From ba6195815e2b24000056687a9de6a2c1140243bb Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 3 Jun 2023 19:02:05 +0200
Subject: [PATCH] add Docker Lint and update some workflows

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 .github/workflows/create-psalm-container.yml | 54 --------------------
 .github/workflows/docker-lint.yml            | 49 ++++++++++++++++++
 .github/workflows/psalm-security.yml         | 25 ---------
 .github/workflows/twig-lint.yml              | 20 +-------
 4 files changed, 50 insertions(+), 98 deletions(-)
 delete mode 100644 .github/workflows/create-psalm-container.yml
 create mode 100644 .github/workflows/docker-lint.yml
 delete mode 100644 .github/workflows/psalm-security.yml

diff --git a/.github/workflows/create-psalm-container.yml b/.github/workflows/create-psalm-container.yml
deleted file mode 100644
index 2f217c25..00000000
--- a/.github/workflows/create-psalm-container.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: Create Psalm Container
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '5 4 * * *'
-
-jobs:
-  push_to_registry:
-    runs-on: ubuntu-latest
-
-    name: Create Psalm Container
-
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
-      - name: Check out the repo
-        run: |
-          git clone https://github.com/psalm/psalm-github-actions.git
-      
-      - name: Modify the Dockerfile
-        run: |
-          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile"
-          cat << APCU >> "psalm-github-actions/Dockerfile"
-          RUN mkdir -p /usr/src/php/ext/apcu && \
-            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
-            docker-php-ext-install apcu
-          APCU
-
-      - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v2
-        with:
-          registry: docker.pkg.github.com
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build container image
-        uses: docker/build-push-action@v4
-        with:
-          push: true
-          context: 'psalm-github-actions'
-          file: 'psalm-github-actions/Dockerfile'
-          tags: |
-            ghcr.io/nextcloud/all-in-one-psalm:latest
diff --git a/.github/workflows/docker-lint.yml b/.github/workflows/docker-lint.yml
new file mode 100644
index 00000000..f85818eb
--- /dev/null
+++ b/.github/workflows/docker-lint.yml
@@ -0,0 +1,49 @@
+name: Docker Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: docker-lint-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+
+    name: docker-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install npm and dockerfilelint
+        run: |
+          sudo apt-get install nodejs npm -y
+          npm install -g dockerfilelint
+          wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch
+          CURRENT_DIR=$PWD
+          cd /usr/local/lib/node_modules/dockerfilelint/
+          git apply 184.patch
+          cd $CURRENT_DIR
+          cat << RULES > ./.dockerfilelintrc
+          rules:
+            sudo_usage: off
+          RULES
+
+      - name: run lint
+        run: |
+          DOCKERFILES="$(find ./Containers -name Dockerfile)"
+          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
+          for file in "${DOCKERFILES[@]}"; do
+            dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
+          done
+          if grep "^Issues: [0-9]" ./dockerfilelint.log; then
+            exit 1
+          fi
diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml
deleted file mode 100644
index 1dd39fe8..00000000
--- a/.github/workflows/psalm-security.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Psalm Security Analysis
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  psalm:
-    name: Psalm
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Psalm
-        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
-        with:
-          relative_dir: php
-          security_analysis: true
-          composer_ignore_platform_reqs: false
-          report_file: results.sarif
-      - name: Upload Security Analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: php/results.sarif
diff --git a/.github/workflows/twig-lint.yml b/.github/workflows/twig-lint.yml
index 3cab05f8..43506fc1 100644
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -16,10 +16,6 @@ concurrency:
 jobs:
   twig-lint:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-versions: ["8.2"]
-
     name: twig-lint
 
     steps:
@@ -29,7 +25,7 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
+          php-version: 8.2
           extensions: apcu
           coverage: none
 
@@ -40,17 +36,3 @@ jobs:
           composer install
           chmod +x ./vendor/bin/twig-linter
           ./vendor/bin/twig-linter lint ./templates
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest
-    needs: twig-lint
-
-    if: always()
-
-    name: twig-lint-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi