From 6f6552a2196c1c643f8d17643ef04b4620e5fa32 Mon Sep 17 00:00:00 2001
From: Chris Banks <chris.banks@digital.cabinet-office.gov.uk>
Date: Mon, 8 Jul 2024 14:51:09 +0100
Subject: [PATCH] Replace a bunch of glue actions with super-linter.

See https://www.github.com/alphagov/govuk-ruby-images/pull/103.
---
 .github/LICENSE.actionlint-matcher.json | 22 ------
 .github/actionlint-matcher.json         | 17 -----
 .github/actions/actionlint/action.yml   | 27 --------
 .github/workflows/actionlint.yml        | 12 ----
 .github/workflows/ci-terraform.yml      | 92 -------------------------
 .github/workflows/lint.yaml             | 31 +++++++++
 6 files changed, 31 insertions(+), 170 deletions(-)
 delete mode 100644 .github/LICENSE.actionlint-matcher.json
 delete mode 100644 .github/actionlint-matcher.json
 delete mode 100644 .github/actions/actionlint/action.yml
 delete mode 100644 .github/workflows/actionlint.yml
 delete mode 100644 .github/workflows/ci-terraform.yml
 create mode 100644 .github/workflows/lint.yaml

diff --git a/.github/LICENSE.actionlint-matcher.json b/.github/LICENSE.actionlint-matcher.json
deleted file mode 100644
index a6c940dcb..000000000
--- a/.github/LICENSE.actionlint-matcher.json
+++ /dev/null
@@ -1,22 +0,0 @@
-https://raw.githubusercontent.com/rhysd/actionlint/0ba78a0/LICENSE.txt
-
-the MIT License
-
-Copyright (c) 2021 rhysd
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
-INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
-PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
-THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/.github/actionlint-matcher.json b/.github/actionlint-matcher.json
deleted file mode 100644
index 4613e1617..000000000
--- a/.github/actionlint-matcher.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "actionlint",
-      "pattern": [
-        {
-          "regexp": "^(?:\\x1b\\[\\d+m)?(.+?)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*:(?:\\x1b\\[\\d+m)*(\\d+)(?:\\x1b\\[\\d+m)*: (?:\\x1b\\[\\d+m)*(.+?)(?:\\x1b\\[\\d+m)* \\[(.+?)\\]$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4,
-          "code": 5
-        }
-      ]
-    }
-  ]
-}
diff --git a/.github/actions/actionlint/action.yml b/.github/actions/actionlint/action.yml
deleted file mode 100644
index 821e7b26d..000000000
--- a/.github/actions/actionlint/action.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-# This reusable action exists only to reduce toil by representing GOV.UK's
-# global config for rhysd/actionlint in a single place so we don't have to
-# change it in N repos every time we update.
-name: Run actionlint
-description: Lint GitHub Actions YAML files with rhysd/actionlint.
-runs:
-  using: composite
-  steps:
-    - id: install
-      shell: bash
-      env:
-        ACTIONLINT_SHA: 4f6274a8e0f4f4d2057aa9ae07660f61aa29c5f3  # v1.7.1
-      run: bash <(curl "https://raw.githubusercontent.com/rhysd/actionlint/$ACTIONLINT_SHA/scripts/download-actionlint.bash")
-    - name: Run actionlint
-      shell: bash
-      env:
-        ACTIONLINT: '${{ steps.install.outputs.executable }}'
-      run: |
-        echo "::add-matcher::.github/actionlint-matcher.json"
-        # TODO: move non-global ignores inline or to in-tree actionlint.yml once
-        #       https://www.github.com/rhysd/actionlint/issues/237 and/or
-        #       https://www.github.com/rhysd/actionlint/issues/217 is fixed.
-        # TODO: remove -ignore "property .runner. is not defined" once
-        #       https://www.github.com/rhysd/actionlint/issues/77 is fixed.
