mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
5771b5e968f48d259f59dde96b67f5ff17c787ee
meldestelle/scripts/validate-docker-consistency.sh
T
StefanMo b35c4087a2 Fix: Test-Commit für VCS-Integration (MP-8) (#15) 
* MP-8 OTHER Implementiere JWT-Authentifizierungs-Filter im Gateway

* Fix(ci): Update upload-artifact action to v4

* Fix(ci): Add start command for Keycloak and failure logs

* Fix(ci): Remove invalid 'command' property from Keycloak service

* Fix(ci): Use KC_DEV_MODE env var to start Keycloak

* Fix(ci): Keycloak service was removed from GitHub Actions services and replaced with a manual docker run step that starts Keycloak with the start-dev command.

* dev(ci): vereinheitliche Keycloak auf 26.4.2; aktiviere Health im CI (MP-8)

* Fix(ci): Stabilize Keycloak startup in integration tests via matrix

- Add `dev-file` Keycloak variant to matrix for stability fallback.
- Improve wait logic and health checks for Keycloak and Postgres.
- Unify Keycloak version to 26.4.2 across codebase.
- Add log dumps on failure.

* Fix(ci): Die betroffene Datei docs/Visionen-Ideen/Infrastruktur-Strategie_DSGVO-Konformität.md endet aktuell mit genau einer leeren Zeile (Zeile 87). Das entspricht der Regel MD047 („Files should end with a single newline character“). Damit ist deine Korrektur korrekt.

* Fix(ci): Repository-wide auto-fix for Markdown files was implemented with a GitHub Actions workflow and a local helper script. EditorConfig and markdownlint ignore files were added to ensure consistent formatting. Instructions for using the auto-fix both via GitHub Actions and locally were provided.

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* fix(gradle): build.gradle.kts jsBrowser testTask disabled

* Fix(ci): Stabilize integration tests with Keycloak matrix build (MP-8)

Introduces a matrix strategy (`keycloak_db: [postgres, dev-file]`)
in the integration-tests workflow to mitigate flaky Keycloak starts
when using the Postgres service container.

- Adds a `dev-file` Keycloak variant for stability fallback.
- Improves wait logic and health checks for Keycloak/Postgres.
- Unifies Keycloak version to 26.4.2 across codebase (Dockerfile, Compose,
  ADR, README, tests).
- Adds log dumps on failure in CI.
- Ensures `KC_HEALTH_ENABLED=true` is set.
- Updates related documentation (README, Schlachtplan).
- Includes broader Docker SSoT cleanup (versions.toml as source,
  script updates, env file cleanup, validator hardening).

This resolves recurring CI failures related to Keycloak startup and
ensures required checks for PRs (#15) are reliable, while also
improving overall Docker build consistency.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* feat(docs, ci): Implement YouTrack SSoT strategy with Dokka sync (MP-8)

- Add Dokka multi-module Gradle configuration and KDoc style guide.
- Add GitHub Actions workflow (docs-kdoc-sync.yml) and Python script
  (youtrack-sync-kb.py) to sync Dokka GFM output to YouTrack KB.
- Extend front-matter schema (bc, doc_type) and update relevant pages/stubs.
- Adapt CI scripts (validate-frontmatter, check-docs-drift, ci-docs link ignore).
- Update README.md to reference YouTrack KB.

* Fix(ci): Replace OpenAPI validator with Spectral

Replaces the deprecated 'char0n/swagger-editor-validate' action,
which failed due to sandbox issues in GitHub Actions, with the
modern '@stoplight/spectral-cli'.

This ensures robust OpenAPI specification validation without
requiring a headless browser environment. The 'generate-api-docs'
job now depends on the successful completion of the Spectral validation.

Part of resolving CI failures for PR #15 (MP-8).

* Fix(ci): Specify spectral:oas ruleset for OpenAPI validation (MP-8)

* Fix(ci): Remove explicit ruleset argument for Spectral validation (MP-8)

* Fix(ci): Added a .spectral.yaml file to fix Spectral linting errors. Corrected markdown lint issues in two documentation files. Updated README.md with a new guidelines section to fix link validation errors.

* Fix(ci): Markdownlint errors were fixed by adding required blank lines. The Guidelines Validation error was resolved by updating the README.md link. The API Documentation Generator workflow was stabilized by updating paths, tasks, and validation steps.

* Fix(ci): Alle vier fehlerhaften GitHub-Action-Prüfungen wurden behoben. Fehler in der OpenAPI-Spezifikation, Probleme mit der Markdown-Linting-Analyse und Validierungsfehler bei Querverweisen wurden korrigiert. Die README.md enthält nun alle erforderlichen Links zu den Richtlinien.

* Fix(ci): Markdown linting errors in docs/api/README.md were fixed by specifying languages in fenced code blocks. OpenAPI specification errors in documentation.yaml were resolved by correcting example property types to strings. Cross-reference validation errors in README.md were fixed by adding the missing link to project-standards/coding-standards.md.

* Fix(ci): Duplicate heading errors in docs/api/members-api.md were fixed. Cross-reference validation errors for docker-architecture.md were resolved. All originally reported issues passed validation successfully.

* Fix(ci): The markdown heading levels in docs/api/members-api.md were corrected from h5 to h4 to fix linting errors. The missing cross-reference link from technology-guides/docker/docker-development.md to docker-overview.md was added. These fixes resolved the original validation and linting errors causing the process to fail.

* Fix(ci): Duplicate heading warnings in docs/api/members-api.md were resolved. Cross-reference validation for docker-development.md to docker-architecture.md was fixed. A new unrelated warning about docker-production.md was identified but not addressed.

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): Simplify CI pipeline and migrate docs to YouTrack SSoT

BREAKING CHANGE: Documentation structure radically simplified

- Consolidate 9 GitHub Actions workflows into 1 main pipeline (ci-main.yml)
- Remove redundant workflows: ci-docs, markdownlint-autofix, guidelines-validation, api-docs
- Delete documentation migrated to YouTrack: api/, BCs/, Visionen-Ideen/, reference/, now/, overview/
- Keep only ADRs, C4 diagrams, and essential dev guides in repo
- Update README.md with YouTrack KB links
- Create new docs/README.md as documentation gateway
- Relax markdown-lint config for pragmatic developer experience

Kept workflows:
- ssot-guard.yml (Docker SSoT validation)
- docs-kdoc-sync.yml (KDoc → YouTrack sync)
- integration-tests.yml (Integration tests)
- deploy-proxmox.yml (Deployment)
- youtrack-sync.yml (YouTrack integration)

Related: MP-DOCS-001

* refactor(ci,docs): README.md und einige andere Dokumentationen überarbeitet.
ports-and-urls.md hinzugefügt.
Related: MP-DOCS-001

* refactor(ci,docs): Die Markdownlint-Fehler in README.md und docs/README.md wurden behoben, indem die Überschriftenebenen angepasst, überflüssige Satzzeichen am Ende entfernt und die notwendigen Leerzeilen um Überschriften, Listen, Tabellen und Codeblöcke eingefügt wurden. Das problematische Leerzeichen am Ende in docs/README.md wurde ebenfalls entfernt. Die Dateien entsprechen nun den vorgegebenen Markdownlint-Regeln und sollten die CI-Validierung bestehen.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Docker guideline cross-references were fixed and normalized to lowercase labels. Validation scripts confirmed zero cross-reference warnings and consistent metadata. Documentation was updated with a changelog and enhanced README navigation.
Related: MP-DOCS-001

* refactor(ci,docs): Dead links in docs/architecture/adr were fixed by updating URLs to stable sources and adding an ignore pattern for a placeholder link. Specific ADR files had their broken links replaced with valid ones. The markdown-link-check GitHub Action is expected to pass with zero dead links now.
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Links in ADR checked
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* refactor(ci,docs): Markdown Regeln ausgebessert
Related: MP-DOCS-001

* Chore: Rerun CI checks with updated branch protection rules
2025-11-07 12:26:33 +01:00

