Skip to content

Lint (Go and Rust) #75445

Lint (Go and Rust)

Lint (Go and Rust) #75445

Workflow file for this run

name: Lint (Go)
run-name: Lint (Go and Rust)
on:
pull_request:
merge_group:
jobs:
changes:
name: Check for relevant changes
runs-on: ubuntu-latest
permissions:
pull-requests: read
outputs:
has_go: ${{ steps.changes.outputs.has_go }}
has_rust: ${{ steps.changes.outputs.has_rust }}
steps:
- name: Checkout
if: ${{ github.event_name == 'merge_group' }}
uses: actions/checkout@v4
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
with:
base: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }}
ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }}
filters: |
has_go:
- '.github/workflows/lint.yaml'
- '**.go'
- 'go.mod'
- 'go.sum'
- 'build.assets/Makefile'
- 'build.assets/Dockerfile*'
- 'Makefile'
- '.golangci.yml'
has_rust:
- '.github/workflows/lint.yaml'
- '**.rs'
- 'Cargo.toml'
- 'Cargo.lock'
- 'build.assets/versions.mk'
- 'Makefile'
has_proto:
# workflow changes
- '.github/workflows/lint.yaml'
# proto files or buf changes
- 'go.mod'
- 'go.sum'
- 'api/proto/**'
- 'proto/**'
# operator protoc generator change
- 'integrations/operator/crdgen'
# terraform protoc generator changes
- 'integrations/terraform/go.mod'
- 'integrations/terraform/gen/docs.sh'
- 'integrations/terraform/protoc-gen-terraform-*'
- 'integrations/terraform/Makefile'
- 'integrations/terraform/examples/**'
- 'integrations/terraform/templates/**'
lint-go:
name: Lint (Go)
needs: changes
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_go == 'true' }}
runs-on: ubuntu-22.04-16core
permissions:
contents: read
container:
image: ghcr.io/gravitational/teleport-buildbox:teleport17
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run `go mod tidy`
run: rm go.sum api/go.sum && go mod tidy && (cd api && go mod tidy)
- name: Check for no changes after `go mod tidy`
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $( realpath . ) && git diff --exit-code -- go.mod go.sum api/go.mod api/go.sum
- name: Set linter versions
run: |
echo GOLANGCI_LINT_VERSION=$(cd build.assets; make print-golangci-lint-version) >> $GITHUB_ENV
- name: Print linter versions
run: |
echo "GOLANGCI_LINT_VERSION=$GOLANGCI_LINT_VERSION"
# Run various golangci-lint checks.
# TODO(codingllama): Using go.work could save a bunch of repetition here.
- name: golangci-lint (api)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: api
args: --out-format=colored-line-number
skip-cache: true
- name: golangci-lint (teleport)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
args: --out-format=colored-line-number --build-tags libfido2,piv
skip-cache: true
- name: golangci-lint (assets/backport)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: assets/backport
args: --out-format=colored-line-number
skip-cache: true
- name: golangci-lint (build.assets/tooling)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: build.assets/tooling
args: --out-format=colored-line-number
skip-cache: true
- name: golangci-lint (integrations/terraform)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: integrations/terraform
args: --out-format=colored-line-number
skip-cache: true
- name: golangci-lint (integrations/event-handler)
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: ${{ env.GOLANGCI_LINT_VERSION }}
working-directory: integrations/event-handler
args: --out-format=colored-line-number
skip-cache: true
- name: Run (non-action) linters
run: make lint-no-actions
- name: Check if derived functions are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make derive-up-to-date
lint-rust:
name: Lint (Rust)
runs-on: ubuntu-22.04
needs: changes
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_rust == 'true' }}
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set Rust version
run: echo "RUST_VERSION=$(make -s -C build.assets print-rust-version)" >> $GITHUB_ENV
- name: Set up Rust
run: |
echo "Setting up Rust version ${RUST_VERSION}"
rustup toolchain install ${RUST_VERSION} --component rustfmt,clippy
rustup override set ${RUST_VERSION}
rustc --version
cargo --version
rustfmt --version
cargo clippy --version
- name: Run Rust linters
run: make lint-rust
lint-proto:
name: Lint (Proto)
needs: changes
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_proto == 'true' }}
runs-on: ubuntu-22.04-16core
permissions:
contents: read
container:
image: ghcr.io/gravitational/teleport-buildbox:teleport17
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set linter versions
run: |
echo BUF_VERSION=$(cd build.assets; make print-buf-version) >> $GITHUB_ENV
- name: Print linter versions
run: |
echo "BUF_VERSION=$BUF_VERSION"
- uses: bufbuild/buf-setup-action@35c243d7f2a909b1d4e40399b348a7fdab27d78d # v1.34.0
with:
github_token: ${{ github.token }}
version: ${{ env.BUF_VERSION }}
- uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1
- name: buf breaking from parent to self
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4
with:
against: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}'
- name: buf breaking from self to master
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4
if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }}
with:
input: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=master'
against: '.'
- name: Check if protos are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host
- name: Check if Operator CRDs are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date
- name: Check if Terraform resources are up to date
# We have to add the current directory as a safe directory or else git commands will not work as expected.
run: git config --global --add safe.directory $(realpath .) && make terraform-resources-up-to-date