From 276300f2e91fffc6e784d74b0ad16c176e17fc4f Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 21 Feb 2022 10:13:15 -0800 Subject: [PATCH 1/7] Use a shared action for dumping KinD diagnostics and DO NOT SUBMIT. We've been using this downstream, and it is a nice way of getting a whole bunch of information from the KinD cluster on failures to debug things. Signed-off-by: Matt Moore --- .github/workflows/donotsubmit.yaml | 37 +----------------------- .github/workflows/kind-e2e-cosigned.yaml | 22 +------------- .github/workflows/tests.yaml | 4 +++ 3 files changed, 6 insertions(+), 57 deletions(-) diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 20db0f035cb..8dfe84c5716 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -17,39 +17,4 @@ jobs: uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - name: Do Not Submit - shell: bash - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - TEMP_PATH="$(mktemp -d)" - PATH="${TEMP_PATH}:$PATH" - - echo '::group::🐶 Installing reviewdog v0.13.1 ... https://github.com/reviewdog/reviewdog' - reviewdog_sha='08a5a323939101195af1d420ab6be3a50ec12f58e3419e3fcd07b6871f0b9a7e' - curl -s -L https://github.com/reviewdog/reviewdog/releases/download/v0.13.1/reviewdog_0.13.1_Linux_x86_64.tar.gz --output "${TEMP_PATH}/reviewdog.tar.gz" - echo '::group::🐶 Verifying checksum of download' - computed_sha=`sha256sum ${TEMP_PATH}/reviewdog.tar.gz|cut -d ' ' -f 1` - if [[ $reviewdog_sha != $computed_sha ]]; then - echo '::group::🐶 Failed to verify checksum, exiting!' - exit 1 - fi - echo '::group::🐶 Checksum verified successfully, extracting reviewdog' - tar zxf "${TEMP_PATH}/reviewdog.tar.gz" -C ${TEMP_PATH} reviewdog - echo '::endgroup::' - - echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...' - # Don't fail because of grep - set +o pipefail - find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' | - xargs grep -n "DO NOT SUBMIT" | - reviewdog -efm="%f:%l:%m" \ - -name="DO NOT SUBMIT" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - - echo '::endgroup::' + uses: chainguard-dev/actions/donotsubmit@main diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index 1aaf388d80e..348466e63c8 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -193,24 +193,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - run: | - # Add more namespaces to dump here. - for ns in cosign-system; do - kubectl get pods -n${ns} - - echo '::group:: describe' - kubectl describe pods -n${ns} - echo '::endgroup::' - - for x in $(kubectl get pods -n${ns} -oname); do - - echo "::group:: describe $x" - kubectl describe -n${ns} $x - echo '::endgroup::' - - echo "::group:: $x logs" - kubectl logs -n${ns} $x --all-containers - echo '::endgroup::' - - done - done + uses: chainguard-dev/actions/kind-diag@main diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index cc517a04474..93da9114d58 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -92,6 +92,10 @@ jobs: - name: Run end-to-end tests run: ./test/e2e_test.sh + - name: Collect diagnostics + if: ${{ failure() }} + uses: chainguard-dev/actions/kind-diag@main + e2e-windows-powershell-tests: name: Run PowerShell E2E tests runs-on: windows-latest From 5892cb39dde35b0fec761271388714f35b26c3f4 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 21 Feb 2022 10:47:14 -0800 Subject: [PATCH 2/7] Add the nodiff action to the party Signed-off-by: Matt Moore --- .github/workflows/style.yaml | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 7e212aec077..5ac438cded9 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -52,19 +52,6 @@ jobs: -o -type f -name '*.go' -print) - name: Verify ${{ matrix.tool }} - shell: bash - run: | - # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ - # This is to leverage this workaround: - # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 - function urlencode() { - sed ':begin;$!N;s/\n/%0A/;tbegin' - } - if [[ $(git diff-index --name-only HEAD --) ]]; then - for x in $(git diff-index --name-only HEAD --); do - echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)" - done - echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}." - exit 1 - fi - echo "${{ github.repository }} is formatted correctly." + uses: chainguard-dev/actions/nodiff@main + with: + fixup-command: "${{ matrix.tool }} ${{ matrix.options }}" From 73b46a300e403c6dc2f40a5242f1b35cd46ff40c Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 21 Feb 2022 11:06:09 -0800 Subject: [PATCH 3/7] Start to consume the whitespace actions Signed-off-by: Matt Moore --- .github/workflows/whitespace.yaml | 77 +------------------------------ 1 file changed, 2 insertions(+), 75 deletions(-) diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index c4295b5a4ed..f936641f6be 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -13,84 +13,11 @@ jobs: runs-on: ubuntu-latest steps: - - name: Set up Go 1.16.x - uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 - with: - go-version: 1.16.x - id: go - - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - name: Install Tools - run: | - TEMP_PATH="$(mktemp -d)" - cd $TEMP_PATH - echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' - curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 - echo '::endgroup::' - echo "${TEMP_PATH}" >> $GITHUB_PATH - - - name: trailing whitespace - shell: bash + - uses: chainguard-dev/actions/trailing-space@main if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' - # Don't fail because of grep - set +o pipefail - # Exclude generated and vendored files, plus some legacy - # paths until we update all .gitattributes - git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git)' | - xargs grep -nE " +$" | - reviewdog -efm="%f:%l:%m" \ - -name="trailing whitespace" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - echo '::endgroup::' - - name: EOF newline - shell: bash + - uses: chainguard-dev/actions/eof-newline@main if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' - # Don't fail because of misspell - set +o pipefail - # Lint exclude rule: - # - nothing in vendor/ - # - nothing in third_party - # - nothing in .git/ - # - nothing in pkg/cosign/tuf/repository - # - no *.ai (Adobe