Linting yamls with yamllint 🏷

Next update of plumbing will enable `yamllint` check, so this make
sure we have linted yaml before 👼

Signed-off-by: Vincent Demeester <vdemeest@redhat.com>

.yamllint

@@ -0,0 +1,35 @@
+ignore: |
+  /vendor
+
+rules:
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start: disable
+  empty-lines: enable
+  empty-values: enable
+  hyphens: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines: enable
+  octal-values: enable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning
+
+  # accept both     key:
+  #                   - item
+  #
+  # and             key:
+  #                 - item
+  indentation:
+    indent-sequences: whatever

ansible-tower-cli/ansible-tower-cli-task.yaml

@@ -25,13 +25,13 @@ spec:
   steps:
     - name: config
       image: quay.io/rcmendes/ansible-tower-cli:latest
-      command: 
+      command:
         - '/bin/sh'
         - '-c'
       args:
         - |-
             echo -e "verify_ssl = $(inputs.params.SSLVERIFY)\nverbose = true\nhost = $(inputs.params.HOST)\nusername = $USER\npassword = $PASS" > ~/.tower_cli.cfg
-            chmod 600 ~/.tower_cli.cfg 
+            chmod 600 ~/.tower_cli.cfg
             echo "Generated tower_cli.cfg file"
             echo "-----------------------------"
             ls -lah ~/ | grep tower_cli
@@ -39,12 +39,12 @@ spec:
       env:
         - name: USER
           valueFrom:
-            secretKeyRef: 
+            secretKeyRef:
               name: $(inputs.params.tower-secret)
               key: USER
         - name: PASS
           valueFrom:
-            secretKeyRef: 
+            secretKeyRef:
               name: $(inputs.params.tower-secret)
               key: PASS
     - name: tower-cli
@@ -52,4 +52,3 @@ spec:
       command: ["/usr/bin/tower-cli"]
       args:
         - "$(inputs.params.ARGS)"
-

argocd/argocd.yaml

@@ -17,9 +17,9 @@ spec:
   stepTemplate:
     envFrom:
       - configMapRef:
-          name: argocd-env-configmap # used for server address
+          name: argocd-env-configmap  # used for server address
       - secretRef:
-          name: argocd-env-secret # used for authentication (username/password or auth token)
+          name: argocd-env-secret  # used for authentication (username/password or auth token)
   steps:
     - name: login
       image: argoproj/argocd:$(inputs.params.argocd-version)

buildah/buildah.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: tekton.dev/v1alpha1
 kind: Task
 metadata:

buildkit-daemonless/buildkit-daemonless.yaml

@@ -10,8 +10,8 @@ spec:
       default: "Dockerfile"
     - name: BUILDKIT_IMAGE
       description: The name of the BuildKit image
-# The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
-# https://github.com/tektoncd/pipeline/issues/852
+      # The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
+      # https://github.com/tektoncd/pipeline/issues/852
       default: "moby/buildkit:v0.6.2"
     resources:
     - name: source

buildkit/deployment+service.privileged.yaml

@@ -38,7 +38,7 @@ spec:
           readOnly: true
           mountPath: /certs
       volumes:
-# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
+      # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
       - name: certs
         secret:
           secretName: buildkit-daemon-certs

buildkit/deployment+service.rootless.yaml

@@ -17,7 +17,7 @@ spec:
       annotations:
         container.apparmor.security.beta.kubernetes.io/buildkitd: unconfined
         container.seccomp.security.alpha.kubernetes.io/buildkitd: unconfined
-# see buildkit/docs/rootless.md for caveats of rootless mode
+    # see buildkit/docs/rootless.md for caveats of rootless mode
     spec:
       containers:
       - name: buildkitd
@@ -35,7 +35,7 @@ spec:
         - /certs/key.pem
         - --oci-worker-no-process-sandbox
         securityContext:
-# To change UID/GID, you need to rebuild the image
+          # To change UID/GID, you need to rebuild the image
           runAsUser: 1000
           runAsGroup: 1000
         ports:
@@ -45,7 +45,7 @@ spec:
           readOnly: true
           mountPath: /certs
       volumes:
-# buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
+      # buildkit-daemon-certs must contain ca.pem, cert.pem, and key.pem
       - name: certs
         secret:
           secretName: buildkit-daemon-certs

buildkit/task.yaml

@@ -10,8 +10,8 @@ spec:
       default: "Dockerfile"
     - name: BUILDKIT_CLIENT_IMAGE
       description: The name of the BuildKit client (buildctl) image
-# The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
-# https://github.com/tektoncd/pipeline/issues/852
+      # The image needs to be rootful because Tekton creates /builder/home/.docker/config.json owned by root:root with 0600
+      # https://github.com/tektoncd/pipeline/issues/852
       default: "moby/buildkit:v0.6.2"
     - name: BUILDKIT_DAEMON_ADDRESS
       description: The address of the BuildKit daemon (buildkitd) service

buildpacks/buildpacks-v3.yaml

@@ -58,7 +58,7 @@ spec:
     volumeMounts:
     - name: "layers-dir"
       mountPath: /layers
-    
+
   - name: restore
     image: $(inputs.params.BUILDER_IMAGE)
     imagePullPolicy: Always

conftest/conftest.yaml

@@ -29,6 +29,6 @@ spec:
       - $(inputs.params.files)
       - -p
       - $(inputs.params.policy)
-      - -o      
+      - -o
       - $(inputs.params.output)
       - $(inputs.params.args)

conftest/helm-conftest.yaml

@@ -29,6 +29,6 @@ spec:
       - $(inputs.params.chart)
       - -p
       - $(inputs.params.policy)
-      - -o      
+      - -o
       - $(inputs.params.output)
       - $(inputs.params.args)

golang/lint.yaml

@@ -11,7 +11,7 @@ spec:
       description: flags to use for the test command
       default: --verbose
     - name: version
-      default: golangci-lint version to use
+      description: golangci-lint version to use
       default: "v1.17.1"
     - name: GOOS
       description: "running operating system target"

kaniko/kaniko.yaml

@@ -35,5 +35,5 @@ spec:
     - /kaniko/executor
     - $(inputs.params.EXTRA_ARGS)
     - --dockerfile=$(inputs.params.DOCKERFILE)
-    - --context=/workspace/source/$(inputs.params.CONTEXT) # The user does not need to care the workspace and the source.
+    - --context=/workspace/source/$(inputs.params.CONTEXT)  # The user does not need to care the workspace and the source.
     - --destination=$(outputs.resources.image.url)

knctl/knctl-deploy.yaml

@@ -13,7 +13,7 @@ spec:
   steps:
   # the first step is required as knctl doesn't support inCluster configuration.
   - name: kubeconfig
-    image: gcr.io/cloud-builders/kubectl # it is huge
+    image: gcr.io/cloud-builders/kubectl  # it is huge
     command: ["/bin/bash"]
     args:
     - -c

kubeval/kubeval.yaml

@@ -25,6 +25,6 @@ spec:
       - kubeval
       - -d
       - $(inputs.params.files)
-      - -o      
+      - -o
       - $(inputs.params.output)
       - $(inputs.params.args)

