chore: format yaml files

h4x3rotab · h4x3rotab · commit 172b1a26a57e · 2025-08-08T21:56:15.000Z
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -106,4 +106,4 @@ body:
       description: Does this bug have security implications?
       options:
         - label: This bug has security implications (please also email dstack@phala.network)
-          required: false
+          required: false
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -11,4 +11,4 @@ contact_links:
     about: Check the official Dstack documentation
   - name: ❓ GitHub Discussions
     url: https://github.com/Dstack-TEE/dstack-examples/discussions
-    about: Ask questions and discuss ideas with the community
+    about: Ask questions and discuss ideas with the community
diff --git a/.github/ISSUE_TEMPLATE/documentation.yml b/.github/ISSUE_TEMPLATE/documentation.yml
@@ -90,4 +90,4 @@ body:
       label: Contribution
       options:
         - label: I'm willing to submit a PR to fix this documentation issue
-          required: false
+          required: false
diff --git a/.github/ISSUE_TEMPLATE/example_submission.yml b/.github/ISSUE_TEMPLATE/example_submission.yml
@@ -140,4 +140,4 @@ body:
         - Special considerations
         - Future improvements planned
         - Related examples
-        - etc.
+        - etc.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -91,4 +91,4 @@ body:
         - label: I can provide testing and feedback
           required: false
         - label: I can help with documentation
-          required: false
+          required: false
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -2,9 +2,9 @@ name: Security Scan
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
   schedule:
     # Run security scan weekly
     - cron: '0 2 * * 1'
@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      
+
       - name: Run TruffleHog OSS
         uses: trufflesecurity/trufflehog@main
         with:
@@ -35,25 +35,25 @@ jobs:
       - name: Scan for vulnerable dependencies
         run: |
           echo "Scanning for vulnerable dependencies..."
-          
+
           # Find all package.json files
           find . -name "package.json" -not -path "./node_modules/*" | while read -r package_file; do
             echo "Scanning: $package_file"
             dir=$(dirname "$package_file")
-            
+
             if command -v npm >/dev/null 2>&1; then
               cd "$dir"
               npm audit --audit-level=high || echo "❌ Vulnerabilities found in $package_file"
               cd - > /dev/null
             fi
           done
-          
+
           # Find all requirements.txt files
           find . -name "requirements.txt" -not -path "./venv/*" | while read -r req_file; do
             echo "Found Python requirements: $req_file"
             echo "⚠️ Consider using 'pip-audit' for Python dependency scanning"
           done
-          
+
           # Find all go.mod files
           find . -name "go.mod" | while read -r go_file; do
             echo "Found Go module: $go_file"
@@ -89,35 +89,35 @@ jobs:
       - name: Security check for Docker Compose files
         run: |
           echo "Checking Docker Compose files for security issues..."
-          
+
           # Find all docker-compose files
           find . -name "docker-compose.y*ml" | while read -r compose_file; do
             echo "Checking: $compose_file"
-            
+
             # Check for privileged containers
             if grep -q "privileged.*true" "$compose_file"; then
               echo "❌ Privileged container found in: $compose_file"
             fi
-            
+
             # Check for host network mode
             if grep -q "network_mode.*host" "$compose_file"; then
               echo "⚠️ Host network mode found in: $compose_file"
             fi
-            
+
             # Check for dangerous volume mounts
             if grep -q "/var/run/docker.sock" "$compose_file"; then
               echo "❌ Docker socket mount found in: $compose_file"
             fi
-            
+
             if grep -q ":/proc" "$compose_file"; then
               echo "⚠️ /proc mount found in: $compose_file"
             fi
-            
+
             # Check for exposed sensitive ports
             if grep -E "ports:.*:(22|3306|5432|6379|27017|9200)" "$compose_file"; then
               echo "⚠️ Sensitive ports exposed in: $compose_file"
             fi
-            
+
             # Check for missing restart policies
             if ! grep -q "restart:" "$compose_file"; then
               echo "ℹ️ No restart policy specified in: $compose_file"
@@ -149,20 +149,20 @@ jobs:
     needs: [secret-scan, dependency-scan, dockerfile-scan, compose-security, code-security]
     if: always()
     name: Security Summary
-    
+
     steps:
       - name: Security Scan Summary
         run: |
           echo "## Security Scan Results" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          
+
           # Check job results
           secret_result="${{ needs.secret-scan.result }}"
           dependency_result="${{ needs.dependency-scan.result }}"
           dockerfile_result="${{ needs.dockerfile-scan.result }}"
           compose_result="${{ needs.compose-security.result }}"
           code_result="${{ needs.code-security.result }}"
-          
+
           echo "| Security Check | Status |" >> $GITHUB_STEP_SUMMARY
           echo "|----------------|--------|" >> $GITHUB_STEP_SUMMARY
           echo "| Secret Detection | $secret_result |" >> $GITHUB_STEP_SUMMARY
@@ -171,10 +171,10 @@ jobs:
           echo "| Compose Security | $compose_result |" >> $GITHUB_STEP_SUMMARY
           echo "| Code Analysis | $code_result |" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          
+
           # Overall status
           if [[ "$secret_result $dependency_result $dockerfile_result $compose_result $code_result" == *"failure"* ]]; then
             echo "🔴 **Security issues detected!** Please review the scan results." >> $GITHUB_STEP_SUMMARY
           else
             echo "🟢 **All security scans passed successfully.**" >> $GITHUB_STEP_SUMMARY
-          fi
+          fi
diff --git a/.github/workflows/validate-examples.yml b/.github/workflows/validate-examples.yml
@@ -2,9 +2,9 @@ name: Validate Examples
 
 on:
   push:
-    branches: [ main, develop ]
+    branches: [main, develop]
   pull_request:
-    branches: [ main, develop ]
+    branches: [main, develop]
   schedule:
     # Run weekly to catch dependency issues
     - cron: '0 0 * * 0'
@@ -40,21 +40,21 @@ jobs:
       matrix:
         example: ${{ fromJson(needs.detect-changes.outputs.examples) }}
       fail-fast: false
-    
+
     steps:
       - uses: actions/checkout@v4
 
       - name: Validate example structure
         run: |
           example="${{ matrix.example }}"
           echo "Validating structure for: $example"
-          
+
           # Check if directory exists
           if [ ! -d "$example" ]; then
             echo "❌ Example directory does not exist: $example"
             exit 1
           fi
-          
+
           # Check for required files
           required_files=("README.md")
           for file in "${required_files[@]}"; do
@@ -63,15 +63,14 @@ jobs:
               exit 1
             fi
           done
-          
+
           # Check for docker-compose file
           if [ ! -f "$example/docker-compose.yml" ] && [ ! -f "$example/docker-compose.yaml" ]; then
             echo "❌ Missing docker-compose file in: $example"
             exit 1
           fi
-          
-          echo "✅ Structure validation passed for: $example"
 
+          echo "✅ Structure validation passed for: $example"
 
   validate-docker-compose:
     runs-on: ubuntu-latest
@@ -81,17 +80,17 @@ jobs:
       matrix:
         example: ${{ fromJson(needs.detect-changes.outputs.examples) }}
       fail-fast: false
-    
+
     steps:
       - uses: actions/checkout@v4
 
       - name: Validate Docker Compose files
         run: |
           example="${{ matrix.example }}"
           echo "Validating Docker Compose for: $example"
-          
+
           cd "$example"
-          
+
           # Find docker-compose file
           compose_file=""
           if [ -f "docker-compose.yml" ]; then
@@ -102,13 +101,13 @@ jobs:
             echo "❌ No docker-compose file found in: $example"
             exit 1
           fi
-          
+
           # Validate compose file syntax
           if ! docker compose -f "$compose_file" config > /dev/null; then
             echo "❌ Invalid docker-compose syntax in: $example/$compose_file"
             exit 1
           fi
-          
+
           echo "✅ Docker Compose validation passed for: $example"
 
   security-scan:
@@ -119,30 +118,30 @@ jobs:
       matrix:
         example: ${{ fromJson(needs.detect-changes.outputs.examples) }}
       fail-fast: false
-    
+
     steps:
       - uses: actions/checkout@v4
 
       - name: Security scan
         run: |
           example="${{ matrix.example }}"
           echo "Running security scan for: $example"
-          
+
           # Check for common security issues
           security_issues=0
-          
+
           # Check for hardcoded secrets (basic patterns)
           if grep -r -i -E "(password|secret|key|token).*=.*['\"][^'\"]{8,}['\"]" "$example/" 2>/dev/null; then
             echo "⚠️ Potential hardcoded secrets found in: $example"
             security_issues=$((security_issues + 1))
           fi
-          
+
           # Check for exposed sensitive ports
           if grep -E "ports:.*:(22|3306|5432|6379|27017)" "$example"/*.yml "$example"/*.yaml 2>/dev/null; then
             echo "⚠️ Potentially sensitive ports exposed in: $example"
             security_issues=$((security_issues + 1))
           fi
-          
+
           if [ $security_issues -gt 0 ]; then
             echo "⚠️ Security scan completed with $security_issues potential issues in: $example"
           else
@@ -153,28 +152,28 @@ jobs:
     runs-on: ubuntu-latest
     needs: [detect-changes, validate-structure, validate-docker-compose, security-scan]
     if: always()
-    
+
     steps:
       - name: Validation Summary
         run: |
           echo "## Validation Summary" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
-          
+
           examples="${{ needs.detect-changes.outputs.examples }}"
           if [ "$examples" == "[]" ] || [ "$examples" == "" ]; then
             echo "No examples were modified or detected for validation." >> $GITHUB_STEP_SUMMARY
           else
             echo "Validated examples: $examples" >> $GITHUB_STEP_SUMMARY
             echo "" >> $GITHUB_STEP_SUMMARY
-            
+
             # Check job results
             structure_result="${{ needs.validate-structure.result }}"
             compose_result="${{ needs.validate-docker-compose.result }}"
             security_result="${{ needs.security-scan.result }}"
-            
+
             echo "| Check | Status |" >> $GITHUB_STEP_SUMMARY
             echo "|-------|--------|" >> $GITHUB_STEP_SUMMARY
             echo "| Structure | $structure_result |" >> $GITHUB_STEP_SUMMARY
             echo "| Docker Compose | $compose_result |" >> $GITHUB_STEP_SUMMARY
             echo "| Security Scan | $security_result |" >> $GITHUB_STEP_SUMMARY
-          fi
+          fi
diff --git a/.yamlfmt b/.yamlfmt
@@ -0,0 +1,8 @@
+formatter:
+  type: basic
+  retain_line_breaks: true
+  trim_trailing_whitespace: true
+  scan_folded_as_literal: true
+  include_document_start: false
+  line_ending: lf
+  indent: 2
diff --git a/lightclient/docker-compose.yml b/lightclient/docker-compose.yml
@@ -33,7 +33,7 @@ configs:
 
       # Let it sync #TODO do this smarter
       sleep 5
-      
+
       # Then run some queries. This would be a good place to run an api server.
       # Cast <-> Helios <-> Untrusted RPCs
       cast block --rpc-url=localhost:8545 | tee response.txt
@@ -43,6 +43,6 @@ configs:
       PAYLOAD="{\"report_data\": \"$$(echo -n $$HASH | od -A n -t x1 | tr -d ' \n')\"}"
       ATTEST=$$(curl -X POST --unix-socket /var/run/tappd.sock -d "$$PAYLOAD" http://localhost/prpc/Tappd.TdxQuote?json)
       # TODO: Fallback to the dummy remote attestation
-      
+
       echo ATTEST=$${ATTEST} >> response.txt
       cat response.txt
diff --git a/timelock-nts/docker-compose.yml b/timelock-nts/docker-compose.yml
@@ -16,19 +16,19 @@ services:
 
 configs:
   run.sh:
-    content: |
+    content: |-
       #!/bin/bash
       key=$$(openssl genpkey -algorithm Ed25519)
       echo "Public Key:"; echo "$$key" | openssl pkey -pubout
-      
+
       # Get timestamp from cloudflare and add 5 minutes
       get_time() { ntpdate -4q time.cloudflare.com 2>/dev/null | head -1 | cut -d' ' -f1,2 | date +%s -f -; }
       deadline=$$(($$(get_time) + 300))
       deadline_str=$$(date -d @$${deadline})
       echo "Release: $$deadline_str"
 
       # Fetch the quote
-      get_quote() {         
+      get_quote() {
          PAYLOAD="{\"report_data\": \"$$(echo -n $$1 | od -A n -t x1 | tr -d ' \n')\"}"
          curl -X POST --unix-socket /var/run/tappd.sock -d "$$PAYLOAD" http://localhost/prpc/Tappd.TdxQuote?json
       }
