Enforce a standard YAML format

.github/workflows/check-yaml-format.yaml

@@ -0,0 +1,28 @@
+name: Validate PR - YAML Format
+on:
+  pull_request:
+    branches: [main]
+jobs:
+  go:
+    name: Check Buildah Remote
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Generate buildah remote
+        run: |
+          ./hack/generate-buildah-remote.sh
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
+      - name: Format YAML
+        run: |
+          go install github.com/google/yamlfmt/cmd/[email protected]
+          yamlfmt .
+      - name: Check YAML Formatted
+        run: |
+          if [[ ! -z $(git status -s) ]]
+          then
+            echo "YAML format is not up to date, run 'go install github.com/google/yamlfmt/cmd/[email protected] && yamlfmt .'"
+            echo " If you have modified the buildah task you may also need to run ./hack/generate-buildah-remote.sh"
+            git --no-pager diff
+            exit 1
+          fi

.github/workflows/shellspec.yaml

@@ -1,28 +1,21 @@
----
 name: Shellspec Tests
-
 "on":
   pull_request:
     branches:
       - main
   push:
     branches:
       - main
-
 jobs:
   Shellspec:
-
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-
       - uses: jerop/[email protected]
         with:
           version: v0.32.2
-
       - name: Shellspec
         run: hack/test-shellspec.sh

.tekton/pull-request.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
@@ -47,8 +46,8 @@ spec:
           - name: shared-workspace
             workspace: workspace
         params:
-        - name: args
-          value: [".", "-c", "/workspace/shared-workspace/source/.yamllint"]
+          - name: args
+            value: [".", "-c", "/workspace/shared-workspace/source/.yamllint"]
       - name: sast-snyk-check
         params:
           - name: SNYK_SECRET
@@ -167,9 +166,9 @@ spec:
                   subPath: .dockerconfigjson
                   name: quay-secret
           volumes:
-          - name: quay-secret
-            secret:
-              secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
+            - name: quay-secret
+              secret:
+                secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
           workspaces:
             - name: source
       - name: e2e-tests

.tekton/push.yaml

@@ -1,4 +1,3 @@
----
 apiVersion: tekton.dev/v1
 kind: PipelineRun
 metadata:
@@ -84,9 +83,9 @@ spec:
                   subPath: .dockerconfigjson
                   name: quay-secret
           volumes:
-          - name: quay-secret
-            secret:
-              secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
+            - name: quay-secret
+              secret:
+                secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
           workspaces:
             - name: source
       - name: update-infra-repo
@@ -113,9 +112,9 @@ spec:
             - name: artifacts
               description: Workspace containing arbitrary artifacts used during the task run.
           volumes:
-          - name: quay-secret
-            secret:
-              secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
+            - name: quay-secret
+              secret:
+                secretName: redhat-appstudio-tekton-catalog-build-definitions-pull-secret
           steps:
             - name: build-bundles
               image: quay.io/redhat-appstudio/appstudio-utils:{{ revision }}

.tekton/tasks/buildah.yaml

@@ -10,90 +10,90 @@ spec:
     Buildah task builds source into a container image and then pushes it to a container registry.
     Buildah Task builds source into a container image using Project Atomic's Buildah build tool.It uses Buildah's support for building from Dockerfiles, using its buildah build command.This command executes the directives in the Dockerfile to assemble a container image, then pushes that image to a container registry.
   params:
-  - description: Reference of the image buildah will produce.
-    name: IMAGE
-    type: string
-  - default: registry.access.redhat.com/ubi8/buildah@sha256:31f84b19a0774be7cfad751be38fc97f5e86cefd26e0abaec8047ddc650b00bf
-    # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
-    # the cluster will set imagePullPolicy to IfNotPresent
-    # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
-    description: The location of the buildah builder image.
-    name: BUILDER_IMAGE
-    type: string
-  - default: vfs
-    description: Set buildah storage driver
-    name: STORAGE_DRIVER
-    type: string
-  - default: ./Dockerfile
-    description: Path to the Dockerfile to build.
-    name: DOCKERFILE
-    type: string
-  - default: .
-    description: Path to the directory to use as context.
-    name: CONTEXT
-    type: string
-  - default: "true"
-    description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
-    name: TLSVERIFY
-    type: string
-  - default: oci
-    description: The format of the built container, oci or docker
-    name: FORMAT
-    type: string
+    - description: Reference of the image buildah will produce.
+      name: IMAGE
+      type: string
+    - default: registry.access.redhat.com/ubi8/buildah@sha256:31f84b19a0774be7cfad751be38fc97f5e86cefd26e0abaec8047ddc650b00bf
+      # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
+      # the cluster will set imagePullPolicy to IfNotPresent
+      # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
+      description: The location of the buildah builder image.
+      name: BUILDER_IMAGE
+      type: string
+    - default: vfs
+      description: Set buildah storage driver
+      name: STORAGE_DRIVER
+      type: string
+    - default: ./Dockerfile
+      description: Path to the Dockerfile to build.
+      name: DOCKERFILE
+      type: string
+    - default: .
+      description: Path to the directory to use as context.
+      name: CONTEXT
+      type: string
+    - default: "true"
+      description: Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)
+      name: TLSVERIFY
+      type: string
+    - default: oci
+      description: The format of the built container, oci or docker
+      name: FORMAT
+      type: string
   results:
-  - description: Digest of the image just built
-    name: IMAGE_DIGEST
-  - description: Image repository where the built image was pushed
-    name: IMAGE_URL
+    - description: Digest of the image just built
+      name: IMAGE_DIGEST
+    - description: Image repository where the built image was pushed
+      name: IMAGE_URL
   steps:
-  - image: $(params.BUILDER_IMAGE)
-    # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
-    # the cluster will set imagePullPolicy to IfNotPresent; our default param above specifies a digest
-    # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
-    name: build
-    computeResources:
-      limits:
-        memory: 2Gi
-      requests:
-        memory: 512Mi
-        cpu: 10m
-    script: |
-      buildah --storage-driver=$(params.STORAGE_DRIVER) build \
-        --format=$(params.FORMAT) \
-        --tls-verify=$(params.TLSVERIFY) --no-cache \
-        -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
-    securityContext:
-      capabilities:
-        add:
-          - SETFCAP
-    volumeMounts:
-    - mountPath: /var/lib/containers
-      name: varlibcontainers
-    workingDir: $(workspaces.source.path)/source
-  - image: $(params.BUILDER_IMAGE)
-    name: push
-    computeResources: {}
-    script: |
-      buildah --storage-driver=$(params.STORAGE_DRIVER) push \
-        --tls-verify=$(params.TLSVERIFY) \
-        --digestfile $(workspaces.source.path)/source/image-digest $(params.IMAGE) \
-        docker://$(params.IMAGE)
-    volumeMounts:
-    - mountPath: /var/lib/containers
-      name: varlibcontainers
-    securityContext:
-      capabilities:
-        add:
-          - SETFCAP
-    workingDir: $(workspaces.source.path)/source
-  - image: $(params.BUILDER_IMAGE)
-    name: digest-to-results
-    computeResources: {}
-    script: |
-      cat "$(workspaces.source.path)"/source/image-digest | tee $(results.IMAGE_DIGEST.path)
-      echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)
+    - image: $(params.BUILDER_IMAGE)
+      # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting
+      # the cluster will set imagePullPolicy to IfNotPresent; our default param above specifies a digest
+      # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.
+      name: build
+      computeResources:
+        limits:
+          memory: 2Gi
+        requests:
+          memory: 512Mi
+          cpu: 10m
+      script: |
+        buildah --storage-driver=$(params.STORAGE_DRIVER) build \
+          --format=$(params.FORMAT) \
+          --tls-verify=$(params.TLSVERIFY) --no-cache \
+          -f $(params.DOCKERFILE) -t $(params.IMAGE) $(params.CONTEXT)
+      securityContext:
+        capabilities:
+          add:
+            - SETFCAP
+      volumeMounts:
+        - mountPath: /var/lib/containers
+          name: varlibcontainers
+      workingDir: $(workspaces.source.path)/source
+    - image: $(params.BUILDER_IMAGE)
+      name: push
+      computeResources: {}
+      script: |
+        buildah --storage-driver=$(params.STORAGE_DRIVER) push \
+          --tls-verify=$(params.TLSVERIFY) \
+          --digestfile $(workspaces.source.path)/source/image-digest $(params.IMAGE) \
+          docker://$(params.IMAGE)
+      volumeMounts:
+        - mountPath: /var/lib/containers
+          name: varlibcontainers
+      securityContext:
+        capabilities:
+          add:
+            - SETFCAP
+      workingDir: $(workspaces.source.path)/source
+    - image: $(params.BUILDER_IMAGE)
+      name: digest-to-results
+      computeResources: {}
+      script: |
+        cat "$(workspaces.source.path)"/source/image-digest | tee $(results.IMAGE_DIGEST.path)
+        echo -n "$(params.IMAGE)" | tee $(results.IMAGE_URL.path)
   volumes:
-  - emptyDir: {}
-    name: varlibcontainers
+    - emptyDir: {}
+      name: varlibcontainers
   workspaces:
-  - name: source
+    - name: source

.tekton/tasks/e2e-test.yaml

@@ -21,25 +21,22 @@ spec:
       image: quay.io/redhat-appstudio/e2e-tests:327e55dbfa361d32689037180b5e44e963079c9e
       # a la infra-deployment updates, when PRs merge in e2e-tests, PRs will be opened
       # against build-definitions to update this tag
-      args: [
-        "--ginkgo.label-filter=build-templates-e2e",
-        "--ginkgo.no-color"
-      ]
+      args: ["--ginkgo.label-filter=build-templates-e2e", "--ginkgo.no-color"]
       securityContext:
         runAsUser: 1000
       env:
-      - name: APP_SUFFIX
-        value: "$(params.app_suffix)"
-      - name: COMPONENT_REPO_URLS
-        value: "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic,https://github.com/redhat-appstudio-qe/retrodep,https://github.com/cachito-testing/pip-e2e-test,https://github.com/redhat-appstudio-qe/fbc-sample-repo,https://github.com/redhat-appstudio-qe/nodejs-no-dockerfile,https://github.com/redhat-appstudio-qe/maven-hello-world"
-      - name: QUAY_E2E_ORGANIZATION
-        value: redhat-appstudio
-      - name: E2E_APPLICATIONS_NAMESPACE
-        value: "$(params.e2e_test_namespace)"
-      - name: GITHUB_TOKEN
-        valueFrom:
-          secretKeyRef:
-            name: github
-            key: token
-      - name: MY_GITHUB_ORG
-        value: redhat-appstudio-appdata
+        - name: APP_SUFFIX
+          value: "$(params.app_suffix)"
+        - name: COMPONENT_REPO_URLS
+          value: "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic,https://github.com/redhat-appstudio-qe/retrodep,https://github.com/cachito-testing/pip-e2e-test,https://github.com/redhat-appstudio-qe/fbc-sample-repo,https://github.com/redhat-appstudio-qe/nodejs-no-dockerfile,https://github.com/redhat-appstudio-qe/maven-hello-world"
+        - name: QUAY_E2E_ORGANIZATION
+          value: redhat-appstudio
+        - name: E2E_APPLICATIONS_NAMESPACE
+          value: "$(params.e2e_test_namespace)"
+        - name: GITHUB_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: github
+              key: token
+        - name: MY_GITHUB_ORG
+          value: redhat-appstudio-appdata