796 lines
31 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# ===================================================================
# Docker Consistency Validator
# Validates Dockerfiles and docker-compose files against docker/versions.toml
# ===================================================================
set -e
# Script directory and project root
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
DOCKER_DIR="$PROJECT_ROOT/docker"
VERSIONS_TOML="$DOCKER_DIR/versions.toml"
DOCKERFILES_DIR="$PROJECT_ROOT/dockerfiles"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Counters
ERRORS=0
WARNINGS=0
CHECKS_PASSED=0
# Function to print colored output
print_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
print_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
CHECKS_PASSED=$((CHECKS_PASSED + 1))
}
print_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
WARNINGS=$((WARNINGS + 1))
}
print_error() {
echo -e "${RED}[ERROR]${NC} $1"
ERRORS=$((ERRORS + 1))
}
# Function to extract version from TOML file (restricted to [versions])
get_version() {
local key=$1
awk -v k="$key" '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == k && $2 == "=" { v=$3; gsub(/"/,"",v); print v; exit }
' "$VERSIONS_TOML" || echo ""
}
# Function to get valid ARG names from TOML
get_valid_args() {
# Extract all version keys from [versions] section
awk '/^\[versions\]/,/^\[/ {if (/^[a-zA-Z].*= /) print $1}' "$VERSIONS_TOML" | grep -v "^\[" || true
# Extract all build-args from [build-args] section
awk '/^\[build-args\]/,/^\[/ {
# Extract tokens inside quotes across array lines
while (match($0, /"[A-Za-z0-9_]+"/)) {
token = substr($0, RSTART+1, RLENGTH-2)
print token
$0 = substr($0, RSTART+RLENGTH)
}
}' "$VERSIONS_TOML" || true
# Extract service ports
awk '/^\[service-ports\]/,/^\[/ {if (/^[a-zA-Z].*= /) print $1}' "$VERSIONS_TOML" | grep -v "^\[" || true
}
# Function to get environment variable mappings from TOML
get_env_mappings() {
awk '/^\[environment-mapping\]/,/^\[/ {
if (/^[a-zA-Z].*= /) {
key = $1
value = $3
gsub(/"/, "", value)
print key ":" value
}
}' "$VERSIONS_TOML" || true
}
# Function to validate Dockerfile ARGs
validate_dockerfile_args() {
local dockerfile=$1
local relative_path=${dockerfile#$PROJECT_ROOT/}
print_info "Validating Dockerfile: $relative_path"
if [[ ! -f "$dockerfile" ]]; then
print_error "Dockerfile not found: $relative_path"
return
fi
# Get all ARG declarations from Dockerfile (allow none without exiting)
local dockerfile_args=$({ grep "^ARG " "$dockerfile" || true; } | sed 's/^ARG //' | sed 's/=.*//' | sort -u)
# Get valid ARG names from TOML
local valid_args=$(get_valid_args | sort -u)
local has_errors=false
local has_centralized_args=false
# Check each ARG in Dockerfile
while IFS= read -r arg; do
[[ -z "$arg" ]] && continue
# Skip empty lines
if [[ -z "$arg" ]]; then
continue
fi
# Check if ARG is defined in versions.toml or is a standard Docker ARG
case "$arg" in
# Standard Docker build args
BUILDPLATFORM|TARGETPLATFORM|BUILDOS|TARGETOS|BUILDARCH|TARGETARCH)
print_success " ✓ Standard Docker ARG: $arg"
has_centralized_args=true
;;
# Application-specific args that should be centralized
GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE|SERVICE_PATH|SERVICE_NAME|SERVICE_PORT|CLIENT_PATH|CLIENT_MODULE|CLIENT_NAME)
if echo "$valid_args" | grep -q "^$arg$"; then
print_success " ✓ Centralized ARG: $arg"
has_centralized_args=true
else
print_warning " ⚠ ARG $arg should be defined in versions.toml"
fi
;;
# Runtime configuration args (acceptable)
APP_USER|APP_GROUP|APP_UID|APP_GID)
print_success " ✓ Runtime configuration ARG: $arg"
;;
*)
# Check if it's a version-related ARG that should be centralized
if [[ "$arg" =~ _(VERSION|PORT)$ ]] || [[ "$arg" =~ ^(DOCKER_|SERVICE_|CLIENT_) ]]; then
print_warning " ⚠ ARG $arg might need to be centralized in versions.toml"
else
print_success " ✓ Custom ARG: $arg"
fi
;;
esac
done <<< "$dockerfile_args"
# Check if Dockerfile uses centralized version management
if [[ "$has_centralized_args" == true ]]; then
print_success " ✓ Dockerfile uses centralized version management"
else
print_warning " ⚠ Dockerfile should use centralized ARGs from versions.toml"
fi
# Check for default assignments on centralized ARGs (forbidden)
local centralized_args_regex='^(GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE)='
local defaulted_args=$(grep -nE "^ARG ${centralized_args_regex}" "$dockerfile" || true)
if [[ -n "$defaulted_args" ]]; then
print_error " ❌ Centralized ARGs must not have default values in Dockerfiles:"
echo "$defaulted_args" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No default values set for centralized ARGs"
fi
# Check for hardcoded versions in ARG default values
local hardcoded_versions=$(grep -nE "^ARG [A-Z0-9_]+=.*(alpine|[0-9]+\.[0-9]+)" "$dockerfile" | grep -v "APP_" || true)
if [[ -n "$hardcoded_versions" ]]; then
print_error " ❌ Hardcoded versions found in ARG defaults (should use versions.toml):"
echo "$hardcoded_versions" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No hardcoded version literals in ARG defaults"
fi
}
# Function to validate docker-compose version references
validate_compose_versions() {
local compose_file=$1
local relative_path=${compose_file#$PROJECT_ROOT/}
print_info "Validating Docker Compose file: $relative_path"
if [[ ! -f "$compose_file" ]]; then
print_error "Compose file not found: $relative_path"
return
fi
# Get environment variable mappings
local env_mappings=$(get_env_mappings)
# 0) Fail on blank ARG values for critical build args
local blank_args=$(grep -nE '^[[:space:]]*(GRADLE_VERSION|JAVA_VERSION|NODE_VERSION|NGINX_VERSION|VERSION|SPRING_PROFILES_ACTIVE):[[:space:]]*$' "$compose_file" || true)
if [[ -n "$blank_args" ]]; then
print_error " ❌ Blank build args detected (must reference centralized DOCKER_* variables):"
echo "$blank_args" | while read -r line; do
print_error " $relative_path:$line"
done
else
print_success " ✓ No blank critical build args in compose file"
fi
# Enforce that critical build args map to centralized DOCKER_* variables (mapping style only)
# IMPORTANT: Only validate mappings inside build->args sections (not environment blocks)
local critical_vars=(GRADLE_VERSION JAVA_VERSION NODE_VERSION NGINX_VERSION VERSION SPRING_PROFILES_ACTIVE)
for v in "${critical_vars[@]}"; do
# Find mapping-style entries for VAR: value that are within an args: block
local mapping_lines=$(awk -v var="$v" '
{
line[NR] = $0
}
END {
for (i = 1; i <= NR; i++) {
if (line[i] ~ "^[[:space:]]*" var ":[[:space:]]*.+$") {
found = 0
# Look back up to 12 lines to see if we are under an args: section
for (j = i - 1; j >= 1 && j >= i - 12; j--) {
if (line[j] ~ /^[[:space:]]*args:[[:space:]]*$/) { found = 1; break }
if (line[j] ~ /^[[:space:]]*(environment|services|volumes|secrets|networks):/ ) { break }
}
if (found) { printf("%d:%s\n", i, line[i]) }
}
}
}' "$compose_file" || true)
if [[ -n "$mapping_lines" ]]; then
while IFS= read -r line; do
# Extract line number and content
local ln=$(echo "$line" | cut -d: -f1)
local content=$(echo "$line" | cut -d: -f2-)
# Ensure value uses ${DOCKER_*}
if echo "$content" | grep -q '\${DOCKER_'; then
: # OK
else
print_error "$v should reference centralized DOCKER_* variable in build args mapping (found: $content)"
print_error " $relative_path:$ln"
fi
done <<< "$mapping_lines"
fi
done
# 2a) Validate default fallbacks in ${DOCKER_*:-fallback} match SSoT values
# Build reverse mapping from environment-mapping (env var -> versions key)
declare -A env_to_version_key
while IFS=':' read -r toml_key env_var; do
[[ -z "$toml_key" || -z "$env_var" ]] && continue
case "$toml_key" in
gradle-version) env_to_version_key[$env_var]="gradle";;
java-version) env_to_version_key[$env_var]="java";;
node-version) env_to_version_key[$env_var]="node";;
nginx-version) env_to_version_key[$env_var]="nginx";;
postgres-version) env_to_version_key[$env_var]="postgres";;
redis-version) env_to_version_key[$env_var]="redis";;
prometheus-version) env_to_version_key[$env_var]="prometheus";;
grafana-version) env_to_version_key[$env_var]="grafana";;
keycloak-version) env_to_version_key[$env_var]="keycloak";;
consul-version) env_to_version_key[$env_var]="consul";;
zookeeper-version) env_to_version_key[$env_var]="zookeeper";;
kafka-version) env_to_version_key[$env_var]="kafka";;
spring-profiles-default) env_to_version_key[$env_var]="spring-profiles-default";;
spring-profiles-docker) env_to_version_key[$env_var]="spring-profiles-docker";;
app-version) env_to_version_key[$env_var]="app-version";;
esac
done <<< "$env_mappings"
# Find occurrences with explicit default fallbacks
local fallback_lines=$(grep -nE '\${DOCKER_[A-Z0-9_]+:-[^}]+' "$compose_file" || true)
if [[ -n "$fallback_lines" ]]; then
while IFS= read -r ln; do
[[ -z "$ln" ]] && continue
local num=$(echo "$ln" | cut -d: -f1)
local text=$(echo "$ln" | cut -d: -f2-)
# Extract var name and fallback
local var=$(echo "$text" | sed -n 's/.*${\([A-Z0-9_]\+\):-\([^}][^}]*\)}.*/\1/p')
local fallback=$(echo "$text" | sed -n 's/.*${\([A-Z0-9_]\+\):-\([^}][^}]*\)}.*/\2/p')
if [[ -z "$var" || -z "$fallback" ]]; then
continue
fi
local key=${env_to_version_key[$var]}
if [[ -z "$key" ]]; then
# Not a centralized version/profile var, ignore
continue
fi
local expected=$(get_version "$key")
if [[ -z "$expected" ]]; then
print_warning " ⚠ No SSoT value for $var (key: $key) to compare fallback against"
continue
fi
if [[ "$fallback" != "$expected" ]]; then
print_error " ❌ Outdated default fallback for $var in ${relative_path}:${num} — found '$fallback', expected '$expected' from versions.toml ($key)"
else
print_success " ✓ Fallback for $var matches SSoT ($expected)"
fi
done <<< "$fallback_lines"
fi
# Check for version references in compose file
local version_refs=$(grep -o '\${DOCKER_[^}]*}' "$compose_file" | sort -u || true)
if [[ -z "$version_refs" ]]; then
print_warning " ⚠ No centralized version references found"
# do not return; still check for hardcoded images
else
# Validate each version reference
while IFS= read -r ref; do
[[ -z "$ref" ]] && continue
local var_name=${ref#\$\{}
var_name=${var_name%\}}
# Strip any default fallback (:-value) from the variable name
var_name=${var_name%%:-*}
# Check if mapping exists in TOML
local mapping_found=false
while IFS=':' read -r toml_key env_var; do
if [[ "$env_var" == "$var_name" ]]; then
mapping_found=true
local toml_version=$(get_version "$toml_key")
if [[ -n "$toml_version" ]]; then
print_success " ✓ Version reference $ref maps to $toml_key = $toml_version"
else
print_error " ❌ TOML key $toml_key has no value"
fi
break
fi
done <<< "$env_mappings"
if [[ "$mapping_found" == false ]]; then
print_warning " ⚠ Version reference $ref has no mapping in environment-mapping section"
fi
done <<< "$version_refs"
fi
# Check for hardcoded image versions
local hardcoded_images=$(grep -E "image:.*:[0-9]" "$compose_file" | grep -v "\${" || true)
if [[ -n "$hardcoded_images" ]]; then
print_error " ❌ Hardcoded image versions found:"
echo "$hardcoded_images" | while read -r line; do
print_error " $line"
done
else
print_success " ✓ No hardcoded image versions found"
fi
}
# Function to validate port consistency
validate_port_consistency() {
print_info "Validating port consistency..."
# Get ports from TOML
local toml_ports=$(awk '/^\[service-ports\]/,/^\[/ {
if (/^[a-zA-Z].*= [0-9]/) {
service = $1
port = $3
print service ":" port
}
}' "$VERSIONS_TOML")
# Check docker-compose files for port consistency
local compose_files=("docker-compose.yml" "docker-compose.services.yml" "docker-compose.clients.yml")
for compose_file in "${compose_files[@]}"; do
local full_path="$PROJECT_ROOT/$compose_file"
if [[ -f "$full_path" ]]; then
# Extract port mappings from compose file
local compose_ports=$(grep -E "- \".*:[0-9]+\"" "$full_path" | sed 's/.*- "\([^"]*\)".*/\1/' || true)
# Compare with TOML ports
while IFS=':' read -r service expected_port; do
[[ -z "$service" ]] && continue
# Convert service name for grep (handle different naming conventions)
local service_pattern="$service"
case "$service" in
"api-gateway") service_pattern="api-gateway" ;;
"ping-service") service_pattern="ping-service" ;;
*) ;;
esac
# Check if service exists in compose file and port matches
if grep -q "$service_pattern" "$full_path"; then
local found_port=$(echo "$compose_ports" | grep ":$expected_port" | head -1 || true)
if [[ -n "$found_port" ]]; then
print_success " ✓ Port consistency for $service: $expected_port"
else
print_warning " ⚠ Port mismatch for $service (expected: $expected_port)"
fi
fi
done <<< "$toml_ports"
fi
done
}
# Function to validate build args environment files
validate_build_args_files() {
# Skip when running env-less mode
if [[ "${DOCKER_SSOT_MODE:-compat}" == "envless" ]]; then
print_info "Env-less mode active → skipping build-args/*.env validation"
print_success " ✓ Skipped: build-args env files not required in env-less mode"
return
fi
print_info "Validating build-args environment files..."
local build_args_files=("global.env" "services.env" "infrastructure.env" "clients.env")
for env_file in "${build_args_files[@]}"; do
local full_path="$DOCKER_DIR/build-args/$env_file"
if [[ -f "$full_path" ]]; then
print_success " ✓ Build args file exists: $env_file"
# Check if file is not empty
if [[ -s "$full_path" ]]; then
print_success " ✓ Build args file is not empty: $env_file"
else
print_warning " ⚠ Build args file is empty: $env_file"
fi
# 1) Ensure only valid lines: comments, blanks, or key=value
local invalid_lines=$(grep -n -vE '^(#|\s*$|[A-Za-z_][A-Za-z0-9_]*=)' "$full_path" || true)
if [[ -n "$invalid_lines" ]]; then
print_error " ❌ Invalid lines (must be key=value or comment):"
echo "$invalid_lines" | while read -r line; do
print_error " $env_file:$line"
done
else
print_success " ✓ Format OK (only key=value/comments) in $env_file"
fi
# 2) No bare placeholder like `DOCKER_XYZ` without value
local bare_docker=$(grep -nE '^DOCKER_[A-Z0-9_]+$' "$full_path" || true)
if [[ -n "$bare_docker" ]]; then
print_error " ❌ Bare DOCKER_* placeholders without values found:"
echo "$bare_docker" | while read -r line; do
print_error " $env_file:$line"
done
else
print_success " ✓ No bare DOCKER_* placeholders in $env_file"
fi
# 3) Policy: Only global.env may contain DOCKER_* keys
local docker_keys_count=$(grep -E '^DOCKER_[A-Z0-9_]+' "$full_path" | wc -l || echo "0")
if [[ "$env_file" == "global.env" ]]; then
if [[ "$docker_keys_count" -gt 0 ]]; then
print_success " ✓ DOCKER_* variables present only in global.env ($docker_keys_count found)"
else
print_warning " ⚠ Expected some DOCKER_* variables in global.env (prometheus/grafana/keycloak, etc.)"
fi
# Required keys in global.env
for key in GRADLE_VERSION JAVA_VERSION VERSION; do
if grep -q "^$key=" "$full_path"; then
print_success "$key present in global.env"
else
print_error " ❌ Missing $key in global.env"
fi
done
else
if [[ "$docker_keys_count" -gt 0 ]]; then
print_error " ❌ DOCKER_* variables must not be present in $env_file (keep them centralized in global.env)"
else
print_success " ✓ No centralized DOCKER_* vars in $env_file (as expected)"
fi
fi
# 4) Ban DOCKER_APP_VERSION in any build-args env (it is mapped from VERSION at runtime)
if grep -q '^DOCKER_APP_VERSION=' "$full_path"; then
print_error " ❌ DOCKER_APP_VERSION should not be defined in build-args files (mapped from VERSION in docker-build.sh)"
fi
else
print_error " ❌ Build args file missing: $env_file"
fi
done
}
# Additional drift-detection helpers
# Get a port value from [service-ports] in versions.toml
get_toml_port() {
local service_key=$1
awk -v key="$service_key" '
/^\[service-ports\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $1 == key { print $3; exit }
' "$VERSIONS_TOML" || echo ""
}
# Validate equality between versions.toml and build-args env files (key-to-key)
validate_env_value_equality() {
# Skip when running env-less mode (no build-args/*.env are authoritative)
if [[ "${DOCKER_SSOT_MODE:-compat}" == "envless" ]]; then
print_info "Env-less mode active → skipping TOML↔env value equality check"
print_success " ✓ Skipped: values derive directly from versions.toml at runtime"
return
fi
print_info "Validating value equality between versions.toml and build-args envs..."
local has_diff=false
# Internal helper for comparing a TOML key to an env key within a given file
_check_env_pair() {
local env_file=$1
local env_key=$2
local toml_key=$3
local expected
local actual
local path="$DOCKER_DIR/build-args/$env_file"
if [[ ! -f "$path" ]]; then
print_error " ❌ Missing env file: $env_file"
has_diff=true
return
fi
# Expected from TOML
expected=$(get_version "$toml_key")
# Fallback: try service-ports lookup for any matching key if not found in [versions]
if [[ -z "$expected" ]]; then
local port_lookup=$(get_toml_port "$toml_key")
