Pick up some of the shared workflows (sigstore#1490)

* Use a shared action for dumping KinD diagnostics and DO NOT SUBMIT. We've been using this downstream, and it is a nice way of getting a whole bunch of information from the KinD cluster on failures to debug things. Signed-off-by: Matt Moore <[email protected]> * Add the nodiff action to the party Signed-off-by: Matt Moore <[email protected]> * Start to consume the whitespace actions Signed-off-by: Matt Moore <[email protected]> * Start to consume the go formatting actions Signed-off-by: Matt Moore <[email protected]> * Pin SHAs Signed-off-by: Matt Moore <[email protected]> * Add dependabot config for bumping actions Signed-off-by: Matt Moore <[email protected]> * Add newline at EOF Signed-off-by: Matt Moore <[email protected]>
hatmarch · Apr 19, 2022 · b8e54fc · b8e54fc
1 parent 48ef7c6
commit b8e54fc
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 181 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -20,3 +20,7 @@ updates:
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "daily"
diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml
@@ -17,39 +17,4 @@ jobs:
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
 
       - name: Do Not Submit
-        shell: bash
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          cd "${GITHUB_WORKSPACE}" || exit 1
-
-          TEMP_PATH="$(mktemp -d)"
-          PATH="${TEMP_PATH}:$PATH"
-
-          echo '::group::🐶 Installing reviewdog v0.13.1 ... https://github.com/reviewdog/reviewdog'
-          reviewdog_sha='08a5a323939101195af1d420ab6be3a50ec12f58e3419e3fcd07b6871f0b9a7e'
-          curl -s -L https://github.com/reviewdog/reviewdog/releases/download/v0.13.1/reviewdog_0.13.1_Linux_x86_64.tar.gz --output "${TEMP_PATH}/reviewdog.tar.gz"
-          echo '::group::🐶 Verifying checksum of download'
-          computed_sha=`sha256sum ${TEMP_PATH}/reviewdog.tar.gz|cut -d ' ' -f 1`
-          if [[ $reviewdog_sha != $computed_sha ]]; then
-            echo '::group::🐶 Failed to verify checksum, exiting!'
-            exit 1
-          fi
-          echo '::group::🐶 Checksum verified successfully, extracting reviewdog'
-          tar zxf "${TEMP_PATH}/reviewdog.tar.gz" -C ${TEMP_PATH} reviewdog
-          echo '::endgroup::'
-
-          echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...'
-          # Don't fail because of grep
-          set +o pipefail
-          find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' |
-          xargs grep -n "DO NOT SUBMIT" |
-          reviewdog -efm="%f:%l:%m" \
-                -name="DO NOT SUBMIT" \
-                -reporter="github-pr-check" \
-                -filter-mode="added" \
-                -fail-on-error="true" \
-                -level="error"
-
-          echo '::endgroup::'
+        uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main
diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml
@@ -193,24 +193,4 @@ jobs:
 
     - name: Collect diagnostics
       if: ${{ failure() }}
-      run: |
-        # Add more namespaces to dump here.
-        for ns in cosign-system; do
-          kubectl get pods -n${ns}
-
-          echo '::group:: describe'
-          kubectl describe pods -n${ns}
-          echo '::endgroup::'
-
-          for x in $(kubectl get pods -n${ns} -oname); do
-
-            echo "::group:: describe $x"
-            kubectl describe -n${ns} $x
-            echo '::endgroup::'
-
-            echo "::group:: $x logs"
-            kubectl logs -n${ns} $x --all-containers
-            echo '::endgroup::'
-
-          done
-        done
+      uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml
@@ -7,64 +7,34 @@ on:
 permissions: read-all
 
 jobs:
-  autoformat:
-    name: Auto-format and Check
+  gofmt:
+    name: check gofmt
     runs-on: ubuntu-latest
 
-    strategy:
-      fail-fast: false # Keep running if one leg fails.
-      matrix:
-        tool:
-          - goimports
-          - gofmt
-
-        include:
-        - tool: gofmt
-          options: -s
-        - tool: goimports
-          importpath: golang.org/x/tools/cmd/goimports
-
     steps:
-      - name: Set up Go 1.16.x
+      - name: Set up Go
         uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
         with:
           go-version: 1.16.x
-        id: go
 