-        "$ACTIONLINT" -color \
-          -ignore "property .runner. is not defined" \
-          -ignore "property .repository_visibility. is not defined"
diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
deleted file mode 100644
index a6ab5dba3..000000000
--- a/.github/workflows/actionlint.yml
+++ /dev/null
@@ -1,12 +0,0 @@
-name: Lint GitHub Actions
-on:
-  push:
-    paths: ['.github/workflows/**', '.github/actions/**', '.github/actionlint.yml']
-jobs:
-  actionlint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          show-progress: false
-      - uses: alphagov/govuk-infrastructure/.github/actions/actionlint@main
diff --git a/.github/workflows/ci-terraform.yml b/.github/workflows/ci-terraform.yml
deleted file mode 100644
index 9b5562738..000000000
--- a/.github/workflows/ci-terraform.yml
+++ /dev/null
@@ -1,92 +0,0 @@
-name: Terraform validation and linting
-on:
-  push:
-    paths: ['**/*.tf', '**/*.hcl', '.github/workflows/ci-terraform.yml']
-env:
-  TF_IN_AUTOMATION: true
-  TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
-jobs:
-  tflint:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        show-progress: false
-
-    - name: Determine Terraform version to use
-      uses: dflook/terraform-version@33f9a69ab2950c83a6d3a8626f35075481a64ca0
-      id: terraform-version
-      with:
-        path: terraform
-
-    - uses: hashicorp/setup-terraform@v3
-      with:
-        terraform_version: ${{ steps.terraform-version.outputs.terraform }}
-        terraform_wrapper: false
-
-    - name: Create Terraform plugin cache dir
-      run: mkdir -p "$TF_PLUGIN_CACHE_DIR"
-
-    - name: Cache Terraform plugins
-      uses: actions/cache@v4
-      with:
-        path: ${{ env.TF_PLUGIN_CACHE_DIR }}
-        key:
-          terraform-plugins-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }}
-
-    - uses: actions/cache@v4
-      name: Cache TFLint plugins
-      with:
-        path: ~/.tflint.d/plugins
-        key: tflint-${{ runner.os }}-${{ hashFiles('**/tflint.hcl') }}
-
-    - uses: terraform-linters/setup-tflint@v4
-      name: Set up TFLint
-      with:
-        tflint_version: v0.47.0
-
-    - name: terraform fmt
-      working-directory: terraform
-      run: |
-        if ! terraform fmt -check -diff -list=true -recursive .; then
-          >&2 echo "Some terraform files weren't formatted correctly. Run 'terraform fmt' to fix them."
-          exit 1
-        fi
-
-    - name: terraform init
-      run: |
-        STEP_EXIT_STATUS=0
-        for d in terraform/deployments/*; do
-          echo "$d"
-          cd "$d"
-          if ! terraform init -backend=false; then STEP_EXIT_STATUS=1; fi
-          cd "$OLDPWD"
-          echo -e '\n-------------------------\n'
-        done
-        exit $STEP_EXIT_STATUS
-
-    - name: terraform validate
-      run: |
-        STEP_EXIT_STATUS=0
-        for d in terraform/deployments/*; do
-          echo "$d"
-          cd "$d"
-          if ! terraform validate; then STEP_EXIT_STATUS=1; fi
-          cd "$OLDPWD"
-          echo -e '\n-------------------------\n'
-        done
-        exit $STEP_EXIT_STATUS
-
-    - name: tflint
-      run: |
-        cd terraform/deployments
-        tflint --version
-        tflint --init --recursive 
-        tflint --format compact --module --recursive --force \
-            --enable-rule=terraform_comment_syntax \
-            --enable-rule=terraform_deprecated_index \
-            --enable-rule=terraform_required_providers \
-            --enable-rule=terraform_standard_module_structure \
-            --enable-rule=terraform_typed_variables \
-            --enable-rule=terraform_unused_declarations \
-            --enable-rule=terraform_unused_required_providers
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
new file mode 100644
index 000000000..f2c84f685
--- /dev/null
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,31 @@
+---
+name: Lint
+on: [push]
+permissions: {}
+jobs:
+  superlinter:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      statuses: write
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        show-progress: false
+    - uses: super-linter/super-linter@v6
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        VALIDATE_BASH: true
+        VALIDATE_BASH_EXEC: true
+        VALIDATE_DOCKERFILE_HADOLINT: true
+        VALIDATE_EDITORCONFIG: true
+        VALIDATE_ENV: true
+        VALIDATE_GITHUB_ACTIONS: true
+        VALIDATE_JSON: true
+        VALIDATE_MARKDOWN: true
+        VALIDATE_RENOVATE: true
+        VALIDATE_TERRAFORM_FMT: true
+        VALIDATE_TERRAFORM_TFLINT: true
+        VALIDATE_YAML: true