if [[ -n "$port_lookup" ]]; then
expected="$port_lookup"
fi
fi
# Actual from env file
actual=$(grep -E "^${env_key}=" "$path" | head -1 | sed 's/^[^=]*=//')
if [[ -z "$expected" ]]; then
print_warning " ⚠ TOML key '$toml_key' returned no value (check versions.toml)"
return
fi
if [[ -z "$actual" ]]; then
print_error "$env_file missing $env_key (expected $expected)"
has_diff=true
return
fi
if [[ "$expected" != "$actual" ]]; then
print_error " ❌ Mismatch in $env_file: $env_key='$actual' != $toml_key='$expected'"
has_diff=true
else
print_success "$env_file: $env_key matches $toml_key ($expected)"
fi
}
# global.env mappings
_check_env_pair "global.env" "GRADLE_VERSION" "gradle"
_check_env_pair "global.env" "JAVA_VERSION" "java"
_check_env_pair "global.env" "VERSION" "app-version"
_check_env_pair "global.env" "DOCKER_PROMETHEUS_VERSION" "prometheus"
_check_env_pair "global.env" "DOCKER_GRAFANA_VERSION" "grafana"
_check_env_pair "global.env" "DOCKER_KEYCLOAK_VERSION" "keycloak"
# clients.env mappings
_check_env_pair "clients.env" "NODE_VERSION" "node"
_check_env_pair "clients.env" "NGINX_VERSION" "nginx"
_check_env_pair "clients.env" "APP_VERSION" "app-version"
# Ports for clients (map to [service-ports])
_check_env_pair "clients.env" "WEB_APP_PORT" "web-app"
_check_env_pair "clients.env" "DESKTOP_APP_VNC_PORT" "desktop-app-vnc"
_check_env_pair "clients.env" "DESKTOP_APP_NOVNC_PORT" "desktop-app-novnc"
# services.env mappings
_check_env_pair "services.env" "SPRING_PROFILES_ACTIVE" "spring-profiles-docker"
_check_env_pair "services.env" "PING_SERVICE_PORT" "ping-service"
_check_env_pair "services.env" "MEMBERS_SERVICE_PORT" "members-service"
_check_env_pair "services.env" "HORSES_SERVICE_PORT" "horses-service"
_check_env_pair "services.env" "EVENTS_SERVICE_PORT" "events-service"
_check_env_pair "services.env" "MASTERDATA_SERVICE_PORT" "masterdata-service"
# infrastructure.env mappings
_check_env_pair "infrastructure.env" "SPRING_PROFILES_ACTIVE" "spring-profiles-default"
_check_env_pair "infrastructure.env" "GATEWAY_PORT" "api-gateway"
_check_env_pair "infrastructure.env" "AUTH_SERVER_PORT" "auth-server"
_check_env_pair "infrastructure.env" "MONITORING_SERVER_PORT" "monitoring-server"
if [[ "$has_diff" == false ]]; then
print_success "Environment files are fully synchronized with versions.toml"
fi
}
# Scan for free-floating version strings outside controlled files
scan_free_floating_versions() {
print_info "Scanning for free-floating version literals outside SSoT-managed files..."
# Collect version values from [versions]
local version_values
version_values=$(awk '
/^\[versions\]/ { in_section=1; next }
/^\[/ { if (in_section) exit; in_section=0 }
in_section && $2 == "=" { v=$3; gsub(/"/,"",v); if (v ~ /[\.-]/) print v }
' "$VERSIONS_TOML" )
local found_any=false
while IFS= read -r val; do
[[ -z "$val" ]] && continue
# search occurrences excluding controlled locations
local hits
# Use find to avoid non-portable grep --exclude flags (BusyBox compatibility)
hits=$(
find "$PROJECT_ROOT" -type f \
-not -path "*/.git/*" \
-not -path "*/build/*" \
-not -path "*/.gradle/*" \
-not -path "*/node_modules/*" \
-not -path "*/dist/*" \
-not -path "*/out/*" \
-not -path "*/target/*" \
-not -path "$PROJECT_ROOT/README.md" \
-not -path "$PROJECT_ROOT/docker/versions.toml" \
-not -path "$PROJECT_ROOT/docker/build-args/global.env" \
-not -path "$PROJECT_ROOT/docker/build-args/services.env" \
-not -path "$PROJECT_ROOT/docker/build-args/clients.env" \
-not -path "$PROJECT_ROOT/docker/build-args/infrastructure.env" \
-not -name "docker-compose*.yml" \
-not -name "docker-compose*.yml.optimized" \
-not -path "$PROJECT_ROOT/scripts/generate-compose-files.sh" \
-not -path "$PROJECT_ROOT/scripts/docker-versions-update.sh" \
-print0 \
| while IFS= read -r -d '' f; do
grep -nF -- "$val" "$f" || true
done
)
if [[ -n "$hits" ]]; then
found_any=true
print_warning " ⚠ Detected occurrences of version literal '$val' outside controlled files:"
echo "$hits" | sed 's/^/ /'
fi
done <<< "$version_values"
# Generic pattern scan for suspicious literals (best-effort; warnings only)
local generic
# Portable generic scan using find + grep (avoid non-POSIX grep options)
generic=$(\
