diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6eee16bb85dc..5ae0c3be2d37 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,3 +20,7 @@ updates: schedule: interval: daily open-pull-requests-limit: 10 +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 20db0f035cb2..1ceb52e01cf0 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -17,39 +17,4 @@ jobs: uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - name: Do Not Submit - shell: bash - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - TEMP_PATH="$(mktemp -d)" - PATH="${TEMP_PATH}:$PATH" - - echo '::group::🐶 Installing reviewdog v0.13.1 ... https://github.com/reviewdog/reviewdog' - reviewdog_sha='08a5a323939101195af1d420ab6be3a50ec12f58e3419e3fcd07b6871f0b9a7e' - curl -s -L https://github.com/reviewdog/reviewdog/releases/download/v0.13.1/reviewdog_0.13.1_Linux_x86_64.tar.gz --output "${TEMP_PATH}/reviewdog.tar.gz" - echo '::group::🐶 Verifying checksum of download' - computed_sha=`sha256sum ${TEMP_PATH}/reviewdog.tar.gz|cut -d ' ' -f 1` - if [[ $reviewdog_sha != $computed_sha ]]; then - echo '::group::🐶 Failed to verify checksum, exiting!' - exit 1 - fi - echo '::group::🐶 Checksum verified successfully, extracting reviewdog' - tar zxf "${TEMP_PATH}/reviewdog.tar.gz" -C ${TEMP_PATH} reviewdog - echo '::endgroup::' - - echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...' - # Don't fail because of grep - set +o pipefail - find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' | - xargs grep -n "DO NOT SUBMIT" | - reviewdog -efm="%f:%l:%m" \ - -name="DO NOT SUBMIT" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - - echo '::endgroup::' + uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index 1aaf388d80ea..cb9eeec753b9 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -193,24 +193,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - run: | - # Add more namespaces to dump here. - for ns in cosign-system; do - kubectl get pods -n${ns} - - echo '::group:: describe' - kubectl describe pods -n${ns} - echo '::endgroup::' - - for x in $(kubectl get pods -n${ns} -oname); do - - echo "::group:: describe $x" - kubectl describe -n${ns} $x - echo '::endgroup::' - - echo "::group:: $x logs" - kubectl logs -n${ns} $x --all-containers - echo '::endgroup::' - - done - done + uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 7e212aec077e..5707da3b667c 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -7,64 +7,34 @@ on: permissions: read-all jobs: - autoformat: - name: Auto-format and Check + gofmt: + name: check gofmt runs-on: ubuntu-latest - strategy: - fail-fast: false # Keep running if one leg fails. - matrix: - tool: - - goimports - - gofmt - - include: - - tool: gofmt - options: -s - - tool: goimports - importpath: golang.org/x/tools/cmd/goimports - steps: - - name: Set up Go 1.16.x + - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 with: go-version: 1.16.x - id: go - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - name: Install Dependencies - if: ${{ matrix.importpath != '' }} - run: | - cd $(mktemp -d) - GO111MODULE=on go get ${{ matrix.importpath }} + - uses: chainguard-dev/actions/gofmt@84c993eaf02da1c325854fb272a4df9184bd80fc # main + with: + args: -s + + goimports: + name: check goimports + runs-on: ubuntu-latest + + steps: + - name: Set up Go + uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 + with: + go-version: 1.16.x - - name: ${{ matrix.tool }} ${{ matrix.options }} - shell: bash - run: > - ${{ matrix.tool }} ${{ matrix.options }} -w - $(find . - -path './vendor' -prune - -o -path './third_party' -prune - -o -name '*.pb.go' -prune - -o -name 'wire_gen.go' -prune - -o -type f -name '*.go' -print) + - name: Check out code + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - name: Verify ${{ matrix.tool }} - shell: bash - run: | - # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ - # This is to leverage this workaround: - # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 - function urlencode() { - sed ':begin;$!N;s/\n/%0A/;tbegin' - } - if [[ $(git diff-index --name-only HEAD --) ]]; then - for x in $(git diff-index --name-only HEAD --); do - echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)" - done - echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}." - exit 1 - fi - echo "${{ github.repository }} is formatted correctly." + - uses: chainguard-dev/actions/goimports@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index cc517a04474d..086542a5a1cb 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -92,6 +92,10 @@ jobs: - name: Run end-to-end tests run: ./test/e2e_test.sh + - name: Collect diagnostics + if: ${{ failure() }} + uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main + e2e-windows-powershell-tests: name: Run PowerShell E2E tests runs-on: windows-latest diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index c4295b5a4ed2..24d309855315 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -13,84 +13,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Set up Go 1.16.x - uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 - with: - go-version: 1.16.x - id: go - - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - name: Install Tools - run: | - TEMP_PATH="$(mktemp -d)" - cd $TEMP_PATH - echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' - curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 - echo '::endgroup::' - echo "${TEMP_PATH}" >> $GITHUB_PATH - - - name: trailing whitespace - shell: bash + - uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' - # Don't fail because of grep - set +o pipefail - # Exclude generated and vendored files, plus some legacy - # paths until we update all .gitattributes - git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git)' | - xargs grep -nE " +$" | - reviewdog -efm="%f:%l:%m" \ - -name="trailing whitespace" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - echo '::endgroup::' - - name: EOF newline - shell: bash + - uses: chainguard-dev/actions/eof-newline@84c993eaf02da1c325854fb272a4df9184bd80fc # main if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' - # Don't fail because of misspell - set +o pipefail - # Lint exclude rule: - # - nothing in vendor/ - # - nothing in third_party - # - nothing in .git/ - # - nothing in pkg/cosign/tuf/repository - # - no *.ai (Adobe Illustrator) files. - LINT_FILES=$(git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git|pkg/cosign/tuf/repository/)' | - grep -v '\.ai$') - for x in $LINT_FILES; do - # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file - if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then - # We add 1 to `wc -l` here because of this limitation (from the man page): - # Characters beyond the final character will not be included in the line count. - echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline - fi - done | - reviewdog -efm="%f:%l: %m" \ - -name="EOF Newline" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - echo '::endgroup::' \ No newline at end of file