Setup Linting and Devcontainers

.devcontainer/docker-env/devcontainer.json

@@ -0,0 +1,23 @@
+{
+  "name": "JF cli, docker, linting",
+  "image": "mcr.microsoft.com/devcontainers/base:jammy",
+  "features": {
+    "ghcr.io/devcontainers-extra/features/jfrog-cli:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers-community/npm-features/prettier:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/docker-in-docker:2": {
+      "moby": true,
+      "azureDnsAutoDetection": true,
+      "installDockerBuildx": true,
+      "installDockerComposeSwitch": true,
+      "version": "latest",
+      "dockerDashComposeVersion": "v2"
+    },
+    "ghcr.io/devcontainers-extra/features/shfmt:1": {
+      "version": "latest"
+    }
+  }
+}

.devcontainer/go-env/devcontainer.json

@@ -0,0 +1,18 @@
+{
+  "name": "JF cli, Go, linting",
+  "image": "mcr.microsoft.com/devcontainers/base:jammy",
+  "features": {
+    "ghcr.io/devcontainers-extra/features/jfrog-cli:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers/features/go:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers-community/npm-features/prettier:1": {
+      "version": "latest"
+    },
+    "ghcr.io/devcontainers-extra/features/shfmt:1": {
+      "version": "latest"
+    }
+  }
+}

.frogbot-config.yml

@@ -1,16 +1,16 @@
 # Directories should be scanned for vulnerabilities
 projects:
-  - workingDirectory: "examples/java-app"
-    tool: "gradle"
-  - workingDirectory: "examples/python-app"
-    tool: "pip"
-  - workingDirectory: "examples/node-app"
-    tool: "npm"
+  - workingDirectory: 'examples/java-app'
+    tool: 'gradle'
+  - workingDirectory: 'examples/python-app'
+    tool: 'pip'
+  - workingDirectory: 'examples/node-app'
+    tool: 'npm'
 
 # Exclude root directory scanning since it's not an application
 excludeDirectories:
-  - "scripts/"
-  - "stats/"
-  - "venvdir/"
-  - ".github/"
-  - "docs/"
+  - 'scripts/'
+  - 'stats/'
+  - 'venvdir/'
+  - '.github/'
+  - 'docs/'

.github/linters/.jscpd.json

@@ -0,0 +1,6 @@
+{
+  "threshold": 10.0,
+  "reporters": ["console"],
+  "absolute": true,
+  "blame": true
+}

.github/workflows/calculate-public-usage.yml

@@ -1,83 +1,83 @@
-# .github/workflows/calculate-public-usage.yml
-name: Calculate Usage
-
-on:
-  schedule:
-    - cron: '0 3 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: write
-
-jobs:
-  count_repos:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out repository
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: true
-
-      - name: Count unique repos referencing JF_URL
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          # Capture current date in YYYY-MM-DD (UTC)
-          current_date=$(date -u +%Y-%m-%d)
-
-          # Run the GitHub Code Search API, extract repo names, dedupe, and count
-          count=$(
-            curl -sSL \
-              -H "Authorization: Bearer $GH_TOKEN" \
-              -H "Accept: application/vnd.github+json" \
-              "https://api.github.com/search/code?q=%22JF_URL%3A+https%3A%2F%2Fartifacts-artefacts.devops.cloud-nuage.canada.ca%22+language%3AYAML+path%3A.github%2Fworkflows%2F" \
-            | jq -r '.items[].repository.full_name' \
-            | sort -u \
-            | wc -l
-          )
-
-          echo "Date: $current_date"
-          echo "Unique repos found: $count"
-
-          # Ensure data directory exists
-          mkdir -p stats
-
-          # Define the CSV file path
-          file="stats/usage.csv"
-
-          # If the file doesn't exist, add a header
-          if [ ! -f "$file" ]; then
-            echo "date,count" > "$file"
-          fi
-
-          # Append today's date and the count
-          echo "$current_date,$count" >> "$file"
-
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.x'
-
-      - name: Install plotting dependencies
-        run: |
-          pip install pandas matplotlib
-
-      - name: Generate XKCD-style usage graph
-        run: |
-          python3 scripts/generate_graph.py
-
-      - name: Commit and push updated data file + graph
-        run: |
-          # Configure git author
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-
-          # Stage CSV and PNG
-          git add stats/usage.csv stats/usage.png
-
-          # Commit changes if there are any
-          git commit -m "Add usage for $(date -u +%Y-%m-%d): ${{ steps.count_repos.outputs.count }}" || echo "No changes to commit"
-
-          # Push back to the default branch
-          git push
+# .github/workflows/calculate-public-usage.yml
+name: Calculate Usage
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  count_repos:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+
+      - name: Count unique repos referencing JF_URL
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # Capture current date in YYYY-MM-DD (UTC)
+          current_date=$(date -u +%Y-%m-%d)
+
+          # Run the GitHub Code Search API, extract repo names, dedupe, and count
+          count=$(
+            curl -sSL \
+              -H "Authorization: Bearer $GH_TOKEN" \
+              -H "Accept: application/vnd.github+json" \
+              "https://api.github.com/search/code?q=%22JF_URL%3A+https%3A%2F%2Fartifacts-artefacts.devops.cloud-nuage.canada.ca%22+language%3AYAML+path%3A.github%2Fworkflows%2F" \
+            | jq -r '.items[].repository.full_name' \
+            | sort -u \
+            | wc -l
+          )
+
+          echo "Date: $current_date"
+          echo "Unique repos found: $count"
+
+          # Ensure data directory exists
+          mkdir -p stats
+
+          # Define the CSV file path
+          file="stats/usage.csv"
+
+          # If the file doesn't exist, add a header
+          if [ ! -f "$file" ]; then
+            echo "date,count" > "$file"
+          fi
+
+          # Append today's date and the count
+          echo "$current_date,$count" >> "$file"
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install plotting dependencies
+        run: |
+          pip install pandas matplotlib
+
+      - name: Generate XKCD-style usage graph
+        run: |
+          python3 scripts/generate_graph.py
+
+      - name: Commit and push updated data file + graph
+        run: |
+          # Configure git author
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Stage CSV and PNG
+          git add stats/usage.csv stats/usage.png
+
+          # Commit changes if there are any
+          git commit -m "Add usage for $(date -u +%Y-%m-%d): ${{ steps.count_repos.outputs.count }}" || echo "No changes to commit"
+
+          # Push back to the default branch
+          git push