       - name: Check out code
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
 
-      - name: Install Dependencies
-        if: ${{ matrix.importpath != '' }}
-        run: |
-          cd $(mktemp -d)
-          GO111MODULE=on go get ${{ matrix.importpath }}
+      - uses: chainguard-dev/actions/gofmt@84c993eaf02da1c325854fb272a4df9184bd80fc # main
+        with:
+          args: -s
+
+  goimports:
+    name: check goimports
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
+        with:
+          go-version: 1.16.x
 
-      - name: ${{ matrix.tool }} ${{ matrix.options }}
-        shell: bash
-        run: >
-          ${{ matrix.tool }} ${{ matrix.options }} -w
-          $(find .
-          -path './vendor' -prune
-          -o -path './third_party' -prune
-          -o -name '*.pb.go' -prune
-          -o -name 'wire_gen.go' -prune
-          -o -type f -name '*.go' -print)
+      - name: Check out code
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
 
-      - name: Verify ${{ matrix.tool }}
-        shell: bash
-        run: |
-          # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/
-          # This is to leverage this workaround:
-          # https://github.com/actions/toolkit/issues/193#issuecomment-605394935
-          function urlencode() {
-            sed ':begin;$!N;s/\n/%0A/;tbegin'
-          }
-          if [[ $(git diff-index --name-only HEAD --) ]]; then
-              for x in $(git diff-index --name-only HEAD --); do
-                echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)"
-              done
-              echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}."
-              exit 1
-          fi
-          echo "${{ github.repository }} is formatted correctly."
+      - uses: chainguard-dev/actions/goimports@84c993eaf02da1c325854fb272a4df9184bd80fc # main
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -92,6 +92,10 @@ jobs:
       - name: Run end-to-end tests
         run: ./test/e2e_test.sh
 
+      - name: Collect diagnostics
+        if: ${{ failure() }}
+        uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
+
   e2e-windows-powershell-tests:
     name: Run PowerShell E2E tests
     runs-on: windows-latest

diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml
@@ -13,84 +13,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Set up Go 1.16.x
-        uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
-        with:
-          go-version: 1.16.x
-        id: go
-
       - name: Check out code
         uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0
 
-      - name: Install Tools
-        run: |
-          TEMP_PATH="$(mktemp -d)"
-          cd $TEMP_PATH
-          echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog'
-          curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1
-          echo '::endgroup::'
-          echo "${TEMP_PATH}" >> $GITHUB_PATH
-
-      - name: trailing whitespace
-        shell: bash
+      - uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main
         if: ${{ always() }}
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          cd "${GITHUB_WORKSPACE}" || exit 1
-          echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...'
-          # Don't fail because of grep
-          set +o pipefail
-          # Exclude generated and vendored files, plus some legacy
-          # paths until we update all .gitattributes
-          git ls-files |
-          git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
-          git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
-          grep -Ev '^(vendor/|third_party/|.git)' |
-          xargs grep -nE " +$" |
-          reviewdog -efm="%f:%l:%m" \
-                -name="trailing whitespace" \
-                -reporter="github-pr-check" \
-                -filter-mode="added" \
-                -fail-on-error="true" \
-                -level="error"
-          echo '::endgroup::'
 
-      - name: EOF newline
-        shell: bash
+      - uses: chainguard-dev/actions/eof-newline@84c993eaf02da1c325854fb272a4df9184bd80fc # main
         if: ${{ always() }}
-        env:
-          REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
-        run: |
-          set -e
-          cd "${GITHUB_WORKSPACE}" || exit 1
-          echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...'
-          # Don't fail because of misspell
-          set +o pipefail
-          # Lint exclude rule:
-          #  - nothing in vendor/
-          #  - nothing in third_party
-          #  - nothing in .git/
-          #  - nothing in pkg/cosign/tuf/repository
-          #  - no *.ai (Adobe Illustrator) files.
-          LINT_FILES=$(git ls-files |
-          git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
-          git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
-          grep -Ev '^(vendor/|third_party/|.git|pkg/cosign/tuf/repository/)' |
-          grep -v '\.ai$')
-          for x in $LINT_FILES; do
-            # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file
-            if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then
-              # We add 1 to `wc -l` here because of this limitation (from the man page):
-              # Characters beyond the final <newline> character will not be included in the line count.
-              echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline
-            fi
-          done |
-          reviewdog -efm="%f:%l: %m" \
-                -name="EOF Newline" \
-                -reporter="github-pr-check" \
-                -filter-mode="added" \
-                -fail-on-error="true" \
-                -level="error"
-          echo '::endgroup::'