Lint (Go and Rust) #75445
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint (Go) | |
run-name: Lint (Go and Rust) | |
on: | |
pull_request: | |
merge_group: | |
jobs: | |
changes: | |
name: Check for relevant changes | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
outputs: | |
has_go: ${{ steps.changes.outputs.has_go }} | |
has_rust: ${{ steps.changes.outputs.has_rust }} | |
steps: | |
- name: Checkout | |
if: ${{ github.event_name == 'merge_group' }} | |
uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: changes | |
with: | |
base: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }} | |
ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
filters: | | |
has_go: | |
- '.github/workflows/lint.yaml' | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- 'build.assets/Makefile' | |
- 'build.assets/Dockerfile*' | |
- 'Makefile' | |
- '.golangci.yml' | |
has_rust: | |
- '.github/workflows/lint.yaml' | |
- '**.rs' | |
- 'Cargo.toml' | |
- 'Cargo.lock' | |
- 'build.assets/versions.mk' | |
- 'Makefile' | |
has_proto: | |
# workflow changes | |
- '.github/workflows/lint.yaml' | |
# proto files or buf changes | |
- 'go.mod' | |
- 'go.sum' | |
- 'api/proto/**' | |
- 'proto/**' | |
# operator protoc generator change | |
- 'integrations/operator/crdgen' | |
# terraform protoc generator changes | |
- 'integrations/terraform/go.mod' | |
- 'integrations/terraform/gen/docs.sh' | |
- 'integrations/terraform/protoc-gen-terraform-*' | |
- 'integrations/terraform/Makefile' | |
- 'integrations/terraform/examples/**' | |
- 'integrations/terraform/templates/**' | |
lint-go: | |
name: Lint (Go) | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_go == 'true' }} | |
runs-on: ubuntu-22.04-16core | |
permissions: | |
contents: read | |
container: | |
image: ghcr.io/gravitational/teleport-buildbox:teleport17 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run `go mod tidy` | |
run: rm go.sum api/go.sum && go mod tidy && (cd api && go mod tidy) | |
- name: Check for no changes after `go mod tidy` | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $( realpath . ) && git diff --exit-code -- go.mod go.sum api/go.mod api/go.sum | |
- name: Set linter versions | |
run: | | |
echo GOLANGCI_LINT_VERSION=$(cd build.assets; make print-golangci-lint-version) >> $GITHUB_ENV | |
- name: Print linter versions | |
run: | | |
echo "GOLANGCI_LINT_VERSION=$GOLANGCI_LINT_VERSION" | |
# Run various golangci-lint checks. | |
# TODO(codingllama): Using go.work could save a bunch of repetition here. | |
- name: golangci-lint (api) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: api | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (teleport) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
args: --out-format=colored-line-number --build-tags libfido2,piv | |
skip-cache: true | |
- name: golangci-lint (assets/backport) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: assets/backport | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (build.assets/tooling) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: build.assets/tooling | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (integrations/terraform) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: integrations/terraform | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (integrations/event-handler) | |
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: integrations/event-handler | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: Run (non-action) linters | |
run: make lint-no-actions | |
- name: Check if derived functions are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make derive-up-to-date | |
lint-rust: | |
name: Lint (Rust) | |
runs-on: ubuntu-22.04 | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_rust == 'true' }} | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set Rust version | |
run: echo "RUST_VERSION=$(make -s -C build.assets print-rust-version)" >> $GITHUB_ENV | |
- name: Set up Rust | |
run: | | |
echo "Setting up Rust version ${RUST_VERSION}" | |
rustup toolchain install ${RUST_VERSION} --component rustfmt,clippy | |
rustup override set ${RUST_VERSION} | |
rustc --version | |
cargo --version | |
rustfmt --version | |
cargo clippy --version | |
- name: Run Rust linters | |
run: make lint-rust | |
lint-proto: | |
name: Lint (Proto) | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_proto == 'true' }} | |
runs-on: ubuntu-22.04-16core | |
permissions: | |
contents: read | |
container: | |
image: ghcr.io/gravitational/teleport-buildbox:teleport17 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set linter versions | |
run: | | |
echo BUF_VERSION=$(cd build.assets; make print-buf-version) >> $GITHUB_ENV | |
- name: Print linter versions | |
run: | | |
echo "BUF_VERSION=$BUF_VERSION" | |
- uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0 | |
with: | |
github_token: ${{ github.token }} | |
version: ${{ env.BUF_VERSION }} | |
- uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1 | |
- name: buf breaking from parent to self | |
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 | |
with: | |
against: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}' | |
- name: buf breaking from self to master | |
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 | |
if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }} | |
with: | |
input: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=master' | |
against: '.' | |
- name: Check if protos are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host | |
- name: Check if Operator CRDs are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date | |
- name: Check if Terraform resources are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make terraform-resources-up-to-date |