From 35a1fd6f2a76d0db2311685814f433b0900f7e38 Mon Sep 17 00:00:00 2001 From: Petr Ruzicka Date: Thu, 25 Jan 2024 20:48:36 +0100 Subject: [PATCH] feat(gha): unify GHA - renovate, megalinter, markdown, ... --- .checkov.yml | 7 +++ .github/workflows/check-broken-links.yml | 7 +-- .github/workflows/commands.yml | 23 --------- .github/workflows/commitlint.yml | 12 ----- .github/workflows/docker-image.yml | 13 +---- .github/workflows/lint-pr-title.yml | 42 ---------------- .github/workflows/linter.yml | 50 ------------------- .../{markdown.yml => markdown-check.yml} | 12 +++-- .github/workflows/mega-linter.yml | 47 +++++++++++++++++ .github/workflows/readme-commands-check.yml | 25 ++++++++++ ...release-please.yaml => release-please.yml} | 6 +-- .github/workflows/renovate.yml | 49 +++++++++--------- .github/workflows/semantic-pull-request.yml | 20 ++++++++ .github/workflows/shellcheck.yml | 23 --------- .github/workflows/stale.yml | 16 +++--- .github/workflows/tests.yml | 2 + .github/workflows/yamllint.yml | 23 --------- .gitignore | 3 -- .hadolint.yaml | 3 -- .mega-linter.yml | 36 +++++++++++++ .spelling | 1 + .yamllint.yml | 10 ---- README.md | 26 +++++----- action.yml | 24 ++++----- entrypoint.sh | 16 +++--- lychee.toml | 42 ++++++++++++++++ tests/fail_tests.sh | 2 +- tests/index.html | 48 ++++++++++++------ tests/index2.html | 31 +++++++----- tests/run_tests.sh | 2 - 30 files changed, 309 insertions(+), 312 deletions(-) create mode 100644 .checkov.yml delete mode 100644 .github/workflows/commands.yml delete mode 100644 .github/workflows/commitlint.yml delete mode 100644 .github/workflows/lint-pr-title.yml delete mode 100644 .github/workflows/linter.yml rename .github/workflows/{markdown.yml => markdown-check.yml} (87%) create mode 100644 .github/workflows/mega-linter.yml create mode 100644 .github/workflows/readme-commands-check.yml rename .github/workflows/{release-please.yaml => release-please.yml} (84%) create mode 100644 .github/workflows/semantic-pull-request.yml delete mode 100644 .github/workflows/shellcheck.yml delete mode 100644 .github/workflows/yamllint.yml delete mode 100644 .hadolint.yaml create mode 100644 .mega-linter.yml delete mode 100644 .yamllint.yml create mode 100644 lychee.toml diff --git a/.checkov.yml b/.checkov.yml new file mode 100644 index 0000000..9c4a45a --- /dev/null +++ b/.checkov.yml @@ -0,0 +1,7 @@ +skip-check: + # Ensure that HEALTHCHECK instructions have been added to container images + - CKV_DOCKER_2 + # Ensure that a user for the container has been created + - CKV_DOCKER_3 + # The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty + - CKV_GHA_7 diff --git a/.github/workflows/check-broken-links.yml b/.github/workflows/check-broken-links.yml index da390ff..33fb5ff 100644 --- a/.github/workflows/check-broken-links.yml +++ b/.github/workflows/check-broken-links.yml @@ -2,7 +2,7 @@ name: check-broken-links on: schedule: - - cron: '8 8 * * 0' + - cron: "8 8 * * 0" pull_request: types: [opened, synchronize] paths: @@ -13,6 +13,8 @@ on: paths: - .github/workflows/check-broken-links.yml +permissions: read-all + jobs: my-broken-link-checker: runs-on: ubuntu-latest @@ -36,8 +38,7 @@ jobs: INPUT_URL: https://my-testing-domain.com INPUT_PAGES_PATH: ./tests/ INPUT_CMD_PARAMS: --skip-tls-verification --verbose --color=always - run: - ./entrypoint.sh + run: ./entrypoint.sh build-check: runs-on: ubuntu-latest diff --git a/.github/workflows/commands.yml b/.github/workflows/commands.yml deleted file mode 100644 index e5484af..0000000 --- a/.github/workflows/commands.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: commands - -on: - pull_request: - types: [opened, synchronize] - paths: - - README.md - - .github/workflows/check-commands.yml - push: - branches: - - main - paths: - - README.md - - .github/workflows/check-commands.yml - -jobs: - command-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Check commands in README.md file - run: sed -n "/^\`\`\`bash.*/,/^\`\`\`$/p" README.md | sed "/^\`\`\`*/d" | bash -x diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml deleted file mode 100644 index 1df6a1d..0000000 --- a/.github/workflows/commitlint.