Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📖 Add sample workflows #8

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
on:
pull_request_target:
types: [opened, edited, reopened]
types: [opened, edited, synchronize, reopened]

jobs:
verify:
Expand Down
32 changes: 8 additions & 24 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,30 +21,8 @@ $ go run sigs.k8s.io/kubebuilder-release-tools/notes -r beta
This repository acts as a GitHub action for verifying PR titles match the
[release notes generation requirements](/VERSIONING.md), as well as some
basic descriptiveness checks. You can use it in your repository by adding
a workflow (e.g. `.github/workflows/verifier.yml`) as such:

```yaml
name: PR Verifier

on:
# NB: using `pull_request_target` runs this in the context of
# the base repository, so it has permission to upload to the checks API.
# This means changes won't kick in to this file until merged onto the
# main branch.
pull_request_target:
types: [opened, edited, reopened]

jobs:
verify:
runs-on: ubuntu-latest
name: verify PR contents
steps:
- name: Verifier action
id: verifier
uses: kubernetes-sigs/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
```
a workflow (e.g. `.github/workflows/verifier.yml`), such as
[sample-workflows/verifier.yml](sample-workflows/verifier.yml).

The code that actually runs lives in [verify/cmd](/verify/cmd), while
[/verify](/verify) contains a framework for running PR description checks
Expand All @@ -70,6 +48,12 @@ $ git tag -f vX vX.Y.Z
$ git push upstream refs/tags/vX
```

## Common GitHub Action Workflows

The [sample-workflows](/sample-workflows) directory includes workflows to
be used across all KubeBuilder projects, such as the PR verifier, Go
lints, etc.

## KubeBuilder Project Versioning

[VERSIONING.md](/VERSIONING.md) contains the general guidelines for
Expand Down
4 changes: 2 additions & 2 deletions VERSIONING.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,12 @@ repository][rel-tools]:
unless the tool mentions needing manual edits.

* the [GitHub actions][action] in this repo will verify PRs using the
verifier code from [verify][/verify]. If you want to add new checks,
verifier code from [verify](/verify). If you want to add new checks,
you can do it there.

[rel-tools]: https://sigs.k8s.io/kubebuilder-release-tools

[actions-wf]: /action.yml
[action]: /action.yml

## PR Process

Expand Down
51 changes: 51 additions & 0 deletions sample-workflows/.golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
run:
deadline: 5m
linters-settings:
dupl:
threshold: 400
issues:
# don't skip warning about doc comments
exclude-use-default: false
# restore some of the defaults
# (fill in the rest as needed)
exclude-rules:
- linters: [gosec]
path: "test/e2e/*"
# turn this on to ignore return value checks on
# * fmt.Fprintf to stdout/error
# * Close/Flush/Remove/RemoveAll
# * Setenv/UnSetenv
#- linters: [errcheck]
# text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked"
linters:
disable-all: true
enable:
# keep these sorted if you modify (e.g. in vim, linewise visual + :sort)
- deadcode
- dupl
- errcheck
- exportloopref
- gocyclo
- gofmt
- goimports
- golint
- gosec
- gosimple
- govet
- ineffassign
- maligned
- misspell
- nakedret
- prealloc
- staticcheck
- structcheck
- typecheck
- unconvert
- unparam
- unused
- varcheck

# These may be useful, but are generally more annoying than not:
# - goconst # this one doesn't quite know what is and isn't a magic string
# - interfacer # doesn't understand that interfaces have semantic meaning
# - lll # fiddly, use your best judgement
28 changes: 28 additions & 0 deletions sample-workflows/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Sample GitHub Actions Workflows

These include GitHub Actions Worflows for use in KubeBuilder projects.

## PR Verifier

**File(s)**:

- [verifier.yml](verifier.yml) (`/.github/workflows/verifier.yml`)

This uses the [PR Verifier Action](/action.yml) to verify PR title and
contents according to [the PR guidelines](/VERSIONING.md).

[verifier-action]: /action.yml

## Lint

**File(s)**:

- [lint.yml](lint.yml) (`/.github/workflows/lint.yml`)
- [.golangci.yml](.golangci.yml) (`/.golangci.yml`)

This uses [golangci-lint](https://github.com/golangci/golangci-lint) to
lint our code.

Use the included config file at the root of your repo to configure what
linters run by default (golangci-lint has some strange defaults, and this
config should be used more-or-less for all KubeBuilder projects).
26 changes: 26 additions & 0 deletions sample-workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
name: golangci-lint

on:
# run on PRs...
pull_request_target:
types: [opened, synchronize, reopened]

# ... and also continuously
push:
branches:
- master


jobs:
golangci:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: golangci-lint
uses: golangci/golangci-lint-action@v2
with:
# Required: the version of golangci-lint is required and must be
# specified without patch version: we always use the latest patch
# version.
version: v1.29
22 changes: 22 additions & 0 deletions sample-workflows/verifier.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: PR Verifier

on:
# NB: using `pull_request_target` runs this in the context of
# the base repository, so it has permission to upload to the checks API.
# This means changes won't kick in to this file until merged onto the
# main branch.
pull_request_target:
# synchronize because this will cause the HEAD commit to change,
# invalidating where we've placed our results
types: [opened, edited, synchronize, reopened]

jobs:
verify:
runs-on: ubuntu-latest
name: verify PR contents
steps:
- name: Verifier action
id: verifier
uses: kubernetes-sigs/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}