Adding validate phase to the CI

Adds a validate phase to the CI which runs a linter. Also fixes linter issues discovered during the initial run
rancher · Oct 14, 2022 · 9480a3e · 9480a3e
1 parent 7e4a51b
commit 9480a3e
Show file tree

Hide file tree

Showing 15 changed files with 128 additions and 37 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -29,6 +29,22 @@ steps:
       - pull_request
 ---
 kind: pipeline
+name: validate
+
+steps:
+  - name: validate
+    image: registry.suse.com/bci/bci-base:15.4
+    commands:
+      - zypper in -y go=1.19 git tar gzip make
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.49.0
+      - mv ./bin/golangci-lint /usr/local/bin/golangci-lint
+      - make validate
+    when:
+      event:
+        - push
+        - pull_request
+---
+kind: pipeline
 name: test
 
 steps:

diff --git a/.golangci.json b/.golangci.json
@@ -0,0 +1,67 @@
+{
+    "linters": {
+        "disable-all": true,
+        "enable": [
+           "govet",
+           "revive",
+           "goimports",
+           "misspell",
+           "ineffassign",
+           "gofmt"
+        ]
+    },
+    "linters-settings": {
+        "govet": {
+            "check-shadowing": false
+        },
+        "gofmt": {
+            "simplify": false
+        }
+    },
+    "run": {
+        "skip-dirs": [
+            "vendor",
+            "tests",
+            "pkg/client",
+            "pkg/generated"
+        ],
+        "tests": false,
+        "timeout": "10m"
+    },
+    "issues": {
+        "exclude-rules": [
+            {
+                "linters": "govet",
+                "text": "^(nilness|structtag)"
+            },
+            {
+                "path":"pkg/apis/management.cattle.io/v3/globaldns_types.go",
+                "text":".*lobalDns.*"
+            },
+            {
+                "path": "pkg/apis/management.cattle.io/v3/zz_generated_register.go",
+                "text":".*lobalDns.*"
+            },
+            {
+                "path":"pkg/apis/management.cattle.io/v3/zz_generated_list_types.go",
+                "text":".*lobalDns.*"
+            },
+            {
+                "linters": "revive",
+                "text": "should have comment"
+            },
+            {
+                "linters": "revive",
+                "text": "should be of the form"
+            },
+            {
+                "linters": "revive",
+                "text": "by other packages, and that stutters"
+            },
+            {
+                "linters": "typecheck",
+                "text": "imported but not used as apierrors"
+            }
+        ]
+    }
+}
diff --git a/Makefile b/Makefile
@@ -11,4 +11,7 @@ run-host: build
 	docker run $(DOCKER_ARGS) --net=host --uts=host --rm -it -v ${HOME}/.kube:/root/.kube steve --kubeconfig /root/.kube/config --http-listen-port 8989 --https-listen-port 0
 
 test:
-	bash scripts/test.sh
+	bash scripts/test.sh
+
+validate:
+	bash scripts/validate.sh
diff --git a/pkg/auth/cli/webhookcli.go b/pkg/auth/cli/webhookcli.go
@@ -1,12 +1,12 @@
 package cli
 
 import (
-	"k8s.io/client-go/tools/clientcmd"
 	"os"
 	"time"
 
 	"github.com/rancher/steve/pkg/auth"
 	"github.com/urfave/cli"
+	"k8s.io/client-go/tools/clientcmd"
 )
 
 type WebhookConfig struct {

diff --git a/pkg/auth/filter.go b/pkg/auth/filter.go
@@ -2,7 +2,6 @@ package auth
 
 import (
 	"io/ioutil"
-	"k8s.io/client-go/rest"
 	"net/http"
 	"strings"
 	"time"
@@ -13,6 +12,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/plugin/pkg/authenticator/token/webhook"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
 	"k8s.io/client-go/transport"

diff --git a/pkg/podimpersonation/podimpersonation.go b/pkg/podimpersonation/podimpersonation.go
@@ -128,10 +128,10 @@ type PodOptions struct {
 // CreatePod will create a pod with a service account that impersonates as user. Corresponding
 // ClusterRoles, ClusterRoleBindings, and ServiceAccounts will be create.
 // IMPORTANT NOTES:
-//   1. To ensure this is used securely the namespace assigned to the pod must be a dedicated
-//      namespace used only for the purpose of running impersonated pods. This is to ensure
-//      proper protection for the service accounts created.
-//   2. The pod must KUBECONFIG env var set to where you expect the kubeconfig to reside
+//  1. To ensure this is used securely the namespace assigned to the pod must be a dedicated
+//     namespace used only for the purpose of running impersonated pods. This is to ensure
+//     proper protection for the service accounts created.
+//  2. The pod must KUBECONFIG env var set to where you expect the kubeconfig to reside
 func (s *PodImpersonation) CreatePod(ctx context.Context, user user.Info, pod *v1.Pod, podOptions *PodOptions) (*v1.Pod, error) {
 	if podOptions == nil {
 		podOptions = &PodOptions{}

