kairos-io · Itxaka · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025
@@ -0,0 +1,15 @@
+name: Lint
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  call-workflow:
+    uses: kairos-io/linting-composite-action/.github/workflows/reusable-linting.yaml@d38a45447609f936c9d519bd14ed771b7214ad42 # v0.0.10
+    with:
+      yamldirs: ".github/workflows/ pkg/bundled/cloudconfigs/"
+      is-go: false
@@ -0,0 +1,13 @@
+# We use "override" instead of "ignore" to still see these issues.
+# With the "failure-threshold" set to "warning" below, these should not make
+# the test fail.
+override:
+  info:
+    # warning: Specify version with `dnf install -y <package>-<version>`.
+    - DL3041
+    # warning: Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
+    - DL3008
+    # warning: Always tag the version of an image explicitly
+    # Reason: We build "latest" images using "latest" base images.
+    - DL3006
+failure-threshold: warning
@@ -0,0 +1,21 @@
+extends: default
+
+rules:
+  # 80 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 305
+    level: warning
+
+  # accept both     key:
+  #                   - item
+  #
+  # and             key:
+  #                 - item
+  indentation:
+    indent-sequences: whatever
+
+  truthy:
+    check-keys: false
+
+  document-start:
+    present: false
@@ -3,6 +3,7 @@ ARG VALIDATE_IMAGE=ubuntu:24.04
 
 FROM golang AS build
 ARG TARGETARCH
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 WORKDIR /app
 COPY Makefile .
 RUN apt-get update && apt-get install -y --no-install-recommends xz-utils file && \
@@ -12,7 +13,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends xz-utils file &
   apt-get remove -y xz-utils && \
   rm -rf /var/lib/apt/lists/*
 RUN make all
-COPY go.mod go.sum .
+COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
 ENV CGO_ENABLED=0
@@ -27,7 +28,7 @@ FROM ${VALIDATE_IMAGE} AS validate
 COPY --from=build /app/kairos-init /kairos-init
 RUN /kairos-init validate
 
-FROM ${BASE_IMAGE}
+FROM ${BASE_IMAGE} AS default
 ARG MODEL=generic
 ARG TRUSTED_BOOT=false
 ARG KUBERNETES_PROVIDER=k3s
@@ -36,7 +37,4 @@ ARG VERSION=v0.0.1
 ARG FIPS=false
 
 COPY --from=kairos-init /kairos-init /kairos-init
-RUN /kairos-init -l debug -s install -m "${MODEL}" -t "${TRUSTED_BOOT}" -k "${KUBERNETES_PROVIDER}" --k8sversion "${KUBERNETES_VERSION}" --version "${VERSION}" $(if [ "${FIPS}" = "true" ]; then echo "--fips"; fi)
-RUN /kairos-init -l debug -s init -m "${MODEL}" -t "${TRUSTED_BOOT}" -k "${KUBERNETES_PROVIDER}" --k8sversion "${KUBERNETES_VERSION}" --version "${VERSION}" $(if [ "${FIPS}" = "true" ]; then echo "--fips"; fi)
-RUN /kairos-init validate -t "${TRUSTED_BOOT}"
-RUN rm /kairos-init
+RUN /kairos-init -l debug -m "${MODEL}" -t "${TRUSTED_BOOT}" -k "${KUBERNETES_PROVIDER}" --k8sversion "${KUBERNETES_VERSION}" --version "${VERSION}" "$(if [ "${FIPS}" = "true" ]; then echo "--fips"; fi)" && /kairos-init validate -t "${TRUSTED_BOOT}" && rm /kairos-init
@@ -4,6 +4,7 @@ import (
 	"embed"
 )
 
+//nolint:staticcheck
 //go:embed binaries/kairos-agent
 var EmbeddedAgent []byte
 
@@ -28,6 +29,7 @@ var EmbeddedKairosProvider []byte
 //go:embed binaries/fips/provider-kairos
 var EmbeddedKairosProviderFips []byte
 
+//nolint:staticcheck
 //go:embed binaries/edgevpn
 var EmbeddedEdgeVPN []byte
 

@@ -13,7 +13,7 @@ stages:
               echo "Skipping ownership fix because sentinel file was found: $SENTINEL_FILE"
             exit 0
             fi
-          
+
             # Iterate over users in /etc/passwd and chown their directories
             awk -F: '$3 >= 1000 && $6 ~ /^\/home\// {print $1, $6}' /etc/passwd | while read -r user homedir; do
                     if [ -d "$homedir" ]; then  # Check if the home directory exists
@@ -23,7 +23,7 @@ stages:
                     echo "Directory $homedir does not exist for user $user"
                     fi
             done
-            
+
             # Write the sentinel file
             mkdir -p "$(dirname $SENTINEL_FILE)"
             echo "https://github.com/kairos-io/kairos/issues/2843" > $SENTINEL_FILE

@@ -75,4 +75,4 @@ stages:
       only_service_manager: "systemd"
       commands:
         - rm /etc/resolv.conf
-        - ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
+        - ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf