Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pick up some of the shared workflows #1490

Merged
merged 7 commits into from
Feb 22, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ updates:
schedule:
interval: daily
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
37 changes: 1 addition & 36 deletions .github/workflows/donotsubmit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,39 +17,4 @@ jobs:
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0

- name: Do Not Submit
shell: bash
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
run: |
set -e
cd "${GITHUB_WORKSPACE}" || exit 1

TEMP_PATH="$(mktemp -d)"
PATH="${TEMP_PATH}:$PATH"

echo '::group::🐶 Installing reviewdog v0.13.1 ... https://github.com/reviewdog/reviewdog'
reviewdog_sha='08a5a323939101195af1d420ab6be3a50ec12f58e3419e3fcd07b6871f0b9a7e'
curl -s -L https://github.com/reviewdog/reviewdog/releases/download/v0.13.1/reviewdog_0.13.1_Linux_x86_64.tar.gz --output "${TEMP_PATH}/reviewdog.tar.gz"
echo '::group::🐶 Verifying checksum of download'
computed_sha=`sha256sum ${TEMP_PATH}/reviewdog.tar.gz|cut -d ' ' -f 1`
if [[ $reviewdog_sha != $computed_sha ]]; then
echo '::group::🐶 Failed to verify checksum, exiting!'
exit 1
fi
echo '::group::🐶 Checksum verified successfully, extracting reviewdog'
tar zxf "${TEMP_PATH}/reviewdog.tar.gz" -C ${TEMP_PATH} reviewdog
echo '::endgroup::'

echo '::group:: Running DO NOT SUBMIT with reviewdog 🐶 ...'
# Don't fail because of grep
set +o pipefail
find . -type f -not -path './vendor/*' -not -path './third_party/*' -not -path './.git/*' -not -path './.github/workflows/*' |
xargs grep -n "DO NOT SUBMIT" |
reviewdog -efm="%f:%l:%m" \
-name="DO NOT SUBMIT" \
-reporter="github-pr-check" \
-filter-mode="added" \
-fail-on-error="true" \
-level="error"

echo '::endgroup::'
uses: chainguard-dev/actions/donotsubmit@84c993eaf02da1c325854fb272a4df9184bd80fc # main
22 changes: 1 addition & 21 deletions .github/workflows/kind-e2e-cosigned.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -193,24 +193,4 @@ jobs:

- name: Collect diagnostics
if: ${{ failure() }}
run: |
# Add more namespaces to dump here.
for ns in cosign-system; do
kubectl get pods -n${ns}

echo '::group:: describe'
kubectl describe pods -n${ns}
echo '::endgroup::'

for x in $(kubectl get pods -n${ns} -oname); do

echo "::group:: describe $x"
kubectl describe -n${ns} $x
echo '::endgroup::'

echo "::group:: $x logs"
kubectl logs -n${ns} $x --all-containers
echo '::endgroup::'

done
done
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
68 changes: 19 additions & 49 deletions .github/workflows/style.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,64 +7,34 @@ on:
permissions: read-all

jobs:
autoformat:
name: Auto-format and Check
gofmt:
name: check gofmt
runs-on: ubuntu-latest

strategy:
fail-fast: false # Keep running if one leg fails.
matrix:
tool:
- goimports
- gofmt

include:
- tool: gofmt
options: -s
- tool: goimports
importpath: golang.org/x/tools/cmd/goimports

steps:
- name: Set up Go 1.16.x
- name: Set up Go
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
with:
go-version: 1.16.x
id: go

- name: Check out code
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0

- name: Install Dependencies
if: ${{ matrix.importpath != '' }}
run: |
cd $(mktemp -d)
GO111MODULE=on go get ${{ matrix.importpath }}
- uses: chainguard-dev/actions/gofmt@84c993eaf02da1c325854fb272a4df9184bd80fc # main
with:
args: -s

goimports:
name: check goimports
runs-on: ubuntu-latest

steps:
- name: Set up Go
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
with:
go-version: 1.16.x

