added yaml lint (#2132)

* added yaml lint

* updated the doc

.github/workflows/codeql-analysis.yml

@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
     - cron: '20 0 * * 6'
 
@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'go', 'javascript', 'python' ]
+        language: ['go', 'javascript', 'python']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

.github/workflows/golint.yml

@@ -16,8 +16,8 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - run: | 
-          sudo apt-get update 
+      - run: |
+          sudo apt-get update
           sudo apt-get install libgpgme-dev libgpgme11
       - uses: actions/setup-go@v3
         with:
@@ -28,7 +28,7 @@ jobs:
         with:
           # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
           version: v1.45.2
-
+          args: -v --timeout 15m
           # Optional: working directory, useful for monorepos
           #working-directory: pkg
 

.github/workflows/yamllint.yml

@@ -0,0 +1,42 @@
+---
+# MegaLinter GitHub Action configuration file
+# More info at https://megalinter.github.io
+name: mega-linter-yaml
+
+on:
+  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
+  push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
+  pull_request:
+
+env: # Comment env block if you do not want to apply fixes
+  APPLY_FIXES: none # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
+
+jobs:
+  build:
+    name: mega-linter-yaml
+    runs-on: ubuntu-latest
+    steps:
+      # Git Checkout
+      - name: Checkout Code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      # MegaLinter
+      - name: yamllint
+        id: ml
+        # You can override MegaLinter flavor used to have faster performances
+        # More info at https://megalinter.github.io/flavors/
+        uses: megalinter/megalinter/flavors/ci_light@v5
+        env:
+          # All available variables are described in documentation
+          # https://megalinter.github.io/configuration/
+          VALIDATE_ALL_CODEBASE: true
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
+          # DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks
+          ENABLE_LINTERS: YAML_YAMLLINT
+            #          YAML_YAMLLINT_CONFIG_FILE: .yaml-lint.yml
+            #          YAML_YAMLLINT_RULES_PATH: .github/linters
+          PRINT_ALPACA: false

.golangci.yml

@@ -2,6 +2,9 @@ run:
   timeout: 10m
   skip-dirs:
     - vendor/portal
+    - vendor
+  skip-dirs-use-default: true
+  modules-download-mode: vendor
 
 issues:
   exclude-rules:
@@ -21,7 +24,6 @@ linters-settings:
       - github.com/onsi/ginkgo
       - github.com/onsi/gomega
 
-
 linters:
   disable-all: true
   enable:

.mega-linter.yml

@@ -0,0 +1,14 @@
+# Configuration file for MegaLinter
+# See all available variables at https://megalinter.github.io/configuration/ and in linters documentation
+
+APPLY_FIXES: none
+# ENABLE:  # If you use ENABLE variable, all other languages/formats/tooling formats will be disabled by default
+ENABLE_LINTERS:
+  - YAML_YAMLLINT # If you use ENABLE_LINTERS variable, all other linters will be disabled by default
+EXCLUDED_DIRECTORIES:
+  - vendor
+YAML_YAMLLINT_CONFIG_FILE: .yaml-lint.yml
+LINTER_RULES_PATH: .
+PRINT_ALPACA: false
+GITHUB_STATUS_REPORTER: false
+GITHUB_COMMENT_REPORTER: false

.pipelines/clean-subscription.yml

@@ -24,4 +24,3 @@ jobs:
       purgeCreatedTag: $(purgeCreatedTag)
       resourceGroupDeletePrefixes: $(resourceGroupDeletePrefixes)
       purgeTTL: $(purgeTTL)
-

.pipelines/onebranch/pipeline.buildrp.pullrequest.yml

@@ -12,7 +12,7 @@ trigger: none
 pr: none
 
 variables:
-  Cdp_Definition_Build_Count: $[counter('', 0)] # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
+  Cdp_Definition_Build_Count: $[counter('', 0)]  # needed for onebranch.pipeline.version task https://aka.ms/obpipelines/versioning
   LinuxContainerImage: cdpxlinux.azurecr.io/user/aro/ubi8-gotoolset-1.16.12-4:20220202 # Docker image which is used to build the project https://aka.ms/obpipelines/containers
   Debian_Frontend: noninteractive
 

.pipelines/onebranch/templates/template-buildrp-buildaro.yml

@@ -19,7 +19,7 @@ steps:
       cp -rd $(Build.SourcesDirectory) $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
       cd $(Agent.TempDirectory)/src/github.com/Azure/ARO-RP
       make aro
-      mkdir -p $(ob_outputDirectory) 
+      mkdir -p $(ob_outputDirectory)
       cp aro $(ob_outputDirectory)/aro
     workingDirectory: $(Build.SourcesDirectory)
   name: buildaro

.yaml-lint.yml

@@ -0,0 +1,35 @@
+---
+
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+ignore: |
+    vendor/
+    *aro.openshift.io*.yaml
+
+rules:
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments: disable
+  comments-indentation: disable
+  document-end: disable
+  document-start: disable
+  empty-lines: enable
+  empty-values: disable
+  hyphens: enable
+  indentation: disable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning
+    check-keys: false

Makefile

@@ -174,8 +174,7 @@ lint-admin-portal:
 test-python: pyenv az
 	. pyenv/bin/activate && \
 		azdev linter && \
-		azdev style && \
-		hack/format-yaml/format-yaml.py .pipelines
+		azdev style 
 
 admin.kubeconfig:
 	hack/get-admin-kubeconfig.sh /subscriptions/${AZURE_SUBSCRIPTION_ID}/resourceGroups/${RESOURCEGROUP}/providers/Microsoft.RedHatOpenShift/openShiftClusters/${CLUSTER} >admin.kubeconfig

docs/prepare-your-dev-environment.md

@@ -22,6 +22,8 @@ This document goes through the development dependencies one requires in order to
     sudo touch /etc/containers/nodocker
     ```
 
+1. Install [golangci-lint](https://golangci-lint.run/) and [yamllint](https://yamllint.readthedocs.io/en/stable/quickstart.html#installing-yamllint) (optional but your code is required to comply to pass the CI)
+
 ### Fedora Packages
 1. Install the `gpgme-devel`, `libassuan-devel`, and `openssl` packages.
     > `sudo dnf install -y gpgme-devel libassuan-devel openssl`