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Lint Commit Messages -on: - - pull_request - -jobs: - commitlint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: wagoid/commitlint-github-action@v5 diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 165735c..02cf619 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -19,6 +19,8 @@ on: - entrypoint.sh - .github/workflows/docker-image.yml +permissions: read-all + jobs: docker-build-test: runs-on: ubuntu-latest @@ -27,14 +29,3 @@ jobs: - name: Build test run: docker build . --file Dockerfile - - hadolint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: hadolint - uses: burdzwastaken/hadolint-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - HADOLINT_ACTION_DOCKERFILE_FOLDER: . diff --git a/.github/workflows/lint-pr-title.yml b/.github/workflows/lint-pr-title.yml deleted file mode 100644 index dd42e6d..0000000 --- a/.github/workflows/lint-pr-title.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: "Lint PR" - -on: - pull_request_target: - types: - - opened - - edited - - synchronize - -jobs: - main: - name: Validate PR title - runs-on: ubuntu-latest - steps: - - uses: amannn/action-semantic-pull-request@v5 - id: lint_pr_title - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: marocchino/sticky-pull-request-comment@v2 - # When the previous steps fails, the workflow would stop. By adding this - # condition you can continue the execution with the populated error message. - if: always() && (steps.lint_pr_title.outputs.error_message != null) - with: - header: pr-title-lint-error - message: | - Hey there and thank you for opening this pull request! 👋🏼 - - We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. - - Details: - - ``` - ${{ steps.lint_pr_title.outputs.error_message }} - ``` - - # Delete a previous comment when the issue has been resolved - - if: ${{ steps.lint_pr_title.outputs.error_message == null }} - uses: marocchino/sticky-pull-request-comment@v2 - with: - header: pr-title-lint-error - delete: true diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml deleted file mode 100644 index 95d197d..0000000 --- a/.github/workflows/linter.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- -########################### -########################### -## Linter GitHub Actions ## -########################### -########################### -name: Lint Code Base - -# -# Documentation: -# https://help.github.com/en/articles/workflow-syntax-for-github-actions -# - -############################# -# Start the job on all push # -############################# -on: - push: - branches-ignore: - - main - -############### -# Set the Job # -############### -jobs: - build: - # Name the Job - name: Lint Code Base - # Set the agent to run on - runs-on: ubuntu-latest - - ################## - # Load all steps # - ################## - steps: - ########################## - # Checkout the code base # - ########################## - - name: Checkout Code - uses: actions/checkout@v4 - - ################################ - # Run Linter against code base # - ################################ - - name: Lint Code Base - uses: docker://ghcr.io/github/super-linter:slim-v4 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - LINTER_RULES_PATH: . - FILTER_REGEX_EXCLUDE: CHANGELOG.md diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown-check.yml similarity index 87% rename from .github/workflows/markdown.yml rename to .github/workflows/markdown-check.yml index 0371cce..961f1d9 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown-check.yml @@ -1,22 +1,24 @@ -name: markdown +name: markdown-check on: pull_request: types: [opened, synchronize] paths: - - '**.md' - - .github/workflows/markdown.yml + - "**.md" + - .github/workflows/markdown-check.yml - .markdownlint.yml - .spelling push: branches: - main paths: - - '**.md' - - .github/workflows/markdown.yml + - "**.md" + - .github/workflows/markdown-check.yml - .markdownlint.yml - .spelling +permissions: read-all + jobs: markdownlint-check: runs-on: ubuntu-latest diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml new file mode 100644 index 0000000..26aaeeb --- /dev/null +++ b/.github/workflows/mega-linter.yml @@ -0,0 +1,47 @@ +--- +name: MegaLinter + +on: + workflow_dispatch: + push: + branches-ignore: + - main + +permissions: read-all + +jobs: + build: + name: MegaLinter + runs-on: ubuntu-latest + permissions: + contents: write + statuses: write + steps: + - name: Checkout Code + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Restore lychee cache + uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3 + with: + path: .lycheecache + key: cache-lychee-${{ github.sha }} + restore-keys: cache-lychee- + + - name: Extract commands from markdown files + run: | + set -euxo pipefail + echo '#!/usr/bin/env bash' > README.sh + find . -name '*.md' -print0 | while IFS= read -r -d '' FILE ; do + # Extract: ```bash ... ``` + sed -n "/^\`\`\`\(bash\|shell\)$/,/^\`\`\`$/p" "${FILE}" | sed '/^```*/d' >> README.sh + # Extract: ```bash ... ``` + sed -n "/^ \`\`\`\(bash\|shell\)$/,/^ \`\`\`$/p" "${FILE}" | sed '/^ ```*/d; s/^ //' >> README.sh + done + chmod a+x README.sh + + - name: 💡 MegaLinter + uses: oxsecurity/megalinter@7e042c726c68415475b05a65a686c612120a1232 # v7.7.0 + env: + GITHUB_COMMENT_REPORTER: false + GITHUB_STATUS_REPORTER: true + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/readme-commands-check.yml b/.github/workflows/readme-commands-check.yml new file mode 100644 index 0000000..b79848f --- /dev/null +++ b/.github/workflows/readme-commands-check.yml @@ -0,0 +1,25 @@ +name: readme-commands-check + +on: + pull_request: + types: [opened, synchronize] + paths: + - README.md + - .github/workflows/readme-commands-check.yml + push: + branches: + - main + paths: + - README.md + - .github/workflows/readme-commands-check.yml + +permissions: read-all + +jobs: + readme-commands-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Run commands in README.md file + run: sed -n "/^\`\`\`bash.*/,/^\`\`\`$/p" README.md | sed "/^\`\`\`*/d" | bash -eux diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yml similarity index 84% rename from .github/workflows/release-please.yaml rename to .github/workflows/release-please.yml index de52a26..adf5b29 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yml @@ -13,7 +13,7 @@ jobs: release-please-pr: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@v4 + - uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4.0.2 with: release-type: simple skip-github-release: true @@ -21,13 +21,13 @@ jobs: release-please-release: runs-on: ubuntu-latest steps: - - uses: google-github-actions/release-please-action@v4 + - uses: google-github-actions/release-please-action@cc61a07e2da466bebbc19b3a7dd01d6aecb20d1e # v4.0.2 id: release with: release-type: simple skip-github-pull-request: true - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: tag major and minor versions if: ${{ steps.release.outputs.release_created }} diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 320289a..9f6c73a 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -1,3 +1,4 @@ +--- name: Renovate on: @@ -6,12 +7,10 @@ on: dryRun: type: boolean description: "Dry-Run" - required: false - default: false logLevel: type: choice description: "Log-Level" - default: "debug" + default: debug options: - info - debug @@ -19,18 +18,24 @@ on: push: branches: - main - paths: - - ".github/renovate.json5" + - "!renovate/*" schedule: - - cron: "0 0,2,4 * * 0" + - cron: "0 0,2,4 * * *" env: - LOG_LEVEL: debug - RENOVATE_CONFIG_FILE: .github/renovate.json5 - RENOVATE_DRY_RUN: false + # https://docs.renovatebot.com/troubleshooting/#log-debug-levels + LOG_LEVEL: "${{ inputs.logLevel || 'debug' }}" + # https://docs.renovatebot.com/self-hosted-configuration/#repositories RENOVATE_REPOSITORIES: ${{ github.repository }} + # https://docs.renovatebot.com/self-hosted-configuration/#username RENOVATE_USERNAME: ${{ github.repository_owner }} - RENOVATE_GIT_AUTHOR: "Renovate Bot " + # https://docs.renovatebot.com/configuration-options/#platformcommit + RENOVATE_PLATFORM_COMMIT: "true" + # https://docs.renovatebot.com/self-hosted-configuration/#dryrun + # Run renovate in dry-run mode if executed in