- name: ${{ matrix.tool }} ${{ matrix.options }}
shell: bash
run: >
${{ matrix.tool }} ${{ matrix.options }} -w
$(find .
-path './vendor' -prune
-o -path './third_party' -prune
-o -name '*.pb.go' -prune
-o -name 'wire_gen.go' -prune
-o -type f -name '*.go' -print)
- name: Check out code
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0

- name: Verify ${{ matrix.tool }}
shell: bash
run: |
# From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/
# This is to leverage this workaround:
# https://github.com/actions/toolkit/issues/193#issuecomment-605394935
function urlencode() {
sed ':begin;$!N;s/\n/%0A/;tbegin'
}
if [[ $(git diff-index --name-only HEAD --) ]]; then
for x in $(git diff-index --name-only HEAD --); do
echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)"
done
echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}."
exit 1
fi
echo "${{ github.repository }} is formatted correctly."
- uses: chainguard-dev/actions/goimports@84c993eaf02da1c325854fb272a4df9184bd80fc # main
4 changes: 4 additions & 0 deletions .github/workflows/tests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,10 @@ jobs:
- name: Run end-to-end tests
run: ./test/e2e_test.sh

- name: Collect diagnostics
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main

e2e-windows-powershell-tests:
name: Run PowerShell E2E tests
runs-on: windows-latest
Expand Down
77 changes: 2 additions & 75 deletions .github/workflows/whitespace.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,84 +13,11 @@ jobs:
runs-on: ubuntu-latest

steps:
- name: Set up Go 1.16.x
uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 #v2.1.5
with:
go-version: 1.16.x
id: go

- name: Check out code
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0

- name: Install Tools
run: |
TEMP_PATH="$(mktemp -d)"
cd $TEMP_PATH
echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog'
curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1
echo '::endgroup::'
echo "${TEMP_PATH}" >> $GITHUB_PATH

- name: trailing whitespace
shell: bash
- uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main
if: ${{ always() }}
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
run: |
set -e
cd "${GITHUB_WORKSPACE}" || exit 1
echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...'
# Don't fail because of grep
set +o pipefail
# Exclude generated and vendored files, plus some legacy
# paths until we update all .gitattributes
git ls-files |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
grep -Ev '^(vendor/|third_party/|.git)' |
xargs grep -nE " +$" |
reviewdog -efm="%f:%l:%m" \
-name="trailing whitespace" \
-reporter="github-pr-check" \
-filter-mode="added" \
-fail-on-error="true" \
-level="error"
echo '::endgroup::'

- name: EOF newline
shell: bash
- uses: chainguard-dev/actions/eof-newline@84c993eaf02da1c325854fb272a4df9184bd80fc # main
if: ${{ always() }}
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }}
run: |
set -e
cd "${GITHUB_WORKSPACE}" || exit 1
echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...'
# Don't fail because of misspell
set +o pipefail
# Lint exclude rule:
# - nothing in vendor/
# - nothing in third_party
# - nothing in .git/
# - nothing in pkg/cosign/tuf/repository
# - no *.ai (Adobe Illustrator) files.
LINT_FILES=$(git ls-files |
git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 |
git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 |
grep -Ev '^(vendor/|third_party/|.git|pkg/cosign/tuf/repository/)' |
grep -v '\.ai$')
for x in $LINT_FILES; do
# Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file
if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then
# We add 1 to `wc -l` here because of this limitation (from the man page):
# Characters beyond the final <newline> character will not be included in the line count.
echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline
fi
done |
reviewdog -efm="%f:%l: %m" \
-name="EOF Newline" \
-reporter="github-pr-check" \
-filter-mode="added" \
-fail-on-error="true" \
-level="error"
echo '::endgroup::'
mattmoor marked this conversation as resolved.
Show resolved Hide resolved