pkg/operator/controllers/machinehealthcheck/bindata.go

@@ -77,7 +77,7 @@ func (fi bindataFileInfo) Sys() interface{} {
 	return nil
 }
 
-var _machinehealthcheckYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x90\xb1\x6e\xf3\x30\x0c\x84\x77\x3f\x05\xa1\xdd\xf9\x13\xfc\x9b\xd6\x20\x45\x3b\xb4\x43\x81\x74\x67\x65\x06\x12\x2c\x51\x82\x48\xa7\xf1\xdb\x17\xb2\x93\x74\x28\xba\x64\xb3\x4f\x77\xdf\x9d\x84\x25\x7c\x50\x95\x90\xd9\x42\x42\xe7\x03\xd3\x26\x17\x62\xf1\xe1\xa4\x9b\x90\xff\x9d\x77\x9f\xa4\xb8\xeb\xc6\xc0\x83\x85\xd7\xd5\xf2\x4c\x18\xd5\xef\x3d\xb9\xb1\x4b\xa4\x38\xa0\xa2\xed\x00\x18\x13\x59\xc0\x9a\xfb\x2b\xcb\x2f\x46\xb7\x18\xd7\x63\x29\xe8\xc8\xc2\xbd\xe3\xe6\xec\xb1\x84\x4e\x0a\xb9\xc6\x11\x8a\xe4\x34\xd7\xf6\x0d\x90\x50\x9d\x3f\x5c\x4a\x25\x69\x43\x65\x55\x7b\x18\x69\xfe\x63\xb4\x8b\x93\x28\xd5\xc6\xbc\xf3\x6b\x8e\xb4\x04\xa1\x95\x57\x6c\x78\x78\xcb\xfa\xc2\x57\xf5\x8c\x71\xa2\x2b\xbc\xe1\x4d\xe0\x53\x45\xf3\xf3\x9f\xb0\x41\xcd\x23\xed\x42\xfa\xab\xfb\x70\x09\xa2\xd2\x01\x4c\xbc\x3e\xd3\xbc\xcf\x3c\x04\xbd\x5d\xb1\x07\x9d\x0b\xd9\x16\x32\xef\x84\xc3\xbc\x36\x6b\x48\x94\x27\xb5\x60\xfe\x6f\xb7\x62\x60\x11\x45\x51\x27\xb1\x60\x9e\x30\x0a\x99\x47\xd3\x47\x1e\x39\x7f\x71\xb3\x26\xbc\x1c\x6f\xbb\x2c\x98\x9d\xf9\x0e\x00\x00\xff\xff\x9f\x0e\x45\xac\x2a\x02\x00\x00")
+var _machinehealthcheckYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x90\xb1\x6e\xf3\x30\x0c\x84\x77\x3f\x05\xa1\xdd\xf9\x13\xfc\x9b\xd6\x20\x45\x3b\xb4\x43\x81\x74\x67\x65\x06\x16\x2c\x51\x82\x48\xa7\xf1\xdb\x17\x8a\xe2\x74\x28\xba\x64\x93\x4e\xc7\xef\x4e\xc4\xec\x3f\xa8\x88\x4f\x6c\x21\xa2\x1b\x3d\xd3\x26\x65\x62\x19\xfd\x49\x37\x3e\xfd\x3b\xef\x3e\x49\x71\xd7\x4d\x9e\x07\x0b\xaf\xcd\xf2\x4c\x18\x74\xdc\x8f\xe4\xa6\x2e\x92\xe2\x80\x8a\xb6\x03\x60\x8c\x64\x01\x4b\xea\x6f\xac\xf1\x6a\x74\x57\x63\x7b\x96\x8c\x8e\x2c\xdc\x33\x56\x67\x8f\xd9\x77\x92\xc9\x55\x8e\x50\x20\xa7\xa9\xd4\x33\x40\x44\x75\xe3\xe1\x92\x0b\x49\x2d\x2a\x4d\xed\x61\xa2\xe5\x8f\xd2\x2e\xcc\xa2\x54\x2a\xf3\xce\x2f\x29\xd0\x75\x10\x6a\x78\xc1\x8a\x87\xb7\xa4\x2f\x7c\x53\xcf\x18\x66\xba\xc1\x2b\xde\x78\x3e\x15\x34\x3f\xf7\x88\x15\x6a\x1e\x49\x17\xd2\x5f\xd9\x87\x8b\x17\x95\x0e\x60\xe6\xb6\xa6\x65\x9f\x78\xf0\xba\x7e\xb1\x07\x5d\x32\x59\x30\xef\x84\xc3\xd2\x62\xd5\x47\x4a\xb3\x5a\x30\xff\xb7\x5b\x69\x9a\x28\xea\x2c\x16\xcc\x13\x06\x21\xf3\xc8\xe4\x91\x27\x4e\x5f\x5c\xd5\x88\x97\xe3\xda\xc7\x82\xd9\x99\xee\x3b\x00\x00\xff\xff\x38\x97\xb5\xaf\x23\x02\x00\x00")
 
 func machinehealthcheckYamlBytes() ([]byte, error) {
 	return bindataRead(

pkg/operator/controllers/machinehealthcheck/staticresources/machinehealthcheck.yaml

@@ -14,10 +14,10 @@ spec:
     - key: machine.openshift.io/cluster-api-machineset
       operator: Exists
   unhealthyConditions:
-  - type:    "Ready"
-    timeout: "300s" 
+  - type: "Ready"
+    timeout: "300s"
     status: "False"
-  - type:    "Ready"
-    timeout: "300s" 
+  - type: "Ready"
+    timeout: "300s"
     status: "Unknown"
-  maxUnhealthy: "1"
+  maxUnhealthy: "1"

pkg/operator/controllers/muo/staticresources/config.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
   name: managed-upgrade-operator-config
-  namespace:  openshift-managed-upgrade-operator
+  namespace: openshift-managed-upgrade-operator
 data:
   config.yaml: |
     configManager:

pkg/operator/controllers/muo/staticresources/custom_resource_definition.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

pkg/operator/controllers/muo/staticresources/monitoring_reader_role.yaml

@@ -7,7 +7,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - configmaps  
+  - configmaps
   - serviceaccounts
   - secrets
   - services

pkg/operator/deploy/bindata.go

@@ -247,7 +247,7 @@ func workerDeploymentYaml() (*asset, error) {
 	return a, nil
 }
 
-var _workerRoleYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xa4\x8e\xb1\x6e\x2c\x31\x08\x45\x7b\xbe\x82\x1f\xb0\x57\xaf\x7b\x72\x9b\x22\x7d\x14\xa5\x67\x3d\x24\x83\xc6\x63\x2c\xc0\xbb\x52\xbe\x3e\x9a\xd9\x6d\x53\xa5\xe2\x0a\x1d\x0e\x17\x52\x4a\x40\x43\x3e\xd8\x5c\xb4\x17\xb4\x2b\xd5\x4c\x33\x56\x35\xf9\xa6\x10\xed\x79\xfb\xef\x59\xf4\x72\xfb\x07\x9b\xf4\xa5\xe0\x4b\x9b\x1e\x6c\x6f\xda\x18\x76\x0e\x5a\x28\xa8\x00\x62\x35\x3e\x0f\xde\x65\x67\x0f\xda\x47\xc1\x3e\x5b\x03\xc4\x4e\x3b\x17\x24\xd3\xa4\x83\x8d\x42\x2d\xdd\xd5\x36\x36\xb0\xd9\xd8\x0b\x24\xa4\x21\xaf\xa6\x73\xf8\x61\x4a\x07\x9b\x75\x70\xf7\x55\x3e\x23\x8b\x02\xa2\xb1\xeb\xb4\xca\x4f\xa2\x3e\x5a\x38\x20\xde\xd8\xae\xcf\xed\x17\xc7\x39\x9b\xf8\x23\xdc\x29\xea\xfa\x17\xff\xc5\x83\x62\xfe\xf2\x66\x9c\xf6\x23\xcd\xb1\x50\x30\xfc\x04\x00\x00\xff\xff\x30\x78\x19\x41\x50\x01\x00\x00")
+var _workerRoleYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xa4\x8e\xb1\x6e\x2c\x31\x08\x45\x7b\xbe\x82\x1f\xb0\x57\xaf\x7b\x72\x9b\x22\x7d\x14\xa5\x67\x3d\x24\x83\xc6\x63\x2c\xc0\xbb\x52\xbe\x3e\x9a\xd9\x6d\x53\xa5\xe2\x0a\x1d\x0e\x37\xa5\x04\x34\xe4\x83\xcd\x45\x7b\x41\xbb\x52\xcd\x34\x63\x55\x93\x6f\x0a\xd1\x9e\xb7\xff\x9e\x45\x2f\xb7\x7f\xb0\x49\x5f\x0a\xbe\xb4\xe9\xc1\xf6\xa6\x8d\x61\xe7\xa0\x85\x82\x0a\x20\x56\xe3\xf3\xe0\x5d\x76\xf6\xa0\x7d\x14\xec\xb3\x35\x40\xec\xb4\x73\x41\x32\x4d\x3a\xd8\x28\xd4\xd2\x5d\x6d\x63\x03\x9b\x8d\xbd\x40\x42\x1a\xf2\x6a\x3a\x87\x1f\xa6\x74\xb0\x59\x07\x77\x5f\xe5\x33\xb2\x28\x20\x1a\xbb\x4e\xab\xfc\x24\xea\xa3\x85\x03\xe2\x8d\xed\xfa\xdc\x7e\x71\x9c\xb3\x89\x3f\xc2\x9d\xa2\xae\x7f\xf1\x5f\x3c\x28\xe6\x2f\x6f\xc6\x69\x3f\xd2\x1c\x0b\x05\xc3\x4f\x00\x00\x00\xff\xff\x6c\x8c\x8d\xa2\x4f\x01\x00\x00")
 
 func workerRoleYamlBytes() ([]byte, error) {
 	return bindataRead(

pkg/operator/deploy/staticresources/worker/role.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

pkg/portal/ssh/proxy.go

@@ -281,8 +281,8 @@ func (s *ssh) newChannel(ctx context.Context, accessLog *logrus.Entry, nc crypto
 	defer recover.Panic(s.log)
 
 	ch2, rs2, err := downstreamConn.OpenChannel(nc.ChannelType(), nc.ExtraData())
-	if err, ok := err.(*cryptossh.OpenChannelError); ok {
-		return nc.Reject(err.Reason, err.Message)
+	if errAsOpenChannel, ok := err.(*cryptossh.OpenChannelError); ok {
+		return nc.Reject(errAsOpenChannel.Reason, errAsOpenChannel.Message)
 	} else if err != nil {
 		return err
 	}

python/az/aro/linter_exclusions.yml

@@ -4,12 +4,10 @@ aro create:
     cluster_resource_group:
       rule_exclusions:
       - option_length_too_long
+      - parameter_should_not_end_in_resource_group
     worker_vm_disk_size_gb:
       rule_exclusions:
       - option_length_too_long
-    cluster_resource_group:
-      rule_exclusions:
-      - parameter_should_not_end_in_resource_group
     vnet_resource_group_name:
       rule_exclusions:
       - parameter_should_not_end_in_resource_group