_SHFMT
YAML

Of these, the failures are BASH, DOCKERFILE_HADOLINT, GITLEAKS, MARKDOWN, SHELL_SHFMT, YAML.

On this pull request, the items that run are as follows.

BASH
BASH_EXEC
CHECKOV
DOCKERFILE_HADOLINT
GITHUB_ACTIONS
GITLEAKS
MARKDOWN
PROTOBUF
SHELL_SHFMT
YAML

All of these passed, including the ones that previously failed on develop.

Note that the JSON check is not run within this PR, but it was run on develop. It is because this PR disables the JSON check since we don't have any non-generated JSON files beyond the lint configuration.

The PR adds back the IaC (Infrastructure as Code) check and ensures it passes and skips generated files.

JSON CHECKOV
develop ❌ (skipped)
this PR ❌ (skipped)

CVE-2024-24786 / GO-2024-2611 is fixed with this upgrade. Even though
this package is fundamental to our system, the changes between 1.31.0
and 1.33.0 are minor.
A vulnerability has been fixed in v1.33.0 of google.golang.org/protobuf
and we must update the associated github.com/golang/protobuf as well.
@MaxMustermann2
Copy link
Contributor Author

Files which have noteworthy changes to review:

  • Dockerfile: addition of HEALTHCHECK in commit 2f597f5
  • go.mod: upgrade of protobuf to fix a vulnerability in commit da20a21
  • networks/local/exocore/Dockerfile: pinned versions, unprivileged user addition, absolute paths and health check in commits 2f597f5 and 2fa89d0
  • Makefile: change the keyring backend for localnet and upgrade go releaser version (unused at this point) to 1.21 in commit 5d0dde2
  • network/init-node.sh: delete seeds added by binary in commit 73e27d3

Copy link
Contributor

@TimmyExogenous TimmyExogenous left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Contributor

@adu-web3 adu-web3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, excellent work!

Copy link
Contributor

@mikebraver mikebraver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MaxMustermann2 MaxMustermann2 merged commit 3ded4ac into ExocoreNetwork:develop Mar 12, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants