megalinter/entrypoint.sh at main · oxsecurity/megalinter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/usr/bin/env bash

PYTHONPATH=$PYTHONPATH:$(pwd)
export PYTHONPATH

# Manage debug mode
LOG_LEVEL="${LOG_LEVEL:-INFO}" # Default log level (VERBOSE, DEBUG, TRACE)

# Manage newest git versions (related to CVE https://github.blog/2022-04-12-git-security-vulnerability-announced/)
#
if [[ "${WORKSPACE_AS_SAFE_DIR}" != 'false' && "${DEFAULT_WORKSPACE}" && -d "${DEFAULT_WORKSPACE}" ]]; then
  echo "Setting git safe.directory DEFAULT_WORKSPACE: ${DEFAULT_WORKSPACE} ..."
  git config --global --add safe.directory "${DEFAULT_WORKSPACE}"
else
  echo "Skipped setting git safe.directory DEFAULT_WORKSPACE: ${DEFAULT_WORKSPACE} ..."
fi

if [ -z ${GITHUB_WORKSPACE+x} ]; then
  echo "Setting git safe.directory default: /github/workspace ..."
  git config --global --add safe.directory /github/workspace
else
  echo "Setting git safe.directory GITHUB_WORKSPACE: $GITHUB_WORKSPACE ..."
  git config --global --add safe.directory "$GITHUB_WORKSPACE"
fi

echo "Setting git safe.directory to /tmp/lint ..."
git config --global --add safe.directory /tmp/lint

# Called by Auto-update CI job
if [ "${UPGRADE_LINTERS_VERSION}" == "true" ]; then
  echo "[MegaLinter init] UPGRADING LINTER VERSION"
  pip install pytest-cov pytest-timeout pytest-rerunfailures
  # Run only get_linter_version test methods
  pytest --reruns 3 --reruns-delay 1 -v --durations=0 -k _get_linter_version megalinter/
  # Run only get_linter_help test methods
  pytest --reruns 3 --reruns-delay 1 -v --durations=0 -k _get_linter_help megalinter/
  # Reinstall mkdocs-material because of broken dependency
  pip3 install --upgrade markdown mike mkdocs-material pymdown-extensions mkdocs-glightbox mdx_truly_sane_lists jsonschema json-schema-for-humans giturlparse webpreview github-dependents-info
  cd /tmp/lint || exit 1
  chmod +x build.sh
  GITHUB_TOKEN="${GITHUB_TOKEN}" GEMINI_API_KEY="${GEMINI_API_KEY}" bash build.sh --doc --dependents --stats
  exit $?
fi

# Called by custom flavor image
if [ "${BUILD_CUSTOM_FLAVOR}" == "true" ]; then
  echo "[MegaLinter init] BUILD CUSTOM FLAVOR"
  if [ -d "/megalinter-builder" ]; then
    # For when in megalinter-flavor-builder docker image !
    GITHUB_TOKEN="${GITHUB_TOKEN}" python /megalinter-builder/.automation/build.py --custom-flavor
  else
    # For local tests only
    GITHUB_TOKEN="${GITHUB_TOKEN}" python ./.automation/build.py --custom-flavor
  fi
  exit $?
fi

# Run test cases with pytest
if [ "${TEST_CASE_RUN}" == "true" ]; then
  echo "[MegaLinter init] RUNNING TEST CASES"
  # pip install pytest-cov codecov-cli pytest-timeout pytest-xdist pytest-rerunfailures # temp remove codecov-cli to avoid issues with codecov upload
  pip install pytest-cov pytest-timeout pytest-xdist pytest-rerunfailures
  if [ -z "${TEST_KEYWORDS}" ]; then
    pytest --reruns 3 --reruns-delay 10 -v --timeout=300 --durations=0 --cov=megalinter --cov-report=xml --numprocesses auto --dist loadscope megalinter/
  else
    pytest --reruns 3 --reruns-delay 10 -v --timeout=300 --durations=0 --numprocesses 2 --dist loadscope -k "${TEST_KEYWORDS}" megalinter/
  fi
  PYTEST_STATUS=$?
  echo Pytest exited $PYTEST_STATUS
  # Manage return code
  if [ $PYTEST_STATUS -eq 0 ]; then
    echo "Successfully executed Pytest"
    exit 0 # Added with disable codecov upload
  else
    echo "Error(s) found by Pytest"
    exit 1
  fi
  # Upload to codecov.io if all tests run (temporary disabled)
  # if [ -z "${TEST_KEYWORDS}" ]; then
  #   codecov upload-process || true
  #   exit $?
  # fi
  # exit $?
fi

if [ "${MEGALINTER_SERVER}" == "true" ]; then
  # MegaLinter Server Worker, listens to redis queues using python RQ -> https://github.com/rq/rq
  set -eu
  echo "[MegaLinter init] MEGALINTER SERVER WORKER"
  # Install python dependencies used by server to avoid to make bigger docker images
  # pip install -r /server/requirements.txt <-- Now managed from Dockerfile-worker
  MEGALINTER_SERVER_REDIS_HOST="${MEGALINTER_SERVER_REDIS_HOST:-megalinter_server_redis}" # Default host
  MEGALINTER_SERVER_REDIS_PORT="${MEGALINTER_SERVER_REDIS_PORT:-6379}"                    # Default port
  MEGALINTER_SERVER_REDIS_QUEUE="${MEGALINTER_SERVER_REDIS_QUEUE:-megalinter:queue:requests}"
  if [ "${MEGALINTER_SERVER_WORKER_POOL}" == "true" ]; then
    # Use RQ worker pool (beta)
    MEGALINTER_SERVER_WORKER_POOL_NUMBER="${MEGALINTER_SERVER_WORKER_POOL_NUMBER:-10}" # Default number of worker threads
    echo "[MegaLinter Worker] Init Redis Queue Worker pool (${MEGALINTER_SERVER_WORKER_POOL_NUMBER} processes)"
    rq worker-pool --num-workers "${MEGALINTER_SERVER_WORKER_POOL_NUMBER}" --url "redis://${MEGALINTER_SERVER_REDIS_HOST}:${MEGALINTER_SERVER_REDIS_PORT}" "${MEGALINTER_SERVER_REDIS_QUEUE}"
  else
    # Use RQ worker (a worker can execute a single job parallelly)
    echo "[MegaLinter Worker] Init Redis Queue Single worker"
    rq worker --url "redis://${MEGALINTER_SERVER_REDIS_HOST}:${MEGALINTER_SERVER_REDIS_PORT}" "${MEGALINTER_SERVER_REDIS_QUEUE}"
  fi
else
  if [ "${MEGALINTER_SSH}" == "true" ]; then
    # MegaLinter SSH server
    set -eu
    SSH_VOLUME_FOLDER=/root/docker_ssh
    if [ -d "$SSH_VOLUME_FOLDER" ]; then
      # SSH key copy from local volume
      echo "Docker ssh folder content:"
      ls "$SSH_VOLUME_FOLDER"
      mkdir ~/.ssh
      chmod 700 ~/.ssh
      touch ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys
      cat $SSH_VOLUME_FOLDER/id_rsa.pub >>~/.ssh/authorized_keys
      chmod 644 /root/.ssh/authorized_keys
      mkdir -p /var/run/sshd
      ssh-keygen -A
      sed -i s/^#PasswordAuthentication\ yes/PasswordAuthentication\ no/ /etc/ssh/sshd_config
      sed -i s/^#PermitRootLogin\ prohibit-password/PermitRootLogin\ yes/ /etc/ssh/sshd_config
      sed -i s/^#PermitUserEnvironment\ no/PermitUserEnvironment\ yes/ /etc/ssh/sshd_config
      echo "root:root" | chpasswd
    fi
    # SSH startup
    echo "[MegaLinter init] SSH"
    export -p >/var/ml-env-vars # save all environment variables configured during Dockerfile creation
    /usr/sbin/sshd -D
  else
    # Normal  (run megalinter)
    echo "[MegaLinter init] ONE-SHOT RUN"
    python -m megalinter.run
  fi
fi