Illustrator) files. - LINT_FILES=$(git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git|pkg/cosign/tuf/repository/)' | - grep -v '\.ai$') - for x in $LINT_FILES; do - # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file - if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then - # We add 1 to `wc -l` here because of this limitation (from the man page): - # Characters beyond the final character will not be included in the line count. - echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline - fi - done | - reviewdog -efm="%f:%l: %m" \ - -name="EOF Newline" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - echo '::endgroup::' \ No newline at end of file From 0cc992f1346d87d177d45223f132612b59bf9809 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 21 Feb 2022 11:46:43 -0800 Subject: [PATCH 4/7] Start to consume the go formatting actions Signed-off-by: Matt Moore --- .github/workflows/style.yaml | 55 +++++++++++++----------------------- 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 5ac438cded9..aa058bab240 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -7,51 +7,34 @@ on: permissions: read-all jobs: - autoformat: - name: Auto-format and Check + gofmt: + name: check gofmt runs-on: ubuntu-latest - strategy: - fail-fast: false # Keep running if one leg fails. - matrix: - tool: - - goimports - - gofmt + steps: + - name: Set up Go + uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 + with: + go-version: 1.16.x - include: - - tool: gofmt - options: -s - - tool: goimports - importpath: golang.org/x/tools/cmd/goimports + - name: Check out code + uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 + + - uses: chainguard-dev/actions/gofmt@main + with: + args: -s + + goimports: + name: check goimports + runs-on: ubuntu-latest steps: - - name: Set up Go 1.16.x + - name: Set up Go uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5 with: go-version: 1.16.x - id: go - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - name: Install Dependencies - if: ${{ matrix.importpath != '' }} - run: | - cd $(mktemp -d) - GO111MODULE=on go get ${{ matrix.importpath }} - - - name: ${{ matrix.tool }} ${{ matrix.options }} - shell: bash - run: > - ${{ matrix.tool }} ${{ matrix.options }} -w - $(find . - -path './vendor' -prune - -o -path './third_party' -prune - -o -name '*.pb.go' -prune - -o -name 'wire_gen.go' -prune - -o -type f -name '*.go' -print) - - - name: Verify ${{ matrix.tool }} - uses: chainguard-dev/actions/nodiff@main - with: - fixup-command: "${{ matrix.tool }} ${{ matrix.options }}" + - uses: chainguard-dev/actions/goimports@main From 56f7e5a39fd7f862280b0666d7058bc81d7a0849 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Tue, 22 Feb 2022 06:57:16 -0800 Subject: [PATCH 5/7] Pin SHAs Signed-off-by: Matt Moore --- .github/workflows/donotsubmit.yaml | 2 +- .github/workflows/kind-e2e-cosigned.yaml | 2 +- .github/workflows/style.yaml | 4 ++-- .github/workflows/tests.yaml | 2 +- .github/workflows/whitespace.yaml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/donotsubmit.yaml b/.github/workflows/donotsubmit.yaml index 8dfe84c5716..1ceb52e01cf 100644 --- a/.github/workflows/donotsubmit.yaml +++ b/.github/workflows/donotsubmit.yaml @@ -17,4 +17,4 @@ jobs: uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - name: Do Not Submit - uses: chainguard-dev/actions/donotsubmit@main + uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/kind-e2e-cosigned.yaml b/.github/workflows/kind-e2e-cosigned.yaml index 348466e63c8..cb9eeec753b 100644 --- a/.github/workflows/kind-e2e-cosigned.yaml +++ b/.github/workflows/kind-e2e-cosigned.yaml @@ -193,4 +193,4 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@main + uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index aa058bab240..5707da3b667 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -20,7 +20,7 @@ jobs: - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - uses: chainguard-dev/actions/gofmt@main + - uses: chainguard-dev/actions/gofmt@84c993eaf02da1c325854fb272a4df9184bd80fc # main with: args: -s @@ -37,4 +37,4 @@ jobs: - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - uses: chainguard-dev/actions/goimports@main + - uses: chainguard-dev/actions/goimports@84c993eaf02da1c325854fb272a4df9184bd80fc # main diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 93da9114d58..086542a5a1c 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -94,7 +94,7 @@ jobs: - name: Collect diagnostics if: ${{ failure() }} - uses: chainguard-dev/actions/kind-diag@main + uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main e2e-windows-powershell-tests: name: Run PowerShell E2E tests diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index f936641f6be..24d30985531 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -16,8 +16,8 @@ jobs: - name: Check out code uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 - - uses: chainguard-dev/actions/trailing-space@main + - uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main if: ${{ always() }} - - uses: chainguard-dev/actions/eof-newline@main + - uses: chainguard-dev/actions/eof-newline@84c993eaf02da1c325854fb272a4df9184bd80fc # main if: ${{ always() }} From 599d3ea98efbbbe27eaef3988ea2ca928163c080 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Tue, 22 Feb 2022 06:58:26 -0800 Subject: [PATCH 6/7] Add dependabot config for bumping actions Signed-off-by: Matt Moore --- .github/dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6eee16bb85d..20cc0063380 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,3 +20,7 @@ updates: schedule: interval: daily open-pull-requests-limit: 10 +- package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" \ No newline at end of file From c59803ee0dda68adf99091faa786852222dab3d6 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Tue, 22 Feb 2022 07:32:18 -0800 Subject: [PATCH 7/7] Add newline at EOF Signed-off-by: Matt Moore --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 20cc0063380..5ae0c3be2d3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -23,4 +23,4 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "daily" \ No newline at end of file + interval: "daily"