Commit Graph

35 Commits

Author SHA1 Message Date
Ben Grande
95a184d1a9
fix: change directory to repository top level 2024-07-19 15:29:17 +02:00
Ben Grande
fa11a1da7f
fix: lint all Salt file extensions 2024-07-18 12:23:38 +02:00
Ben Grande
cf432651b3
fix: shell syntax typos 2024-07-15 10:08:19 +02:00
Ben Grande
04d1aaf63e
feat: find PGP keys from within the linter
- Find PGP keys using the same methods as other scripts;
- Lower threshold to 30 days by default;
- Add environment variable to set threshold;
- Add colors to distinguish expired from expires soon; and
- Add days until key expiration when it is below threshold.
2024-07-11 15:29:57 +02:00
Ben Grande
4239032cfc
fix: uniform lint scripts name 2024-07-10 15:06:11 +02:00
Ben Grande
224312ed42
feat: enable all optional shellcheck validations
Make shell a little bit safer with:

- add-default-case
- check-extra-masked-returns
- check-set-e-suppressed
- quote-safe-variables
- check-unassigned-uppercase

Although there are some stylistic decisions for uniformity:

- avoid-nullary-conditions
- deprecated-which
- require-variable-braces
2024-07-10 14:36:05 +02:00
Ben Grande
011a71a36d
style: limit line length per file extension
Editorconfig can only act based on file extension and path, not
attributes, it remains a mean only for multiple collaborators to use the
same configuration on their editor. When it is too restrictive, such as
not considering the file syntax, use a lint tool for the specific file
type instead of trusting editorconfig. Changes were made to increase
readability.
2024-07-09 17:42:07 +02:00
Ben Grande
6eb13fa07f
ci: reproducible license sort 2024-07-08 19:10:14 +02:00
Ben Grande
6e6c7b452f
ci: escape special sed character 2024-07-08 18:34:41 +02:00
Ben Grande
f30e5e11a9
build: dictionary sort licenses names
GHA can sort differently than local.
2024-07-08 18:20:12 +02:00
Ben Grande
0f6aa34a89
test: show RPM Spec differences on status check 2024-07-08 18:00:01 +02:00
Ben Grande
523bca2327
fix: conform files to editorconfig specification 2024-07-08 17:26:34 +02:00
Ben Grande
0e150382e1
ci: check if RPM Specs are up to date 2024-07-08 15:21:49 +02:00
Ben Grande
f60077f1a9
doc: spell check 2024-07-08 11:41:45 +02:00
Ben Grande
077b9b4e5e
ci: lint YAML and spell check code 2024-07-08 11:12:38 +02:00
Ben Grande
35fa43dadf
perf: make pre-commit hooks pass file extensions
- shell-lint: faster evaluation of shell scripts, hook 40% faster;
- *-lint: unify method to find the "find" utility; and
- pre-commit: pass file extensions to lint tools.
2024-07-06 22:25:54 +02:00
Ben Grande
d457302fc3
feat: lint python files 2024-07-05 12:24:24 +02:00
Ben Grande
2a4b453b58
fix: lint GitHub issue and pull request templates 2024-07-04 18:09:38 +02:00
Ben Grande
383c840f2f
doc: lint markdown files
Only way to have a unified markdown syntax is to enforce the wanted
syntax by linting the files. Don't rely on the many markdown syntaxes,
be consistent.
2024-07-04 17:27:31 +02:00
Ben Grande
c0508977c7
build: remove unpackaged hidden files
Dotfiles build failed as it is a submodule and contains ".git" and
"LICENSES". Hidden files in the base directory are normally used to
specify configuration of tools for development, not usable in packages.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 17:11:46 +02:00
Ben Grande
e2791139ee
fix: build RPM contained in spec definitions
The spec-build.sh was necessary for a proper build, but it is not
correct to depend on external scripts to generate the correct
RPM_BUILD_ROOT files. Now everything is contained in the spec file. The
spec-build.sh can be used in the future to automate the process of
copying sources to the specified directory and signing, but not
modifying the sources contents on a per file basis.

For: https://github.com/ben-grande/qusal/issues/59
2024-06-24 08:24:48 +02:00
Ben Grande
ac6f707bf5
ci: set spec vendor as git user.name is unset
Fixes: https://github.com/ben-grande/qusal/issues/67
2024-06-22 12:39:51 +02:00
Ben Grande
c84dfea48e
fix: generate RPM Specs for Qubes Builder V2
It doesn't checkout the current directory when querying the spec, so we
provide the already modified version of the spec.
2024-06-21 17:00:06 +02:00
Ben Grande
8640b6d11b
feat: add Qubes Builder configuration
For: https://github.com/ben-grande/qusal/issues/59
2024-06-20 17:54:40 +02:00
Ben Grande
ff41103194
build: spec scriptlet fails when it is empty
Echoing the word true was getting evaluated instead of being assigned as
a string.
2024-06-14 19:22:43 +02:00
Ben Grande
3c2bba2a9a
build: quiet build and verbose changelog 2024-06-13 14:03:16 +02:00
Ben Grande
fe996b3a35
ci: untracked readme is an untracked project 2024-06-13 13:14:41 +02:00
Ben Grande
fc22726ee8
feat: build and sign RPM packages
Passing files to Dom0 is always dangerous:

- Passing a git repository is dangerous as it can have ignored modified
  files and signature verification will pass.
- Passing an archive is troublesome for updates.
- Passing an RPM package depends on the RPM verification to be correct,
  some times it is not.
- Passing a RPM repository definition is less troublesome for the user,
  as it is a small file to verify the contents and update mechanism is
  via the package manager. Trust in RPM verification is still required.

Many improvements were made to the build scripts:

- requires-program: Single function to check if program is installed;
- spec-get: Sort project names for the usage message;
- spec-get: Only running commands that are necessary;
- spec-get: Fix empty summary when readme has copyright header;
- spec-gen: Fix grep warning of escaped symbol;
- spec-build: Sign RPM and verify signature;
- spec-build: Only lint the first SPEC for faster runtime;
- yumrepo-gen: Generate a local yum repository with signed metadata;
- qubesbuilder-gen: Generate a .qubesbuilder based on tracked projects;
- release: Build, sign and push all RPMs to repository.

Goal is to be able to build with qubes-builderv2 Qubes Executor.

For: https://github.com/ben-grande/qusal/issues/37
2024-06-12 14:44:04 +02:00
Ben Grande
40a4107290
fix: verify all subkeys expiration date
For: https://github.com/ben-grande/qusal/issues/46
2024-05-15 15:58:00 +02:00
Ben Grande
c6e4224e1b
feat: monitor pgp key expiration
For: https://github.com/ben-grande/qusal/issues/46
2024-05-15 01:26:59 +02:00
Ben Grande
ee7bfd5089 fix: remove sudo from RPM spec 2024-03-14 16:22:41 +01:00
Ben Grande
9b6895b06f feat: print hex of unicode
Useful to detect unwanted characters in third party contributions
patches using a CI hook.
2024-03-14 12:09:49 +01:00
Ben Grande
6efcc1da77 chore: copyright update 2024-01-29 16:49:54 +01:00
Ben Grande
9b740d8314 feat: allow to run setup outside of its directory 2024-01-18 09:25:01 +01:00
Ben Grande
5eebd789ed refactor: initial commit 2023-11-13 14:33:28 +00:00