Merge branch 'ci-megalinter3' into 'master'

Megalinter checks

See merge request !52

.gitlab-ci.yml

+---
+mega-linter:
+  cache:
+    key: megalinter-cache
+    paths:
+      - /root/.cache
+  image:
+    name: oxsecurity/megalinter:v8
+  script:
+    - "true"
+  variables:
+    DEFAULT_WORKSPACE: "$CI_PROJECT_DIR"
+  artifacts:
+    when: always
+    paths:
+      - megalinter-reports

.mega-linter.yaml

+---
+DISABLE:
+  - COPYPASTE
+  - SPELL
+
+DISABLE_LINTERS:
+  # can't be configured (bugs), too many checks
+  - REPOSITORY_KICS
+  # can't be configured
+  - REPOSITORY_TRIVY
+  # usage problems (https://github.com/prettier/prettier/issues/6069)
+  - YAML_PRETTIER
+  # problem with schemas
+  - YAML_V8R
+  # requires terraform files, but without directories selection
+  - TERRAFORM_TERRASCAN
+
+ANSIBLE_ANSIBLE_LINT_PRE_COMMANDS:
+  # workaround the problem with non-blocking console in ansible linter
+  - command: "sed -i 's/^\\(\\s*check_blocking_io()\\)/# \\1/' /venvs/ansible-lint/lib/python*/site-packages/ansible/cli/__init__.py"
+    run_before_linters: true
+  # debugging the problem with non-blocking console in ansible linter
+  - command: &unblock >
+      python3 -c
+      'import os;
+      [print("console %d blocking: %s -> True" % (i, os.get_blocking(i))) for i in range(0, 3)];
+      [os.set_blocking(i, True) for i in range(0, 3)];
+      '
+    run_before_linters: true
+
+# yaml[octal-values]: bug
+ANSIBLE_ANSIBLE_LINT_ARGUMENTS: >-
+  -x yaml[octal-values]
+  --exclude .ansible/roles/
+  --exclude megalinter-reports/
+  --exclude */deployments/*.yaml
+  --exclude */playbooks/files/calico.yaml
+  --exclude */terraform/cloud-init.yaml
+
+# H006: do not force image aspect ratio
+# H030: meta description
+# H031: meta keywords
+HTML_DJLINT_ARGUMENTS: --ignore H006,H030,H031
+
+# B105:hardcoded_password_string: false positive
+# B404:blacklist: subprocess needed
+# B603:subprocess_without_shell_equals_true: needed
+PYTHON_BANDIT_ARGUMENTS: --skip B105,B404,B603
+
+# Unable to import 'requests' (import-error)
+PYTHON_PYLINT_ARGUMENTS: --disable=import-error
+
+# CKV2_ANSIBLE_1 (http): local comunication
+# CKV_OPENSTACK_2: useless check
+# CKV_SECRET_6 (base64): weird useless check
+# XXX: jupyterhub-jwt.yaml
+REPOSITORY_CHECKOV_ARGUMENTS: >-
+  --skip-check CKV2_ANSIBLE_1,CKV_OPENSTACK_2,CKV_SECRET_6
+  --skip-path /.*/playbooks/files/(jupyterhub-jwt|calico).yaml
+  --skip-path /.*/playbooks/upgrade.yaml
+
+# DS126858 (algorithm): false positive, used as images tag
+# DS137138 (http): local communication
+# DS169125 (ssl): protocol actually banned
+# DS169126 (ssl): protocol actually banned
+REPOSITORY_DEVSKIM_ARGUMENTS: >-
+  --ignore-globs **/.ansible/**,**/.git/**,**/playbooks/files/calico.yaml
+  --ignore-rule-ids DS126858,DS137138,DS169125,DS169126
+
+# no check for terraform plugins
+REPOSITORY_GRYPE_ARGUMENTS: --exclude ./*/terraform/**
+
+# terraform_unused_declarations: common variables file
+# terraform_required_providers: common requirements file
+# terraform_required_version: common requirements file
+TERRAFORM_TFLINT_ARGUMENTS: >-
+  --disable-rule=terraform_unused_declarations
+  --disable-rule=terraform_required_providers
+  --disable-rule=terraform_required_version
+
+YAML_PRETTIER_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*)\.yaml$
+
+YAML_YAMLLINT_FILTER_REGEX_EXCLUDE: ^[^/]*/(deployments/.*|playbooks/files/calico|terraform/cloud-init)\.yaml$|^common/playbooks/templates/nexus/.*\.yaml$
+
+FILTER_REGEX_EXCLUDE: ^.*\.swp|\.ansible/.*$

common/playbooks/files/egi-replay-privacy-policy.html

 <!DOCTYPE html>
-<html>
+<html lang="en">
   <head>
     <meta charset="utf-8" />
 
@@ -332,7 +332,7 @@
                 EGI Foundation is conforming to GEANT Code of Conduct and your
                 personal data will be processed in accordance with the
                 <a
-                  href="http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
+                  href="https://www.geant.net/uri/dataprotection-code-of-conduct/v1"
                   >Code of Conduct for Service Providers</a
                 >
                 and the

common/playbooks/files/egi-replay-terms-of-use.html

 <!DOCTYPE html>
-<html>
+<html lang="en">
   <head>
     <meta charset="utf-8" />
 

egi-devel/deployments/hub.yaml

@@ -410,7 +410,8 @@ hub:
           <div class="accordion" id="b2drop-accordion">
             <div class="accordion-item">
               <h2 class="accordion-header id="headingOne">
-                <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOne" aria-expanded="true" aria-controls="collapseOne">
+                <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#collapseOne"
+                        aria-expanded="true" aria-controls="collapseOne">
                   B2DROP connection
                   {%if b2drop_ready %}<span class="label label-success">Already configured!</span>{% endif %}
                 </button>

envri-hub/deployments/envri-templates/egi-login.html

@@ -20,7 +20,7 @@
     {% block main_intro %}
     <h1><img alt="Notebooks Logo" src="{{ static_url('images/egi-icon-notebooks.svg') }}" height="100">Notebooks</h1>
     <p>
-    Notebooks is an environment based on <a href="http://jupyter.org/">Jupyter</a> and
+    Notebooks is an environment based on <a href="https://jupyter.org/">Jupyter</a> and
     the <a href="https://www.egi.eu/services/cloud-compute/">EGI cloud service</a> that
     offers a browser-based, scalable tool for interactive data analysis. The Notebooks
     environment provides users with notebooks where they can combine text, mathematics,

envri-hub/deployments/envri-templates/page.html

@@ -74,7 +74,6 @@ body {
 </style>
 {% endblock %}
 
-
 {% block title %}ENVRI-Hub NEXT {{ service_name }}{% endblock %}
 
 {% block logo %}