branches other than main - prevents versions in PRs/branches from being updated + RENOVATE_DRY_RUN: "${{ inputs.dryRun || ( github.head_ref || github.ref_name ) != 'main' || false }}" + +permissions: read-all jobs: renovate: @@ -39,23 +44,15 @@ jobs: group: renovate steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Generate Token - uses: tibdex/github-app-token@v2 - id: generate-token + - uses: actions/create-github-app-token@f04aa94d10cf56334d1c580e077ce2e3569e805d # v1.6.3 + id: app-token with: - app_id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }} - private_key: "${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}" - - - name: Override default config from dispatch variables - run: | - echo "RENOVATE_DRY_RUN=${{ github.event.inputs.dryRun || env.RENOVATE_DRY_RUN }}" | tee -a "${GITHUB_ENV}" - echo "LOG_LEVEL=${{ github.event.inputs.logLevel || env.LOG_LEVEL }}" | tee -a "${GITHUB_ENV}" - echo "RENOVATE_BASE_BRANCHES=${GITHUB_REF##*/}" | tee -a "${GITHUB_ENV}" + app-id: ${{ secrets.MY_RENOVATE_GITHUB_APP_ID }} + private-key: "${{ secrets.MY_RENOVATE_GITHUB_PRIVATE_KEY }}" - - name: Self-hosted Renovate - uses: renovatebot/github-action@v39.2.1 + - name: 💡 Self-hosted Renovate + uses: renovatebot/github-action@f9c81dddc9b589e4e6ae0326d1e36f6bc415d230 # v39.2.4 with: - configurationFile: "${{ env.RENOVATE_CONFIG_FILE }}" - token: "x-access-token:${{ steps.generate-token.outputs.token }}" + token: "${{ steps.app-token.outputs.token }}" diff --git a/.github/workflows/semantic-pull-request.yml b/.github/workflows/semantic-pull-request.yml new file mode 100644 index 0000000..90d4309 --- /dev/null +++ b/.github/workflows/semantic-pull-request.yml @@ -0,0 +1,20 @@ +name: Semantic Pull Request + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + pull-requests: read + +jobs: + main: + name: Semantic Pull Request + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml deleted file mode 100644 index c90945d..0000000 --- a/.github/workflows/shellcheck.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: shellcheck - -on: - pull_request: - types: [opened, synchronize] - paths: - - '**.sh' - - .github/workflows/shellcheck.yml - push: - branches: - - main - paths: - - '**.sh' - - .github/workflows/shellcheck.yml - -jobs: - shellcheck-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Lint check - uses: azohra/shell-linter@v0.6.0 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 53f6d9b..e872faa 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -12,7 +12,7 @@ jobs: mark-stale-issues-and-prs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v9 + - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: close-issue-message: | This issue has not seen any activity since it was marked stale. @@ -20,17 +20,13 @@ jobs: close-pr-message: | This pull request has not seen any activity since it was marked stale. Closing. - days-before-close: 14 - days-before-stale: 30 exempt-issue-labels: good-first-issue,need-help,no-stale,pinned,security - exempt-pr-labels: good-first-issue,need-help,no-stale,pinned,security - labels-to-remove-when-unstale: stale + exempt-pr-labels: "autorelease: pending,good-first-issue,need-help,no-stale,pinned,security" stale-issue-label: stale stale-issue-message: | - This issue has been automatically marked as stale because it has not - had recent activity. It will be closed if no further activity occurs. + This issue is stale because it has been open 60 days with no activity. + Remove stale label or comment or this will be closed in 7 days stale-pr-label: stale stale-pr-message: | - This pull request has been automatically marked as stale because it - has not had recent activity. It will be closed if no further activity - occurs. Thank you for your contributions. + This PR is stale because it has been open 60 days with no activity. + Remove stale label or comment or this will be closed in 7 days. diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3a27269..b413035 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -19,6 +19,8 @@ on: - Dockerfile - .dockerignore +permissions: read-all + jobs: tests: runs-on: ubuntu-latest diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml deleted file mode 100644 index 07190a3..0000000 --- a/.github/workflows/yamllint.