openwhisk/openwhisk.yaml

@@ -44,52 +44,51 @@ spec:
               type: image
     steps:
         - name: add-ow-env-to-dockerfile
-          image: ubuntu 
+          image: ubuntu
           command:
-            - bash
+          - bash
           args:
-            - -c
-            - |
-              if [ -z $(inputs.params.OW_PROJECT_URL) ]; then
-                OW_ACTION_CODE="$(inputs.params.OW_ACTION_CODE)"
+          - -c
+          - |
+            if [ -z $(inputs.params.OW_PROJECT_URL) ]; then
+              OW_ACTION_CODE="$(inputs.params.OW_ACTION_CODE)"
+            else
+              TEMPDIR="knative-"$((1 + RANDOM % 100))
+              TEMPFILE=`basename "$(inputs.params.OW_PROJECT_URL)"`
+              mkdir $TEMPDIR
+              cd $TEMPDIR
+              wget -O $TEMPFILE "$(inputs.params.OW_PROJECT_URL)"
+              if [ "$(inputs.params.OW_ACTION_BINARY)" = true ]; then
+                  OW_ACTION_CODE=`base64 $TEMPFILE | tr -d '[:space:]'`
               else
-                TEMPDIR="knative-"$((1 + RANDOM % 100))
-                TEMPFILE=`basename "$(inputs.params.OW_PROJECT_URL)"`
-                mkdir $TEMPDIR
-                cd $TEMPDIR
-                wget -O $TEMPFILE "$(inputs.params.OW_PROJECT_URL)"
-                if [ "$(inputs.params.OW_ACTION_BINARY)" = true ]; then
-                    OW_ACTION_CODE=`base64 $TEMPFILE | tr -d '[:space:]'`
-                else
-                    OW_ACTION_CODE=`cat $TEMPFILE`
-                fi
-                cd ..
+                  OW_ACTION_CODE=`cat $TEMPFILE`
               fi
-              cat <<EOF >> $(inputs.params.DOCKERFILE)
-                ENV __OW_RUNTIME_DEBUG "$(inputs.params.OW_RUNTIME_DEBUG)"
-                ENV __OW_RUNTIME_PLATFORM "$(inputs.params.OW_RUNTIME_PLATFORM)"
-                ENV __OW_ACTION_NAME "$(inputs.params.OW_ACTION_NAME)"
-                ENV __OW_ACTION_CODE "$(OW_ACTION_CODE)"
-                ENV __OW_ACTION_MAIN "$(inputs.params.OW_ACTION_MAIN)"
-                ENV __OW_ACTION_BINARY "$(inputs.params.OW_ACTION_BINARY)"
-                ENV __OW_HTTP_METHODS "$(inputs.params.OW_HTTP_METHODS)"
-                ENV __OW_ACTION_RAW "$(inputs.params.OW_ACTION_RAW)"
-                ENV __OW_PROJECT_URL "$(inputs.params.OW_PROJECT_URL)"
-              EOF
+              cd ..
+            fi
+            cat <<EOF >> $(inputs.params.DOCKERFILE)
+              ENV __OW_RUNTIME_DEBUG "$(inputs.params.OW_RUNTIME_DEBUG)"
+              ENV __OW_RUNTIME_PLATFORM "$(inputs.params.OW_RUNTIME_PLATFORM)"
+              ENV __OW_ACTION_NAME "$(inputs.params.OW_ACTION_NAME)"
+              ENV __OW_ACTION_CODE "$(OW_ACTION_CODE)"
+              ENV __OW_ACTION_MAIN "$(inputs.params.OW_ACTION_MAIN)"
+              ENV __OW_ACTION_BINARY "$(inputs.params.OW_ACTION_BINARY)"
+              ENV __OW_HTTP_METHODS "$(inputs.params.OW_HTTP_METHODS)"
+              ENV __OW_ACTION_RAW "$(inputs.params.OW_ACTION_RAW)"
+              ENV __OW_PROJECT_URL "$(inputs.params.OW_PROJECT_URL)"
+            EOF
         - name: update-dockerfile-for-tekton
-          image: ubuntu 
+          image: ubuntu
           command:
-            - sed
+          - sed
           args:
-            - -i
-            - -e
-            - 's/COPY ./COPY .\/runtime-git/g'
-            - $(inputs.params.DOCKERFILE)
+          - -i
+          - -e
+          - 's/COPY ./COPY .\/runtime-git/g'
+          - $(inputs.params.DOCKERFILE)
         - name: build-openwhisk-nodejs-runtime
           image: "gcr.io/kaniko-project/executor:latest"
           command:
-            - /kaniko/executor
+          - /kaniko/executor
           args:
-            - --dockerfile=$(inputs.params.DOCKERFILE)
-            - --destination=$(outputs.resources.runtime-image.url)
-
+          - --dockerfile=$(inputs.params.DOCKERFILE)
+          - --destination=$(outputs.resources.runtime-image.url)

openwhisk/service-account.yaml

@@ -2,7 +2,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-    name: openwhisk-runtime-builder
+  name: openwhisk-runtime-builder
 secrets:
-    - name: dockerhub-user-pass
-
+- name: dockerhub-user-pass

s2i/s2i.yaml

@@ -5,8 +5,8 @@ metadata:
 spec:
   inputs:
     resources:
-     - name: source
-       type: git
+    - name: source
+      type: git
     params:
     - name: BUILDER_IMAGE
       description: The location of the s2i builder image.
@@ -28,8 +28,8 @@ spec:
     workingdir: /workspace/source
     command: ['s2i', 'build', '$(inputs.params.PATH_CONTEXT)', '$(inputs.params.BUILDER_IMAGE)', '--as-dockerfile', '/gen-source/Dockerfile.gen']
     volumeMounts:
-     - name: gen-source
-       mountPath: /gen-source
+    - name: gen-source
+      mountPath: /gen-source
   - name: build
     image: quay.io/buildah/stable
     workingdir: /gen-source