From 3439a8fd867e3447202d3726e443bf9924d7f842 Mon Sep 17 00:00:00 2001 From: k-matsuzawa Date: Fri, 2 May 2025 11:56:29 +0900 Subject: [PATCH] feat: add linter --- .github/dependabot.yml | 12 +++++ .github/workflows/docker-build.yml | 58 +++++++++++++-------- .github/workflows/rust.yml | 81 +++++++++++++++++++----------- .hadolint.yml | 5 ++ .yamlfmt | 18 +++++++ Cargo.lock | 23 --------- Dockerfile | 2 +- Dockerfile_bitcoin | 2 +- Taskfile.yml | 24 +++++++++ 9 files changed, 149 insertions(+), 76 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .hadolint.yml create mode 100644 .yamlfmt create mode 100644 Taskfile.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..11996786f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: github-actions + directories: + - '.github/**/*' + schedule: + interval: weekly diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 9fee2577e..cc98abb8b 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -13,7 +13,11 @@ env: jobs: check_image_env: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 + timeout-minutes: 120 + permissions: + contents: read + pull-requests: write steps: - name: stop CI if: ${{ github.event_name != 'pull_request' }} @@ -28,11 +32,17 @@ jobs: while true; do echo "Waiting for job to be cancelled"; sleep 5; done build_and_push_elements_image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 needs: check_image_env + timeout-minutes: 120 + permissions: + contents: read + pull-requests: write steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: "false" - name: Get the version id: get_version @@ -52,7 +62,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 with: # list of Docker images to use as base name for tags images: name=${{ steps.image_path.outputs.IMAGE_PATH }} @@ -63,21 +73,21 @@ jobs: type=sha - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - name: Login to Docker Hub if: "github.event_name != 'pull_request' && !contains( steps.image_path.outputs.IMAGE_PATH, 'ghcr.io/' )" - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Login to GitHub Container Registry if: "github.event_name != 'pull_request' && contains( steps.image_path.outputs.IMAGE_PATH, 'ghcr.io/' )" - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io username: ${{ secrets.REGISTRY_USERNAME }} @@ -85,7 +95,7 @@ jobs: - name: Build only if: ${{ github.event_name == 'pull_request' }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . platforms: linux/amd64 @@ -95,7 +105,7 @@ jobs: - name: Build and push if: ${{ github.event_name != 'pull_request' }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . platforms: linux/amd64,linux/arm64 @@ -105,7 +115,7 @@ jobs: - name: Run Trivy vulnerability scanner if: ${{ github.event_name != 'pull_request' }} - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0 with: image-ref: ${{ steps.image_path.outputs.IMAGE_PATH }}:${{ steps.get_version.outputs.VERSION }} format: table @@ -113,11 +123,17 @@ jobs: severity: CRITICAL,HIGH build_and_push_bitcoin_image: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 needs: check_image_env + timeout-minutes: 120 + permissions: + contents: read + pull-requests: write steps: - name: checkout - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: "false" - name: Get the version id: get_version @@ -137,7 +153,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v4 + uses: docker/metadata-action@818d4b7b91585d195f67373fd9cb0332e31a7175 # v4.6.0 with: # list of Docker images to use as base name for tags images: name=${{ steps.image_path.outputs.IMAGE_PATH }} @@ -151,21 +167,21 @@ jobs: type=sha,suffix=-bitcoin - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0 - name: Login to Docker Hub if: "github.event_name != 'pull_request' && !contains( steps.image_path.outputs.IMAGE_PATH, 'ghcr.io/' )" - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Login to GitHub Container Registry if: "github.event_name != 'pull_request' && contains( steps.image_path.outputs.IMAGE_PATH, 'ghcr.io/' )" - uses: docker/login-action@v2 + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 with: registry: ghcr.io username: ${{ secrets.REGISTRY_USERNAME }} @@ -173,7 +189,7 @@ jobs: - name: Build only if: ${{ github.event_name == 'pull_request' }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . file: ./Dockerfile_bitcoin @@ -184,7 +200,7 @@ jobs: - name: Build and push if: ${{ github.event_name != 'pull_request' }} - uses: docker/build-push-action@v3 + uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . file: ./Dockerfile_bitcoin @@ -195,7 +211,7 @@ jobs: - name: Run Trivy vulnerability scanner if: ${{ github.event_name != 'pull_request' }} - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # 0.30.0 with: image-ref: ${{ steps.image_path.outputs.IMAGE_PATH }}:${{ steps.get_version.outputs.VERSION }}-bitcoin format: table diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 5975deda5..100e8e387 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -1,53 +1,74 @@ name: CI -on: [push, pull_request] +on: + push: + branches: + - main + - master + - new-index + pull_request: + types: [opened, reopened, synchronize] jobs: test: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 + timeout-minutes: 20 + permissions: + contents: read + pull-requests: write env: CARGO_TERM_COLOR: always steps: - - uses: actions/checkout@v2 + - name: setup + run: sudo apt install -y