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: yamllint - -on: - pull_request: - types: [opened, synchronize] - paths: - - '**.yml' - - '**.yaml' - push: - branches: - - main - paths: - - '**.yml' - - '**.yaml' - -jobs: - yamllint-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: yamllint - uses: ibiqlik/action-yamllint@v3 diff --git a/.gitignore b/.gitignore index 31dcf4d..b11b919 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,2 @@ # pre-commit configuration file .pre-commit-config.yaml - -# release-it configuration file -.release-it.yml diff --git a/.hadolint.yaml b/.hadolint.yaml deleted file mode 100644 index 02b66d9..0000000 --- a/.hadolint.yaml +++ /dev/null @@ -1,3 +0,0 @@ -ignored: - # Pin versions in apk add - - DL3018 diff --git a/.mega-linter.yml b/.mega-linter.yml new file mode 100644 index 0000000..a834394 --- /dev/null +++ b/.mega-linter.yml @@ -0,0 +1,36 @@ +# Configuration file for MegaLinter +# See all available variables at https://megalinter.io/latest/configuration/ and in linters documentation + +BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects + +DISABLE_LINTERS: + - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead + - REPOSITORY_DEVSKIM + - REPOSITORY_KICS + - REPOSITORY_TRIVY + - SPELL_CSPELL + +# Remove: To receive reports as email, please set variable EMAIL_REPORTER_EMAIL +EMAIL_REPORTER: false + +FAIL_IF_MISSING_LINTER_IN_FLAVOR: true + +FILTER_REGEX_EXCLUDE: CHANGELOG.md + +FORMATTERS_DISABLE_ERRORS: false + +MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml +MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: CHANGELOG.md + +# Remove initial MegaLinter graphic +PRINT_ALPACA: false + +# Disable creating report directory +REPORT_OUTPUT_FOLDER: none + +TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: + - GITHUB_TOKEN + +TYPESCRIPT_PRETTIER_ARGUMENTS: --html-whitespace-sensitivity=ignore + +VALIDATE_ALL_CODEBASE: true diff --git a/.spelling b/.spelling index 1cb5355..44d0ba6 100644 --- a/.spelling +++ b/.spelling @@ -6,6 +6,7 @@ github.io google.com hostname hugo-build +iana.org k8s-harbor mdBook MkDocs diff --git a/.yamllint.yml b/.yamllint.yml deleted file mode 100644 index 7b6077b..0000000 --- a/.yamllint.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# https://yamllint.readthedocs.io/en/stable/configuration.html -extends: default - -# https://yamllint.readthedocs.io/en/stable/rules.html -rules: - # 80 chars should be enough, but don't fail if a line is longer - line-length: - max: 80 - level: warning diff --git a/README.md b/README.md index 6de648c..f84727e 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This is a GitHub Action to check broken link in your static files or web pages. The [muffet](https://github.com/raviqqe/muffet) is used for URL checking task. See the basic GitHub Action example to run periodic checks (weekly) -against [google.com](https://google.com): +against [iana.org](https://iana.org): ```yaml on: @@ -27,7 +27,7 @@ jobs: - name: Check uses: ruzickap/action-my-broken-link-checker@v2 with: - url: https://www.google.com + url: https://iana.org cmd_params: "--one-page-only --max-connections=3 --color=always" # Check just one page ``` @@ -65,12 +65,12 @@ Do you want to skip the docker build step? OK, the script mode is also available Environment variables used by `./entrypoint.sh` script. -| Variable | Default | Description | -| ------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `INPUT_CMD_PARAMS` | `--buffer-size=8192 --max-connections=10 --color=always --verbose` | Command-line parameters for URL checker [muffet](https://github.com/raviqqe/muffet) - details [here](https://github.com/raviqqe/muffet/blob/master/arguments.go#L16-L34) | -| `INPUT_DEBUG` | false | Enable debug mode for the `./entrypoint.sh` script (`set -x`) | -| `INPUT_PAGES_PATH` | | Relative path to the directory with local web pages | -| `INPUT_URL` | (**Mandatory / Required**) | URL which will be checked | +| Variable | Default | Description | +|--------------------|--------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `INPUT_CMD_PARAMS` | `--buffer-size=8192 --max-connections=10 --color=always --verbose` | Command-line parameters for URL checker [muffet](https://github.com/raviqqe/muffet) | +| `INPUT_DEBUG` | false | Enable debug mode for the `./entrypoint.sh` script (`set -x`) | +| `INPUT_PAGES_PATH` | | Relative path to the directory with local web pages | +| `INPUT_URL` | (**Mandatory / Required**) | URL which will be checked | ## Example of Periodic checks @@ -318,7 +318,7 @@ and [muffet](https://github.com/raviqqe/muffet) binaries if they are not already installed on your system. ```bash -export INPUT_URL="https://google.com" +export INPUT_URL="https://www.mkdocs.org" export INPUT_CMD_PARAMS="--ignore-fragments --one-page-only --max-connections=10 --color=always --verbose" ./entrypoint.sh ``` @@ -356,8 +356,8 @@ You can also use the advantage of the container to run the checks locally without touching your system: ```bash -export INPUT_URL="https://google.com" -export INPUT_CMD_PARAMS="--ignore-fragments --one-page-only --max-connections=10 --color=always --verbose" +export INPUT_URL="https://www.mkdocs.org" +export INPUT_CMD_PARAMS="--buffer-size=8192 --ignore-fragments --one-page-only --max-connections=10 --color=always --verbose" docker run --rm -t -e INPUT_URL -e INPUT_CMD_PARAMS peru/my-broken-link-checker ``` @@ -367,7 +367,7 @@ Another example when checking the the web page locally stored on your disk. In this case I'm using the web page created in the `./tests/` directory from this git repository: -```bash +```shell export INPUT_URL="https://my-testing-domain.com" export INPUT_PAGES_PATH="${PWD}/tests/" export INPUT_CMD_PARAMS="--skip-tls-verification --verbose --color=always" @@ -394,7 +394,7 @@ https://my-testing-domain.com:443/ The same example as above, but in this case I'm using the container: -```bash +```shell export INPUT_URL="https://my-testing-domain.com" export INPUT_PAGES_PATH="${PWD}/tests/" export INPUT_CMD_PARAMS="--skip-tls-verification --verbose" diff --git a/action.yml b/action.yml index 5d80030..6d3ef88 100644 --- a/action.yml +++ b/action.yml @@ -1,20 +1,20 @@ -name: 'My Broken Link Checker' -description: 'Broken link checker for web pages located localy or remotely' -author: 'ruzickap' +name: "My Broken Link Checker" +description: "Broken link checker for web pages located localy or remotely" +author: "ruzickap" runs: - using: 'docker' - image: 'Dockerfile' + using: "docker" + image: "Dockerfile" branding: - icon: 'list' - color: 'blue' + icon: "list" + color: "blue" inputs: debug: - description: 'Debug mode' + description: "Debug mode" cmd_params: - description: 'Command line parameters for URL checker' + description: "Command line parameters for URL checker" pages_path: - description: 'Relative path to the directory with local web pages' + description: "Relative path to the directory with local web pages" url: - description: 'URL which will be checked' + description: "URL which will be checked" required: true - default: '' + default: "" diff --git a/entrypoint.sh b/entrypoint.sh index 52c9c1c..13d144b 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -14,17 +14,17 @@ export PAGES_PATH=${INPUT_PAGES_PATH:-} # URL to scan / check export URL=${INPUT_URL:?} # Domain where the web pages will be hosted (test.example.com), it will be stored in /etc/hosts -PAGES_DOMAIN=$( echo "${URL}" | awk -F[/:] '{print $4}' ) +PAGES_DOMAIN=$(echo "${URL}" | awk -F[/:] '{print $4}') export PAGES_DOMAIN # URI used by caddy to serve locally stored web pages (https://test.example.com) -PAGES_URI=$( echo "${URL}" | cut -d / -f 1,2,3 ) +PAGES_URI=$(echo "${URL}" | cut -d / -f 1,2,3) export PAGES_URI # Debug variable - enable by setting non-empty value export DEBUG=${INPUT_DEBUG:-} # Create caddy log file where will be all the log messages form the caddy server -CADDY_LOG=$( mktemp /tmp/Caddy-log.XXXXXX ) +CADDY_LOG=$(mktemp /tmp/Caddy-log.XXXXXX) # Create caddy configuration to run web server using the domain set in PAGES_DOMAIN + /etc/hosts -CADDYFILE=$( mktemp /tmp/Caddyfile.XXXXXX ) +CADDYFILE=$(mktemp /tmp/Caddyfile.XXXXXX) if [ $EUID != 0 ]; then sudo_cmd="sudo" @@ -65,7 +65,7 @@ trap error_trap ERR [ -n "${DEBUG}" ] && set -x # Install muffet if needed -if ! hash muffet &> /dev/null ; then +if ! hash muffet &> /dev/null; then if [ "${MUFFET_VERSION}" = "latest" ]; then MUFFET_URL=$(wget -qO- https://api.github.com/repos/raviqqe/muffet/releases/latest | grep "browser_download_url.