Fix/introduce markdownlint (#472)

.devcontainer/devcontainer.json

@@ -35,7 +35,8 @@
 			"extensions": [
 				"golang.Go",
 				"ms-azuretools.vscode-docker",
-				"ms-kubernetes-tools.vscode-kubernetes-tools"
+				"ms-kubernetes-tools.vscode-kubernetes-tools",
+				"DavidAnson.vscode-markdownlint"
 			]
 		}
 	},
@@ -49,4 +50,4 @@
 		"ghcr.io/devcontainers/features/docker-in-docker:1": {},
 		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {}
 	}
-}
+}

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-# Contributing to Ratify 
+# Contributing to Ratify
 
 Welcome! We are very happy to accept community contributions to Ratify, whether those are [Pull Requests](#pull-requests), [Plugins](#plugins), [Feature Suggestions](#feature-suggestions) or [Bug Reports](#bug-reports)! Please note that by participating in this project, you agree to abide by the [Code of Conduct](./CODE_OF_CONDUCT.md), as well as the terms of the [CLA](#cla).
 
@@ -25,18 +25,20 @@ The Ratify project is composed of the following main components:
 ### Running the tests
 
 * You can use the following command to run the full Ratify test suite:
-    * `go test -v ./cmd/ratify` on Windows
-    * `make test` on Mac/Linux/WSL
+  * `go test -v ./cmd/ratify` on Windows
+  * `make test` on Mac/Linux/WSL
 
 ### Running the Ratify CLI
 
 * Once built run Ratify from the bin directory `./bin/ratify` for a list of the available commands.
 * For any command the `--help` argument can be passed for more information and a list of possible arguments.
 
 ### Debugging Ratify with VS Code
+
 Ratify can run through cli command or run as a http server. Create a [launch.json](https://code.visualstudio.com/docs/editor/debugging#_launch-configurations) file in the .vscode directory, then hit F5 to debug. Note the first debug session may take a few minutes to load, subsequent session will be much faster.
 
 Sample json for cli:
+
 ```json
 {
     "version": "0.2.0",
@@ -50,7 +52,9 @@ Sample json for cli:
     }]
 }
 ```
+
 Sample launch json for http server:
+
 ```json
 {
     "version": "0.2.0",
@@ -64,26 +68,32 @@ Sample launch json for http server:
     }]
 }
 ```
+
 Sample curl request to invoke Ratify endpoint:
 
-```
+```bash
 curl -X POST http://127.0.0.1:6001/ratify/gatekeeper/v1/verify -H "Content-Type: application/json" -d '{"apiVersion":"externaldata.gatekeeper.sh/v1alpha1","kind":"ProviderRequest","request":{"keys":["localhost:5000/net-monitor:v1"]}}'
 ```
+
 ### Test local changes in the k8s cluster scenario
+
 There are some changes that should be validated in a cluster scenario.
 Follow the steps below to build and deploy a Ratify image with your private changes:
 
 #### build an image with your local changes
-```
+
+```bash
 docker build -f httpserver/Dockerfile -t yourregistry/deislabs/ratify:yourtag .
 ```
 
 #### [Authenticate](https://docs.docker.com/engine/reference/commandline/login/#usage) with your registry,  and push the newly built image
-```
+
+```bash
 docker push yourregistry/deislabs/ratify:yourtag
 ```
 
 #### Update [values.yaml](https://github.com/deislabs/ratify/blob/main/charts/ratify/values.yaml) to pull from your registry, when reusing image tag, setting pull policy to "Always" ensures we are pull the new changes
+
 ```json
 image:
   repository: yourregistry/deislabs/ratify
@@ -92,11 +102,13 @@ image:
 ```
 
 ### Deploy from local helm chart
+
 Deploy using one of the following deployments.
 
 **Option 1**
 Client and server auth disabled
-```
+
+```bash
 helm install ratify ./charts/ratify --atomic
 ```
 
@@ -105,12 +117,13 @@ Client auth disabled and server auth enabled using self signed certificate
 
 1. Supply a certificate to use with Ratify (httpserver) or use the following script to create a self-signed certificate.
 
-```
-./scripts/generate-tls-cert.sh
-```
+    ```bash
+    ./scripts/generate-tls-cert.sh
+    ```
 
 2. Deploy using a certificate
-```
+
+```bash
 helm install ratify ./charts/ratify \
     --set provider.auth="tls" \
     --set provider.tls.skipVerify=false \
@@ -123,9 +136,9 @@ helm install ratify ./charts/ratify \
 **Option 3**
 Client auth disabled and server auth enabled using a secret
 