libfuse2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: "false" - - name: Cache cargo registry - uses: actions/cache@v1 - with: - path: ~/.cargo/registry - key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} + - name: Cache cargo registry + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: ~/.cargo/registry + key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }} - - name: Cache cargo index - uses: actions/cache@v1 - with: - path: ~/.cargo/git - key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} + - name: Cache cargo index + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: ~/.cargo/git + key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }} - - name: Cache cargo build - uses: actions/cache@v1 - with: - path: target - key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} + - name: Cache cargo build + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: target + key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }} - #- name: Check formatting - # run: cargo fmt -- --check + #- name: Check formatting + # run: cargo fmt -- --check - - name: Setup Rust toolchain - run: rustup default 1.75.0 + - name: Setup Rust toolchain + run: rustup default 1.75.0 - - name: Check for errors - run: cargo check + - name: Check for errors + run: cargo check - - name: Tests (Bitcoin mode, REST+Electrum) - run: RUST_LOG=debug cargo test + - name: Tests (Bitcoin mode, REST+Electrum) + run: RUST_LOG=debug cargo test - - name: Tests (Liquid mode, REST) - run: RUST_LOG=debug cargo test --features liquid + - name: Tests (Liquid mode, REST) + run: RUST_LOG=debug cargo test --features liquid nix: runs-on: ubuntu-latest + timeout-minutes: 30 + permissions: + contents: read + pull-requests: write steps: - - uses: actions/checkout@v3 - - uses: DeterminateSystems/nix-installer-action@main + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: "false" + - uses: DeterminateSystems/nix-installer-action@21a544727d0c62386e78b4befe52d19ad12692e3 # v17 - run: nix build . continue-on-error: true diff --git a/.hadolint.yml b/.hadolint.yml new file mode 100644 index 000000000..9252e03ea --- /dev/null +++ b/.hadolint.yml @@ -0,0 +1,5 @@ +# Hadolint configuration file + +# configure ignore rules +# see https://github.com/hadolint/hadolint#rules for a list of available rules. +ignored: [DL3003, DL3018] diff --git a/.yamlfmt b/.yamlfmt new file mode 100644 index 000000000..dc6949de4 --- /dev/null +++ b/.yamlfmt @@ -0,0 +1,18 @@ +# https://github.com/google/yamlfmt/blob/v0.9.0/docs/config-file.md#configuration +line_ending: 'lf' +doublestar: true +include: + - '.github/**/*.{yaml,yml}' + - './.yamlfmt' + - './*.{yaml,yml}' + +formatter: + # 使用するフォーマッター + type: basic + # フォーマッターの設定 ( https://github.com/google/yamlfmt/blob/v0.9.0/docs/config-file.md#basic-formatter ) + indent: 2 + retain_line_breaks: true + max_line_length: 0 + scan_folded_as_literal: true + drop_merge_tag: true + pad_line_comments: 1 diff --git a/Cargo.lock b/Cargo.lock index 8bae7eec9..08e32a552 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1074,29 +1074,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "hoot" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df22a4d90f1b0e65fe3e0d6ee6a4608cc4d81f4b2eb3e670f44bb6bde711e452" -dependencies = [ - "httparse", - "log", -] - -[[package]] -name = "hootbin" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "354e60868e49ea1a39c44b9562ad207c4259dc6eabf9863bf3b0f058c55cfdb2" -dependencies = [ - "fastrand", - "hoot", - "serde", - "serde_json", - "thiserror", -] - [[package]] name = "http" version = "0.2.11" diff --git a/Dockerfile b/Dockerfile index 2aa423e31..7e1fdaf26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,6 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then \ cargo build --release --features liquid --bin electrs FROM alpine:3.19 AS electrs -RUN apk add gcc libstdc++ +RUN apk add --update --no-cache gcc libstdc++ COPY --from=electrs_builder /app/target/release/electrs /bin CMD ["sh", "-c", "electrs -vvvv --network=liquidregtest"] diff --git a/Dockerfile_bitcoin b/Dockerfile_bitcoin index b48dcc369..0e8b0ba4b 100644 --- a/Dockerfile_bitcoin +++ b/Dockerfile_bitcoin @@ -15,6 +15,6 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then \ cargo build --release --bin electrs FROM alpine:3.19 AS electrsbtc -RUN apk add gcc libstdc++ +RUN apk add --update --no-cache gcc libstdc++ COPY --from=electrs_builder /app/target/release/electrs /bin CMD ["sh", "-c", "electrs -vvvv --network=regtest"] diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 000000000..c0c2441b7 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,24 @@ +version: "3" +tasks: + lint: + deps: + - task: :gha-lint + - task: :hadolint + gha-lint: + vars: + PINACT_VERSION: v2.2.1 + ACTIONLINT_VERSION: v1.7.7 + GHALINT_VERSION: v1.3.0 + cmds: + - go run github.com/suzuki-shunsuke/pinact/v2/cmd/pinact@{{.PINACT_VERSION}} run + - go run github.com/rhysd/actionlint/cmd/actionlint@{{.ACTIONLINT_VERSION}} + - go run github.com/suzuki-shunsuke/ghalint/cmd/ghalint@{{.GHALINT_VERSION}} run + hadolint: + cmds: + - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < Dockerfile + - docker run --rm -i -v {{.TASK_DIR}}/.hadolint.yml:/.config/hadolint.yaml ghcr.io/hadolint/hadolint < Dockerfile_bitcoin + format: + vars: + YAMLFMT_VERSION: v0.15.0 + cmds: + - go run github.com/google/yamlfmt/cmd/yamlfmt@{{.YAMLFMT_VERSION}}