*muffet_linux_amd64.tar.gz" | cut -d \" -f 4) @@ -77,7 +77,7 @@ if ! hash muffet &> /dev/null ; then fi # Install caddy if needed -if ! hash caddy &> /dev/null && [ -n "${PAGES_PATH}" ] ; then +if ! hash caddy &> /dev/null && [ -n "${PAGES_PATH}" ]; then if [[ $(uname) = "Darwin" ]]; then PLATFORM="mac" @@ -97,7 +97,7 @@ fi IFS=' ' read -r -a CMD_PARAMS <<< "$CMD_PARAMS" # Use muffet in case of external URL check is required -if [ -z "${PAGES_PATH}" ] ; then +if [ -z "${PAGES_PATH}" ]; then # Run check print_info "[$(date +'%F %T')] Start checking: \"${URL}\"" muffet "${CMD_PARAMS[@]}" "${URL}" @@ -113,7 +113,7 @@ else fi # Add domain into /etc/hosts - if ! grep -q "${PAGES_DOMAIN}" /etc/hosts ; then + if ! grep -q "${PAGES_DOMAIN}" /etc/hosts; then $sudo_cmd bash -c "echo \"127.0.0.1 ${PAGES_DOMAIN} # Created by my-broken-link-checker\" >> /etc/hosts" fi diff --git a/lychee.toml b/lychee.toml new file mode 100644 index 0000000..86d353b --- /dev/null +++ b/lychee.toml @@ -0,0 +1,42 @@ +# https://lychee.cli.rs/#/usage/config + +############################# Cache ############################### + +# Enable link caching. This can be helpful to avoid checking the same links on +# multiple runs +cache = true + +# Discard all cached requests older than this duration +max_cache_age = "1d" + +############################# Runtime ############################# + +# Maximum number of concurrent link checks +max_concurrency = 128 + +############################# Requests ############################ + +# Comma-separated list of accepted status codes for valid links. +accept = [999] + +############################# Exclusions ########################## + +# Exclude URLs and mail addresses from checking (supports regex) +exclude = [ + # Ignore all URLS with ${.*} - BASH variable in URL + '.*\$%7B.*%7D.*', + 'https?://my-testing-domain.com', +] + +# Exclude these filesystem paths from getting checked +exclude_path = [ + "CHANGELOG.md", +] + +# Exclude all private IPs from checking. +# Equivalent to setting `exclude_private`, `exclude_link_local`, and +# `exclude_loopback` to true +exclude_all_private = true + +# Exclude all mail addresses from checking +exclude_mail = true diff --git a/tests/fail_tests.sh b/tests/fail_tests.sh index 3da035f..327005d 100755 --- a/tests/fail_tests.sh +++ b/tests/fail_tests.sh @@ -5,7 +5,7 @@ export INPUT_DEBUG="true" echo -e "\n\n\e[32m!!! Test nonexisting directory specified as PAGES_PATH\e[m" export INPUT_PAGES_PATH="/non-existing-dir" -export INPUT_URL="https://google.com" +export INPUT_URL="https://iana.org" ../entrypoint.sh echo -e "\n\n\e[32m!!! Test broken links by accessing wrong non existing domain\e[m" diff --git a/tests/index.html b/tests/index.html index 9d88392..9566892 100644 --- a/tests/index.html +++ b/tests/index.html @@ -1,18 +1,34 @@ - - - - - Test page - - - - Links: - - + + + + + + Test page + + + Links: + + diff --git a/tests/index2.html b/tests/index2.html index 624fd3f..25c6f0d 100644 --- a/tests/index2.html +++ b/tests/index2.html @@ -1,15 +1,20 @@ - - - - - Test page - - - - Links: - - + + + + + + Test page + + + Links: + + diff --git a/tests/run_tests.sh b/tests/run_tests.sh index e6a3848..a016d36 100755 --- a/tests/run_tests.sh +++ b/tests/run_tests.sh @@ -3,7 +3,6 @@ # Test entrypoint.sh script export INPUT_DEBUG="true" - echo -e "\n\n\e[32m!!! Check differnet URLs types\e[m" export INPUT_CMD_PARAMS="--one-page-only --buffer-size=8192 --max-connections=10 --verbose --color=always" @@ -30,7 +29,6 @@ export INPUT_URL="https://my-testing-domain.com" export INPUT_PAGES_PATH="${PWD}" ../entrypoint.sh - echo -e "\n\n\e[32m!!! Test docker image\e[m" docker build .. -t my-broken-link-checker-test