find "$PROJECT_ROOT" -type f \
-not -path "*/.git/*" \
-not -path "*/build/*" \
-not -path "*/.gradle/*" \
-not -path "*/node_modules/*" \
-not -path "*/dist/*" \
-not -path "*/out/*" \
-not -path "*/target/*" \
-not -path "$PROJECT_ROOT/docker/versions.toml" \
-not -name "docker-compose*.yml" \
-not -name "docker-compose*.yml.optimized" \
-not -path "$PROJECT_ROOT/docker/build-args/global.env" \
-not -path "$PROJECT_ROOT/docker/build-args/services.env" \
-not -path "$PROJECT_ROOT/docker/build-args/clients.env" \
-not -path "$PROJECT_ROOT/docker/build-args/infrastructure.env" \
-not -path "$PROJECT_ROOT/scripts/generate-compose-files.sh" \
-not -path "$PROJECT_ROOT/scripts/docker-versions-update.sh" \
-not -path "$PROJECT_ROOT/README.md" \
-print0 \
| xargs -0 -r grep -nE -- '(^|[^0-9])([0-9]+\.[0-9]+\.[0-9]+([a-zA-Z0-9._-]+)?)' 2>/dev/null \
| head -n 200 || true)
if [[ -n "$generic" ]]; then
found_any=true
print_warning " ⚠ Generic version-like strings found (review for potential drift):"
echo "$generic" | sed 's/^/ /'
fi
if [[ "$found_any" == false ]]; then
print_success " ✓ No free-floating version literals detected"
fi
}
# Function to show validation summary
show_summary() {
echo ""
echo "==============================================="
echo "Docker Consistency Validation Summary"
echo "==============================================="
echo -e "${GREEN}Checks Passed: $CHECKS_PASSED${NC}"
echo -e "${YELLOW}Warnings: $WARNINGS${NC}"
echo -e "${RED}Errors: $ERRORS${NC}"
echo "==============================================="
if [[ $ERRORS -eq 0 ]]; then
if [[ $WARNINGS -eq 0 ]]; then
print_success "All consistency checks passed! ✨"
return 0
else
print_warning "Validation completed with warnings. Consider addressing them for optimal consistency."
return 0
fi
else
print_error "Validation failed with $ERRORS errors. Please fix them before proceeding."
return 1
fi
}
# Function to show help
show_help() {
echo "Docker Consistency Validator"
echo ""
echo "Usage: $0 [COMMAND]"
echo ""
echo "Commands:"
echo " all Run all validation checks (default)"
echo " dockerfiles Validate Dockerfile ARG declarations"
echo " compose Validate docker-compose version references"
echo " ports Validate port consistency"
echo " build-args Validate build-args environment files"
echo ""
echo "Examples:"
echo " $0 # Run all validations"
echo " $0 dockerfiles # Validate only Dockerfiles"
echo " $0 compose # Validate only compose files"
echo " $0 ports # Validate only port consistency"
}
# Main execution
main() {
# Check if versions.toml exists
if [[ ! -f "$VERSIONS_TOML" ]]; then
print_error "Versions file not found: $VERSIONS_TOML"
exit 1
fi
local command=${1:-all}
print_info "Docker Consistency Validation - Starting..."
print_info "Versions file: $VERSIONS_TOML"
echo ""
case $command in
"all")
# Validate Dockerfiles
find "$DOCKERFILES_DIR" -name "Dockerfile" -type f | while read -r dockerfile; do
validate_dockerfile_args "$dockerfile"
echo ""
done
# Validate docker-compose files (including optimized variants)
for compose_file in docker-compose*.yml docker-compose*.yml.optimized; do
if [[ -f "$PROJECT_ROOT/$compose_file" ]]; then
validate_compose_versions "$PROJECT_ROOT/$compose_file"
echo ""
fi
done
# Validate port consistency
validate_port_consistency
echo ""
# Validate build args files
validate_build_args_files
echo ""
# Validate value equality between versions.toml and build-args envs
validate_env_value_equality
echo ""
# Scan repository for free-floating version literals
scan_free_floating_versions
;;
"dockerfiles")
find "$DOCKERFILES_DIR" -name "Dockerfile" -type f | while read -r dockerfile; do
validate_dockerfile_args "$dockerfile"
echo ""
done
;;
"compose")
for compose_file in docker-compose*.yml docker-compose*.yml.optimized; do
if [[ -f "$PROJECT_ROOT/$compose_file" ]]; then
validate_compose_versions "$PROJECT_ROOT/$compose_file"
echo ""
fi
done
;;
"ports")
validate_port_consistency
;;
"build-args")
validate_build_args_files
;;
"-h"|"--help"|"help")
show_help
exit 0
;;
*)
print_error "Unknown command: $command"
show_help
exit 1
;;
esac
show_summary
}
# Run main function with all arguments
main "$@"
Reference in New Issue View Git Blame Copy Permalink