diff --git a/pkg/resources/counts/counts.go b/pkg/resources/counts/counts.go
@@ -280,7 +280,7 @@ func removeSummary(counts Summary, summary summary.Summary) Summary {
 		if counts.States == nil {
 			counts.States = map[string]int{}
 		}
-		counts.States[simpleState(summary)] -= 1
+		counts.States[simpleState(summary)]--
 	}
 	return counts
 }
@@ -297,7 +297,7 @@ func addSummary(counts Summary, summary summary.Summary) Summary {
 		if counts.States == nil {
 			counts.States = map[string]int{}
 		}
-		counts.States[simpleState(summary)] += 1
+		counts.States[simpleState(summary)]++
 	}
 	return counts
 }

diff --git a/pkg/schema/converter/crd.go b/pkg/schema/converter/crd.go
@@ -6,7 +6,7 @@ import (
 	"github.com/rancher/steve/pkg/schema/table"
 	apiextv1 "github.com/rancher/wrangler/pkg/generated/controllers/apiextensions.k8s.io/v1"
 	"github.com/rancher/wrangler/pkg/schemas"
-	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )

diff --git a/pkg/schema/converter/k8stonorman.go b/pkg/schema/converter/k8stonorman.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/rancher/apiserver/pkg/types"
-	"github.com/rancher/wrangler/pkg/generated/controllers/apiextensions.k8s.io/v1"
+	v1 "github.com/rancher/wrangler/pkg/generated/controllers/apiextensions.k8s.io/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/discovery"
 )

diff --git a/pkg/schema/factory.go b/pkg/schema/factory.go
@@ -41,11 +41,11 @@ func (c *Collection) Schemas(user user.Info) (*types.APISchemas, error) {
 func (c *Collection) removeOldRecords(access *accesscontrol.AccessSet, user user.Info) {
 	current, ok := c.userCache.Get(user.GetName())
 	if ok {
-		currentId, cOk := current.(string)
-		if cOk && currentId != access.ID {
+		currentID, cOk := current.(string)
+		if cOk && currentID != access.ID {
 			// we only want to keep around one record per user. If our current access record is invalid, purge the
 			//record of it from the cache, so we don't keep duplicates
-			c.purgeUserRecords(currentId)
+			c.purgeUserRecords(currentID)
 			c.userCache.Remove(user.GetName())
 		}
 	}

diff --git a/pkg/server/handler/handlers.go b/pkg/server/handler/handlers.go
@@ -9,11 +9,6 @@ import (
 
 func k8sAPI(sf schema.Factory, apiOp *types.APIRequest) {
 	vars := mux.Vars(apiOp.Request)
-	group := vars["group"]
-	if group == "core" {
-		group = ""
-	}
-
 	apiOp.Name = vars["name"]
 	apiOp.Type = vars["type"]
 

diff --git a/pkg/stores/metrics/metrics_store.go b/pkg/stores/metrics/metrics_store.go
@@ -63,4 +63,4 @@ func (s *Store) Watch(apiOp *types.APIRequest, schema *types.APISchema, w types.
 	apiEvent, err := s.Store.Watch(apiOp, schema, w)
 	m.RecordProxyStoreResponseTime(err, float64(time.Since(storeStart).Milliseconds()))
 	return apiEvent, err
-}
+}
diff --git a/pkg/stores/partition/parallel.go b/pkg/stores/partition/parallel.go
@@ -170,17 +170,16 @@ func (p *ParallelPartitionLister) feeder(ctx context.Context, state listState, l
 					}
 					capacity = 0
 					return nil
-				} else {
-					result <- list.Objects
-					capacity -= len(list.Objects)
-					if list.Continue == "" {
-						return nil
-					}
-					// loop again and get more data
-					state.Continue = list.Continue
-					state.PartitionName = partition.Name()
-					state.Offset = 0
 				}
+				result <- list.Objects
+				capacity -= len(list.Objects)
+				if list.Continue == "" {
+					return nil
+				}
+				// loop again and get more data
+				state.Continue = list.Continue
+				state.PartitionName = partition.Name()
+				state.Offset = 0
 			}
 		})
 	}

diff --git a/pkg/stores/proxy/rbac_store.go b/pkg/stores/proxy/rbac_store.go
@@ -166,14 +166,13 @@ func isPassthroughUnconstrained(apiOp *types.APIRequest, schema *types.APISchema
 	if apiOp.Namespace != "" {
 		if resources[apiOp.Namespace].All {
 			return nil, true
-		} else {
-			return []partition.Partition{
-				Partition{
-					Namespace: apiOp.Namespace,
-					Names:     resources[apiOp.Namespace].Names,
-				},
-			}, false
 		}
+		return []partition.Partition{
+			Partition{
+				Namespace: apiOp.Namespace,
+				Names:     resources[apiOp.Namespace].Names,
+			},
+		}, false
 	}
 
 	var result []partition.Partition

diff --git a/scripts/validate.sh b/scripts/validate.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+golangci-lint run
+go mod tidy
+go mod verify
+unclean=$(g status --porcelain --untracked-files=no)
+if [ -n "$unclean" ]; then
+  echo "Encountered dirty repo!";
+  echo "$unclean";
+  exit 1;
+fi