-*Note: There must be an existing secret in the 'default' namespace named 'ratify-cert-secret'.*
+>Note: There must be an existing secret in the 'default' namespace named 'ratify-cert-secret'.*
 
-```
+```bash
 # Example secret schema
 apiVersion: v1
 kind: Secret
@@ -136,9 +149,9 @@ data:
     tls.key: <base64 key value>
 ```
 
-*Note: The 'provider.tls.cabundle' must be supplied. Update the path or send in a base64 encoded value.*
+>Note: The 'provider.tls.cabundle' must be supplied. Update the path or send in a base64 encoded value.*
 
-```
+```bash
 helm install ratify ./charts/ratify \
     --set provider.auth="tls" \
     --set provider.tls.skipVerify=false \
@@ -149,8 +162,9 @@ helm install ratify ./charts/ratify \
 **Option 4**
 Client / Server auth enabled (mTLS)  
 
-*Note: Ratify and Gatekeeper must be installed in the same namespace which allows Ratify access to Gatekeepers CA certificate. The Ratify certificate must have a CN and subjectAltName name which matches the namespace of Gatekeeper and Ratify. For example, if installed to the namespace 'gatekeeper-system', the CN and subjectAltName should be 'ratify.gatekeeper-system'*
-```
+>Note: Ratify and Gatekeeper must be installed in the same namespace which allows Ratify access to Gatekeepers CA certificate. The Ratify certificate must have a CN and subjectAltName name which matches the namespace of Gatekeeper and Ratify. For example, if installed to the namespace 'gatekeeper-system', the CN and subjectAltName should be 'ratify.gatekeeper-system'*
+
+```bash
 helm install ratify ./charts/ratify \
     --namespace gatekeeper-system \
     --set provider.auth="mtls" \
@@ -196,7 +210,7 @@ If you'd like to contribute to the collection of plugins:
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
-the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+the rights to use your contribution. For details, visit <https://cla.opensource.microsoft.com>.
 
 When you submit a pull request, a CLA bot will automatically determine whether you need to provide
 a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions

README.md

@@ -21,7 +21,7 @@ by its developers, nor is it "supported" software.
 
 ## Community meetings
 
-- Agenda: https://hackmd.io/ABueHjizRz2iFQpWnQrnNA
+- Agenda: <https://hackmd.io/ABueHjizRz2iFQpWnQrnNA>
 - We hold a weekly Ratify community meeting with alternating times to accommodate more time zones.
 Series #1 Tues 4-5pm
 Series #2 Wed 1-2pm
@@ -31,7 +31,7 @@ Get Ratify Community Meeting Calendar [here](https://calendar.google.com/calenda
 
 ## Quick Start
 
-Try out ratify in Kuberenetes through Gatekeeper as the admission controller.
+Try out ratify in Kubernetes through Gatekeeper as the admission controller.
 
 Prerequisite: Kubernetes v1.20 or higher
 
@@ -64,7 +64,7 @@ Once the installation is completed, you can test the deployment of an image that
 
 - This will successfully create the pod `demo`
 
-```bash=
+```bash
 kubectl run demo --image=wabbitnetworks.azurecr.io/test/net-monitor:signed
 kubectl get pods demo
 ```
@@ -73,21 +73,21 @@ Optionally you can see the output of the pod logs via: `kubectl logs demo`
 
 - Now deploy an unsigned image
 
-```bash=
+```bash
 kubectl run demo1 --image=wabbitnetworks.azurecr.io/test/net-monitor:unsigned
 ```
 
 You will see a deny message from Gatekeeper denying the request to create it as the image doesn't have any signatures.
 
-```bash=
+```bash
 Error from server (Forbidden): admission webhook "validation.gatekeeper.sh" denied the request: [ratify-constraint] Subject failed verification: wabbitnetworks.azurecr.io/test/net-monitor:unsigned
 ```
 
 You just validated the container images in your k8s cluster!
 
 - Uninstall Ratify
 
-```bash=
+```bash
 kubectl delete -f https://deislabs.github.io/ratify/library/default/template.yaml
 kubectl delete -f https://deislabs.github.io/ratify/library/default/samples/constraint.yaml
 helm delete ratify
@@ -126,4 +126,4 @@ This project is released under the [Apache-2.0 License](./LICENSE).
 
 This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark & Brand Guidelines][microsoft-trademark]. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
 
-[microsoft-trademark]: https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks
+[microsoft-trademark]: https://www.microsoft.com/legal/intellectualproperty/trademarks

RELEASES.md

@@ -6,21 +6,22 @@ This document describes the versioning scheme and release processes for Ratify.
 
 The specification release process was created using content and verbiage from the following specifications:
 
-   * [ORAS Artifact Specification Releases](https://github.com/oras-project/artifacts-spec/blob/main/RELEASES.md)
-   * [ORAS Developer Guide](https://github.com/oras-project/oras-www/blob/main/docs/CLI/5_developer_guide.md)
-   * [Mystikos Release Management](https://github.com/deislabs/mystikos/blob/main/doc/releasing.md)
-
+* [ORAS Artifact Specification Releases](https://github.com/oras-project/artifacts-spec/blob/main/RELEASES.md)
+* [ORAS Developer Guide](https://github.com/oras-project/oras-www/blob/main/docs/CLI/5_developer_guide.md)
+* [Mystikos Release Management](https://github.com/deislabs/mystikos/blob/main/doc/releasing.md)
 
 ## Versioning
 
 The Ratify project follows [semantic versioning](https://semver.org/) beginning with version `v0.1.0`.  Pre-release versions may be specified with a dash after the patch version and the following specifiers (in the order of release readiness):
+
 * `alpha1`, `alpha2`, etc.
 * `beta1`, `beta2`, etc.
 * `rc1`, `rc2`, `rc3`, etc.
 
 Example pre-release versions include `v0.1.0-alpha1`, `v0.1.0-beta2`, `v0.1.0-rc3`.  Pre-release versions are not required and stages can be bypassed (i.e. an `alpha` release does not require a `beta` release).  Pre-releases must be in order and gaps are not allowed (i.e. the only releases that can follow `rc1` are the full release or `rc2`).
 
 ## Pre Release Activity
+
  [Test.bats](test/bats/test.bats) provides limited end to end test coverage, while we are working on improving our coverage, please perform [manual validations](test/ManualValidation.md) to ensure release quality.
 
  Validate that the format of the data returned for external data calls has not changed. If it has changed update the version in `httpserver/types.go` to reflect a change in the format and document the update.
@@ -44,8 +45,9 @@ When a major release is required, the release commits should be merged with the
 ### Tag and Release
 
 When the release branch is ready, a tag should be pushed with a name matching the branch name, e.g. `git tag v0.1.0-alpha1` and `git push --tags`.  This will trigger a [Goreleaser](https://goreleaser.com/) action that will build the binaries and creates a [GitHub release](https://help.github.com/articles/creating-releases/):
+
 * The release will be marked as a draft to allow an final editing before publishing.
 * The release notes and other fields can edited after the action completes.  The description can be in Markdown.
 * The pre-release flag will be set for any release with a pre-release specifier.
 * The pre-built binaries are built from commit at the head of the release branch.
-    * The files are named `ratify_<major>-<minor>-<patch>_<OS>_<ARCH>` with `.zip` files for Windows and `.tar.gz` for all others.
+  * The files are named `ratify_<major>-<minor>-<patch>_<OS>_<ARCH>` with `.zip` files for Windows and `.tar.gz` for all others.

REVIEWING.md

@@ -60,10 +60,10 @@ Be trustworthy. During a review, your actions both build and help maintain the t
 
 Below are a set of common questions that apply to all pull requests:
 
-- [ ] Does the affected code have corresponding tests?
-- [ ] Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
-- [ ] Does this introduce breaking changes that would require an announcement or bumping the major version?
-- [ ] Does all new files have appropriate license header?
+* [ ] Does the affected code have corresponding tests?
+* [ ] Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
+* [ ] Does this introduce breaking changes that would require an announcement or bumping the major version?
+* [ ] Does all new files have appropriate license header?
 
 ## Reading List
 

SECURITY.md

@@ -1,6 +1,6 @@
 <!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
 
-## Security
+# Security
 
 Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 
@@ -12,19 +12,19 @@ If you believe you have found a security vulnerability in any Microsoft-owned re
 
 Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
 
-If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc).
 
-You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc).
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
-  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-  * Full paths of source file(s) related to the manifestation of the issue
-  * The location of the affected source code (tag/branch/commit or direct URL)
-  * Any special configuration required to reproduce the issue
-  * Step-by-step instructions to reproduce the issue
-  * Proof-of-concept or exploit code (if possible)
-  * Impact of the issue, including how an attacker might exploit the issue
+* Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
 
 This information will help us triage your report more quickly.
 
@@ -36,6 +36,6 @@ We prefer all communications to be in English.
 
 ## Policy
 
-Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd).
 
 <!-- END MICROSOFT SECURITY.MD BLOCK -->