.github/workflows/cc-code-scanning.yml

@@ -0,0 +1,40 @@
+---
+name: Compliance Code Linting
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 0'
+
+permissions: read-all
+
+jobs:
+  build:
+    name: Full Code Scan
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      statuses: write # To report GitHub Actions status checks
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Lint Codebase
+        uses: super-linter/super-linter/slim@v7.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To report GitHub Actions status checks
+          VALIDATE_ALL_CODEBASE: true # Lint only changed files
+          SUPPRESS_POSSUM: true
+          LINTER_RULES_PATH: /
+          IGNORE_GITIGNORED_FILES: true
+          NATURAL_LANGUAGE_CONFIG_FILE: '.textlintrc.json'
+          PYTHON_BLACK_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_ISORT_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_RUFF_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_PYINK_CONFIG_FILE: 'pyproject.toml'
+          VALIDATE_PYTHON_PYINK: false

.github/workflows/java-app.yml

@@ -5,13 +5,13 @@ on:
   push:
     branches: [main]
     paths:
-      - "examples/java-app/**"
-      - ".github/workflows/**"
+      - 'examples/java-app/**'
+      - '.github/workflows/**'
   pull_request:
     branches: [main]
     paths:
-      - "examples/java-app/**"
-      - ".github/workflows/**"
+      - 'examples/java-app/**'
+      - '.github/workflows/**'
 
 env:
   REGISTRY: artifacts-artefacts.devops.cloud-nuage.canada.ca
@@ -117,11 +117,11 @@ jobs:
           JF_URL: https://${{ env.REGISTRY }}
           JF_ACCESS_TOKEN: ${{ secrets.JFROG_JWT_TOKEN }}
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          JF_GIT_USE_GITHUB_ENVIRONMENT: "false"
-          JF_INCLUDE_ALL_VULNERABILITIES: "true"
-          JF_ENABLE_SAST: "true"
-          JF_ENABLE_SECRETS: "true"
-          JF_ENABLE_IAC: "true"
+          JF_GIT_USE_GITHUB_ENVIRONMENT: 'false'
+          JF_INCLUDE_ALL_VULNERABILITIES: 'true'
+          JF_ENABLE_SAST: 'true'
+          JF_ENABLE_SECRETS: 'true'
+          JF_ENABLE_IAC: 'true'
   summary:
     needs: [build-and-scan, cleanup]
     runs-on: ubuntu-latest

.github/workflows/node-app.yml

@@ -5,13 +5,13 @@ on:
   push:
     branches: [main]
     paths:
-      - "examples/node-app/**"
-      - ".github/workflows/**"
+      - 'examples/node-app/**'
+      - '.github/workflows/**'
   pull_request:
     branches: [main]
     paths:
-      - "examples/node-app/**"
-      - ".github/workflows/**"
+      - 'examples/node-app/**'
+      - '.github/workflows/**'
 env:
   REGISTRY: artifacts-artefacts.devops.cloud-nuage.canada.ca
   IMAGE_NAME: ssc-aurora-docker-local/node-app
@@ -115,11 +115,11 @@ jobs:
           JF_URL: https://${{ env.REGISTRY }}
           JF_ACCESS_TOKEN: ${{ secrets.JFROG_JWT_TOKEN }}
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          JF_GIT_USE_GITHUB_ENVIRONMENT: "false"
-          JF_INCLUDE_ALL_VULNERABILITIES: "true"
-          JF_ENABLE_SAST: "true"
-          JF_ENABLE_SECRETS: "true"
-          JF_ENABLE_IAC: "true"
+          JF_GIT_USE_GITHUB_ENVIRONMENT: 'false'
+          JF_INCLUDE_ALL_VULNERABILITIES: 'true'
+          JF_ENABLE_SAST: 'true'
+          JF_ENABLE_SECRETS: 'true'
+          JF_ENABLE_IAC: 'true'
 
   summary:
     needs: [build-and-scan, cleanup]

.github/workflows/pr-code-scanning.yml

@@ -0,0 +1,42 @@
+---
+name: Code Linting
+
+on:
+  push: {}
+  pull_request: {}
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  build:
+    name: Incoming Scan Code
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: read
+      statuses: write # To report GitHub Actions status checks
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        with:
+          fetch-depth: 0
+
+      - name: Lint Incoming Changes
+        uses: super-linter/super-linter/slim@v7.4.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To report GitHub Actions status checks
+          VALIDATE_ALL_CODEBASE: false # Lint only changed files
+          VALIDATE_CHECKOV: false
+          VALIDATE_JSCPD: false
+          SUPPRESS_POSSUM: true
+          LINTER_RULES_PATH: /
+          IGNORE_GITIGNORED_FILES: true
+          NATURAL_LANGUAGE_CONFIG_FILE: '.textlintrc.json'
+          PYTHON_BLACK_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_ISORT_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_RUFF_CONFIG_FILE: 'pyproject.toml'
+          PYTHON_PYINK_CONFIG_FILE: 'pyproject.toml'
+          VALIDATE_PYTHON_PYINK: false