From 35fba6014b3ecdd155c82fd931051b90c2aa9c35 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 2 Sep 2021 00:43:20 +0300 Subject: [PATCH] chore: use kres to setup build instructions This modernizes the build system. Signed-off-by: Andrey Smirnov --- .codecov.yml | 18 + .conform.yaml | 73 +-- .dockerignore | 14 +- .drone.yml | 415 ++++++++++++++---- .gitignore | 9 +- .golangci.yml | 153 +++++++ .kres.yaml | 20 + .markdownlint.json | 9 + Dockerfile | 161 +++++-- Makefile | 229 +++++++--- README.md | 2 + cmd/{ => conform}/enforce.go | 10 +- cmd/conform/main.go | 9 + cmd/{ => conform}/root.go | 10 +- cmd/{ => conform}/serve.go | 10 +- cmd/conform/version.go | 32 ++ hack/release.sh | 68 +++ hack/release.toml | 16 + internal/constants/constants.go | 6 +- internal/enforcer/enforcer.go | 12 +- internal/git/git.go | 8 +- internal/policy/commit/check_body.go | 6 +- .../commit/check_conventional_commit.go | 7 +- internal/policy/commit/check_dco.go | 6 +- internal/policy/commit/check_gpg_identity.go | 8 +- internal/policy/commit/check_gpg_signature.go | 6 +- internal/policy/commit/check_header_case.go | 6 +- .../commit/check_header_last_character.go | 6 +- internal/policy/commit/check_header_length.go | 8 +- .../policy/commit/check_imperative_verb.go | 6 +- internal/policy/commit/check_jira.go | 6 +- internal/policy/commit/check_jira_test.go | 9 +- .../policy/commit/check_number_of_commits.go | 8 +- internal/policy/commit/check_spelling.go | 6 +- internal/policy/commit/commit.go | 13 +- internal/policy/commit/commit_test.go | 15 +- internal/policy/license/license.go | 10 +- internal/policy/policy.go | 6 +- internal/policy/policy_options.go | 6 +- internal/policy/version/version.go | 6 +- internal/reporter/reporter.go | 6 +- {cmd => internal/version}/version.go | 36 +- main.go | 11 - 43 files changed, 1131 insertions(+), 350 deletions(-) create mode 100644 .codecov.yml create mode 100644 .golangci.yml create mode 100644 .kres.yaml create mode 100644 .markdownlint.json rename cmd/{ => conform}/enforce.go (83%) create mode 100644 cmd/conform/main.go rename cmd/{ => conform}/root.go (66%) rename cmd/{ => conform}/serve.go (94%) create mode 100644 cmd/conform/version.go create mode 100755 hack/release.sh create mode 100644 hack/release.toml rename {cmd => internal/version}/version.go (59%) delete mode 100644 main.go diff --git a/.codecov.yml b/.codecov.yml new file mode 100644 index 00000000..71c97d46 --- /dev/null +++ b/.codecov.yml @@ -0,0 +1,18 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:02:33Z by kres d88b53b-dirty. + +codecov: + require_ci_to_pass: false + +coverage: + status: + project: + default: + target: 50% + threshold: 0.5% + base: auto + if_ci_failed: success + patch: off + +comment: false diff --git a/.conform.yaml b/.conform.yaml index ecb4bd49..a0609f20 100644 --- a/.conform.yaml +++ b/.conform.yaml @@ -1,36 +1,39 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:42:39Z by kres 5ca7963-dirty. + +--- policies: - - type: commit - spec: - header: - length: 89 - imperative: true - case: lower - invalidLastCharacters: . - body: - required: true - dco: true - gpg: - required: true - identity: - gitHubOrganization: talos-systems - spellcheck: - locale: US - maximumOfOneCommit: true - conventional: - types: - - chore - - docs - - perf - - refactor - - style - - test - scopes: - - policy - - type: license - spec: - includeSuffixes: - - .go - header: | - /* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +- type: commit + spec: + dco: true + gpg: + required: true + identity: + gitHubOrganization: talos-systems + spellcheck: + locale: US + maximumOfOneCommit: true + header: + length: 89 + imperative: true + case: lower + invalidLastCharacters: . + body: + required: true + conventional: + types: ["chore","docs","perf","refactor","style","test","release"] + scopes: [".*"] +- type: license + spec: + skipPaths: + - .git/ + includeSuffixes: + - .go + excludeSuffixes: + - .pb.go + - .pb.gw.go + header: | + // This Source Code Form is subject to the terms of the Mozilla Public + // License, v. 2.0. If a copy of the MPL was not distributed with this + // file, You can obtain one at http://mozilla.org/MPL/2.0/. diff --git a/.dockerignore b/.dockerignore index 378eac25..f913e553 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,13 @@ -build +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:21:54Z by kres 5ca7963. + +** +!cmd +!internal +!go.mod +!go.sum +!.golangci.yml +!CHANGELOG.md +!README.md +!.markdownlint.json diff --git a/.drone.yml b/.drone.yml index d5ae777d..2fb60ff3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,91 +1,340 @@ +--- +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:21:54Z by kres 5ca7963. + kind: pipeline type: kubernetes name: default -services: - - name: docker - image: docker:20.10-dind - entrypoint: [dockerd] - privileged: true - volumes: - - name: dockersock - path: /var/run +platform: + os: linux + arch: amd64 steps: - - name: git-fetch-tags - image: docker:git - commands: - - git fetch --tags - - - name: build - image: autonomy/build-container:latest - pull: always - commands: - - make build - volumes: - - name: dockersock - path: /var/run - - - name: conform - image: autonomy/build-container:latest - pull: always - commands: - - build/conform-linux-amd64 enforce - volumes: - - name: dockersock - path: /var/run - - - name: test - image: autonomy/build-container:latest - pull: always - commands: - - make test - volumes: - - name: dockersock - path: /var/run - - - name: image - image: autonomy/build-container:latest - pull: always - commands: - - make image - volumes: - - name: dockersock - path: /var/run - - - name: push - image: autonomy/build-container:latest - pull: always - environment: - DOCKER_USERNAME: - from_secret: docker_username - DOCKER_PASSWORD: - from_secret: docker_password - commands: - - make login - - make push - volumes: - - name: dockersock - path: /var/run - when: - event: - exclude: - - pull_request - - - name: release - image: plugins/github-release - settings: - api_key: - from_secret: github_token - draft: true - files: - - build/conform-* - checksum: - - sha256 - - sha512 - when: - event: tag +- name: setup-ci + pull: always + image: autonomy/build-container:latest + commands: + - sleep 5 + - git fetch --tags + - install-ci-key + - docker buildx create --driver docker-container --platform linux/amd64 --name local --use unix:///var/outer-run/docker.sock + - docker buildx inspect --bootstrap + environment: + SSH_KEY: + from_secret: ssh_key + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + +- name: base + pull: always + image: autonomy/build-container:latest + commands: + - make base + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - setup-ci + +- name: unit-tests + pull: always + image: autonomy/build-container:latest + commands: + - make unit-tests + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - base + +- name: unit-tests-race + pull: always + image: autonomy/build-container:latest + commands: + - make unit-tests-race + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - base + +- name: coverage + pull: always + image: autonomy/build-container:latest + commands: + - make coverage + environment: + CODECOV_TOKEN: + from_secret: CODECOV_TOKEN + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - unit-tests + +- name: conform + pull: always + image: autonomy/build-container:latest + commands: + - make conform + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - base + +- name: lint + pull: always + image: autonomy/build-container:latest + commands: + - make lint + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - base + +- name: image-conform + pull: always + image: autonomy/build-container:latest + commands: + - make image-conform + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + depends_on: + - conform + - lint + - unit-tests + +- name: push-conform + pull: always + image: autonomy/build-container:latest + commands: + - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" + - make image-conform + environment: + GHCR_PASSWORD: + from_secret: ghcr_token + GHCR_USERNAME: + from_secret: ghcr_username + PUSH: true + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + when: + event: + exclude: + - pull_request + depends_on: + - image-conform + +- name: push-conform-latest + pull: always + image: autonomy/build-container:latest + commands: + - docker login ghcr.io --username "$${GHCR_USERNAME}" --password "$${GHCR_PASSWORD}" + - make image-conform TAG=latest + environment: + GHCR_PASSWORD: + from_secret: ghcr_token + GHCR_USERNAME: + from_secret: ghcr_username + PUSH: true + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + when: + branch: + - master + event: + exclude: + - pull_request + depends_on: + - push-conform + +- name: release-notes + pull: always + image: autonomy/build-container:latest + commands: + - make release-notes + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + when: + event: + - tag + depends_on: + - unit-tests + - coverage + - conform + - image-conform + - lint + +- name: release + pull: always + image: plugins/github-release + settings: + api_key: + from_secret: github_token + checksum: + - sha256 + - sha512 + draft: true + files: + - _out/* + note: _out/RELEASE_NOTES.md + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh + when: + event: + - tag + depends_on: + - release-notes + +services: +- name: docker + image: docker:20.10-dind + entrypoint: + - dockerd + commands: + - --dns=8.8.8.8 + - --dns=8.8.4.4 + - --mtu=1500 + - --log-level=error + privileged: true + volumes: + - name: outer-docker-socket + path: /var/outer-run + - name: docker-socket + path: /var/run + - name: buildx + path: /root/.docker/buildx + - name: ssh + path: /root/.ssh volumes: - - name: dockersock - temp: {} +- name: outer-docker-socket + host: + path: /var/ci-docker +- name: docker-socket + temp: + medium: memory +- name: buildx + temp: + medium: memory +- name: ssh + temp: + medium: memory + +--- +kind: pipeline +type: kubernetes +name: notify + +platform: + os: linux + arch: amd64 + +clone: + disable: true + +steps: +- name: slack + image: plugins/slack + settings: + channel: proj-talos-maintainers + link_names: true + template: "{{#if build.pull }}\n*{{#success build.status}}✓ Success{{else}}✕ Fail{{/success}}*: {{ repo.owner }}/{{ repo.name }} - \n{{else}}\n*{{#success build.status}}✓ Success{{else}}✕ Fail{{/success}}: {{ repo.owner }}/{{ repo.name }} - Build #{{ build.number }}* (type: `{{ build.event }}`)\n{{/if}}\nCommit: \nBranch: \nAuthor: {{ build.author }}\n<{{ build.link }}|Visit build page>" + webhook: + from_secret: slack_webhook + when: + status: + - success + - failure + +trigger: + status: + - success + - failure + +depends_on: +- default + +... diff --git a/.gitignore b/.gitignore index 4e968d25..6bce3324 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ -build -cache -vendor -.idea/ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:02:33Z by kres d88b53b-dirty. + +_out diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..dac3af44 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,153 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:21:54Z by kres 5ca7963. + +# options for analysis running +run: + timeout: 10m + issues-exit-code: 1 + tests: true + build-tags: [] + skip-dirs: [] + skip-dirs-use-default: true + skip-files: [] + modules-download-mode: readonly + +# output configuration options +output: + format: colored-line-number + print-issued-lines: true + print-linter-name: true + uniq-by-line: true + path-prefix: "" + +# all available settings of specific linters +linters-settings: + dogsled: + max-blank-identifiers: 2 + dupl: + threshold: 150 + errcheck: + check-type-assertions: true + check-blank: true + exhaustive: + default-signifies-exhaustive: false + funlen: + lines: 60 + statements: 40 + gci: + local-prefixes: github.com/talos-systems/conform + gocognit: + min-complexity: 30 + nestif: + min-complexity: 5 + goconst: + min-len: 3 + min-occurrences: 3 + gocritic: + disabled-checks: [] + gocyclo: + min-complexity: 20 + godot: + check-all: false + godox: + keywords: # default keywords are TODO, BUG, and FIXME, these can be overwritten by this setting + - NOTE + - OPTIMIZE # marks code that should be optimized before merging + - HACK # marks hack-arounds that should be removed before merging + gofmt: + simplify: true + goimports: + local-prefixes: github.com/talos-systems/conform + golint: + min-confidence: 0.8 + gomnd: + settings: {} + gomodguard: {} + govet: + check-shadowing: true + enable-all: true + depguard: + list-type: blacklist + include-go-root: false + lll: + line-length: 200 + tab-width: 4 + misspell: + locale: US + ignore-words: [] + nakedret: + max-func-lines: 30 + prealloc: + simple: true + range-loops: true # Report preallocation suggestions on range loops, true by default + for-loops: false # Report preallocation suggestions on for loops, false by default + nolintlint: + allow-unused: false + allow-leading-space: false + allow-no-explanation: [] + require-explanation: false + require-specific: true + rowserrcheck: {} + testpackage: + unparam: + check-exported: false + unused: + check-exported: false + whitespace: + multi-if: false # Enforces newlines (or comments) after every multi-line if statement + multi-func: false # Enforces newlines (or comments) after every multi-line function signature + wsl: + strict-append: true + allow-assign-and-call: true + allow-multiline-assign: true + allow-cuddle-declarations: false + allow-trailing-comment: false + force-case-trailing-whitespace: 0 + force-err-cuddling: false + allow-separated-leading-comment: false + gofumpt: + extra-rules: false + cyclop: + # the maximal code complexity to report + max-complexity: 20 + +linters: + enable-all: true + disable-all: false + fast: false + disable: + - exhaustivestruct + - forbidigo + - funlen + - gas + - gochecknoglobals + - gochecknoinits + - godox + - goerr113 + - gomnd + - gomoddirectives + - nestif + - paralleltest + - tagliatelle + - thelper + - typecheck + - wrapcheck + # abandoned linters for which golangci shows the warning that the repo is archived by the owner + - interfacer + - maligned + - golint + - scopelint + +issues: + exclude: [] + exclude-rules: [] + exclude-use-default: false + exclude-case-sensitive: false + max-issues-per-linter: 10 + max-same-issues: 3 + new: false + +severity: + default-severity: error + case-sensitive: false diff --git a/.kres.yaml b/.kres.yaml new file mode 100644 index 00000000..0a3229f5 --- /dev/null +++ b/.kres.yaml @@ -0,0 +1,20 @@ +kind: golang.Build +spec: + outputs: + conform-linux-amd64: + GOOS: linux + GOARCH: amd64 + conform-linux-arm64: + GOOS: linux + GOARCH: arm64 + conform-darwin-amd64: + GOOS: darwin + GOARCH: amd64 + conform-darwin-arm64: + GOOS: darwin + GOARCH: arm64 +--- +kind: golang.Toolchain +spec: + extraPackages: + - git diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 00000000..bf6c3a3c --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,9 @@ +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:02:33Z by kres d88b53b-dirty. + +{ + "MD013": false, + "MD033": false, + "default": true + } diff --git a/Dockerfile b/Dockerfile index d099d3be..04417c1d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,40 +1,133 @@ -ARG GOLANG_IMAGE -FROM ${GOLANG_IMAGE} AS common +# syntax = docker/dockerfile-upstream:1.2.0-labs + +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:55:41Z by kres 5ca7963-dirty. + +ARG TOOLCHAIN + +# cleaned up specs and compiled versions +FROM scratch AS generate + +FROM ghcr.io/talos-systems/ca-certificates:v0.3.0-12-g90722c3 AS image-ca-certificates + +FROM ghcr.io/talos-systems/fhs:v0.3.0-12-g90722c3 AS image-fhs + +# runs markdownlint +FROM node:14.8.0-alpine AS lint-markdown +RUN npm i -g markdownlint-cli@0.23.2 +RUN npm i sentences-per-line@0.2.1 +WORKDIR /src +COPY .markdownlint.json . +COPY ./CHANGELOG.md ./CHANGELOG.md +COPY ./README.md ./README.md +RUN markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules /node_modules/sentences-per-line/index.js . + +# base toolchain image +FROM ${TOOLCHAIN} AS toolchain +RUN apk --update --no-cache add bash curl build-base protoc protobuf-dev git + +# build tools +FROM toolchain AS tools +ENV GO111MODULE on ENV CGO_ENABLED 0 -ENV GO111MODULES on -WORKDIR /conform -COPY go.mod ./ -COPY go.sum ./ -RUN go mod download -RUN go mod verify -COPY ./ ./ -RUN go list -mod=readonly all - -FROM common AS build +ENV GOPATH /go +RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b /bin v1.41.1 +ARG GOFUMPT_VERSION +RUN go install mvdan.cc/gofumpt/gofumports@${GOFUMPT_VERSION} \ + && mv /go/bin/gofumports /bin/gofumports + +# tools and sources +FROM tools AS base +WORKDIR /src +COPY ./go.mod . +COPY ./go.sum . +RUN --mount=type=cache,target=/go/pkg go mod download +RUN --mount=type=cache,target=/go/pkg go mod verify +COPY ./cmd ./cmd +COPY ./internal ./internal +RUN --mount=type=cache,target=/go/pkg go list -mod=readonly all >/dev/null + +# builds conform-darwin-amd64 +FROM base AS conform-darwin-amd64-build +COPY --from=generate / / +WORKDIR /src/cmd/conform +ARG VERSION_PKG="github.com/talos-systems/conform/internal/version" +ARG SHA ARG TAG +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=amd64 GOOS=darwin go build -ldflags "-s -w -X ${VERSION_PKG}.Name=conform -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /conform-darwin-amd64 + +# builds conform-darwin-arm64 +FROM base AS conform-darwin-arm64-build +COPY --from=generate / / +WORKDIR /src/cmd/conform +ARG VERSION_PKG="github.com/talos-systems/conform/internal/version" ARG SHA -ENV GOOS linux -ENV GOARCH amd64 -RUN go build -o /conform-${GOOS}-${GOARCH} -ldflags "-s -w -X \"github.com/talos-systems/conform/cmd.Tag=${TAG}\" -X \"github.com/talos-systems/conform/cmd.SHA=${SHA}\"" . +ARG TAG +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=arm64 GOOS=darwin go build -ldflags "-s -w -X ${VERSION_PKG}.Name=conform -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /conform-darwin-arm64 +# builds conform-linux-amd64 +FROM base AS conform-linux-amd64-build +COPY --from=generate / / +WORKDIR /src/cmd/conform +ARG VERSION_PKG="github.com/talos-systems/conform/internal/version" +ARG SHA ARG TAG +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=amd64 GOOS=linux go build -ldflags "-s -w -X ${VERSION_PKG}.Name=conform -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /conform-linux-amd64 + +# builds conform-linux-arm64 +FROM base AS conform-linux-arm64-build +COPY --from=generate / / +WORKDIR /src/cmd/conform +ARG VERSION_PKG="github.com/talos-systems/conform/internal/version" ARG SHA -ENV GOOS darwin -ENV GOARCH amd64 -RUN go build -o /conform-${GOOS}-${GOARCH} -ldflags "-s -w -X \"github.com/talos-systems/conform/cmd.Tag=${TAG}\" -X \"github.com/talos-systems/conform/cmd.SHA=${SHA}\"" . - -FROM common AS test -ENV GOOS linux -ENV GOARCH amd64 -RUN curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.42.0 -RUN golangci-lint run -RUN CGO_ENABLED=1 go test -v -race -covermode=atomic -coverprofile=/coverage.txt ./... - -FROM alpine:3.11 as ca-certificates -RUN apk add --update --no-cache ca-certificates - -FROM scratch AS image -COPY --from=ca-certificates /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ -COPY --from=build /conform-linux-amd64 /conform -ENTRYPOINT [ "/conform" ] -CMD [ "enforce" ] +ARG TAG +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg GOARCH=arm64 GOOS=linux go build -ldflags "-s -w -X ${VERSION_PKG}.Name=conform -X ${VERSION_PKG}.SHA=${SHA} -X ${VERSION_PKG}.Tag=${TAG}" -o /conform-linux-arm64 + +# runs gofumpt +FROM base AS lint-gofumpt +RUN find . -name '*.pb.go' | xargs -r rm +RUN find . -name '*.pb.gw.go' | xargs -r rm +RUN FILES="$(gofumports -l -local github.com/talos-systems/conform .)" && test -z "${FILES}" || (echo -e "Source code is not formatted with 'gofumports -w -local github.com/talos-systems/conform .':\n${FILES}"; exit 1) + +# runs golangci-lint +FROM base AS lint-golangci-lint +COPY .golangci.yml . +ENV GOGC 50 +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.cache/golangci-lint --mount=type=cache,target=/go/pkg golangci-lint run --config .golangci.yml + +# runs unit-tests with race detector +FROM base AS unit-tests-race +ARG TESTPKGS +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg --mount=type=cache,target=/tmp CGO_ENABLED=1 go test -v -race -count 1 ${TESTPKGS} + +# runs unit-tests +FROM base AS unit-tests-run +ARG TESTPKGS +RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg --mount=type=cache,target=/tmp go test -v -covermode=atomic -coverprofile=coverage.txt -coverpkg=${TESTPKGS} -count 1 ${TESTPKGS} + +FROM scratch AS conform-darwin-amd64 +COPY --from=conform-darwin-amd64-build /conform-darwin-amd64 /conform-darwin-amd64 + +FROM scratch AS conform-darwin-arm64 +COPY --from=conform-darwin-arm64-build /conform-darwin-arm64 /conform-darwin-arm64 + +FROM scratch AS conform-linux-amd64 +COPY --from=conform-linux-amd64-build /conform-linux-amd64 /conform-linux-amd64 + +FROM scratch AS conform-linux-arm64 +COPY --from=conform-linux-arm64-build /conform-linux-arm64 /conform-linux-arm64 + +FROM scratch AS unit-tests +COPY --from=unit-tests-run /src/coverage.txt /coverage.txt + +FROM conform-linux-${TARGETARCH} AS conform + +FROM scratch AS image-conform +ARG TARGETARCH +COPY --from=conform conform-linux-${TARGETARCH} /conform +COPY --from=image-fhs / / +COPY --from=image-ca-certificates / / +LABEL org.opencontainers.image.source https://github.com/talos-systems/conform +ENTRYPOINT ["/conform"] + diff --git a/Makefile b/Makefile index 388ab0de..49935bea 100644 --- a/Makefile +++ b/Makefile @@ -1,54 +1,175 @@ -SHA ?= $(shell git describe --match=none --always --abbrev=8) -TAG ?= $(shell git describe --tag --always) - -GOLANG_IMAGE ?= golang:1.16 - -COMMON_ARGS := -f ./Dockerfile --build-arg GOLANG_IMAGE=$(GOLANG_IMAGE) --build-arg SHA=$(SHA) --build-arg TAG=$(TAG) . - -export DOCKER_BUILDKIT := 1 - -all: enforce build test image - -enforce: - @go run main.go enforce - -.PHONY: build -build: - @docker build \ - -t conform/$@:$(TAG) \ - --target=$@ \ - $(COMMON_ARGS) - @docker run --rm -v $(PWD)/build:/build conform/$@:$(TAG) cp /conform-linux-amd64 /build - @docker run --rm -v $(PWD)/build:/build conform/$@:$(TAG) cp /conform-darwin-amd64 /build - -test: - @docker build \ - --network=host \ - -t conform/$@:$(TAG) \ - --target=$@ \ - $(COMMON_ARGS) - @docker run --rm -v $(PWD)/build:/build conform/$@:$(TAG) cp /coverage.txt /build - -image: build - @docker build \ - --network=host \ - -t autonomy/conform:$(TAG) \ - --target=$@ \ - $(COMMON_ARGS) - -.PHONY: login -login: - @docker login --username "$(DOCKER_USERNAME)" --password "$(DOCKER_PASSWORD)" - -push: image - @docker tag autonomy/conform:$(TAG) autonomy/conform:latest - @docker push autonomy/conform:$(TAG) - @docker push autonomy/conform:latest - -deps: - @GO111MODULE=on CGO_ENABLED=0 go get -u github.com/autonomy/gitmeta - @GO111MODULE=on CGO_ENABLED=0 go get -u github.com/talos-systems/conform - -clean: - go clean -modcache - rm -rf build vendor +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:31:11Z by kres 5ca7963-dirty. + +# common variables + +SHA := $(shell git describe --match=none --always --abbrev=8 --dirty) +TAG := $(shell git describe --tag --always --dirty) +BRANCH := $(shell git rev-parse --abbrev-ref HEAD) +ARTIFACTS := _out +REGISTRY ?= ghcr.io +USERNAME ?= talos-systems +REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME) +GOFUMPT_VERSION ?= abc0db2c416aca0f60ea33c23c76665f6e7ba0b6 +GO_VERSION ?= 1.16 +PROTOBUF_GO_VERSION ?= 1.25.0 +GRPC_GO_VERSION ?= 1.1.0 +GRPC_GATEWAY_VERSION ?= 2.4.0 +TESTPKGS ?= ./... +KRES_IMAGE ?= ghcr.io/talos-systems/kres:latest + +# docker build settings + +BUILD := docker buildx build +PLATFORM ?= linux/amd64 +PROGRESS ?= auto +PUSH ?= false +CI_ARGS ?= +COMMON_ARGS = --file=Dockerfile +COMMON_ARGS += --progress=$(PROGRESS) +COMMON_ARGS += --platform=$(PLATFORM) +COMMON_ARGS += --push=$(PUSH) +COMMON_ARGS += --build-arg=ARTIFACTS=$(ARTIFACTS) +COMMON_ARGS += --build-arg=SHA=$(SHA) +COMMON_ARGS += --build-arg=TAG=$(TAG) +COMMON_ARGS += --build-arg=USERNAME=$(USERNAME) +COMMON_ARGS += --build-arg=TOOLCHAIN=$(TOOLCHAIN) +COMMON_ARGS += --build-arg=GOFUMPT_VERSION=$(GOFUMPT_VERSION) +COMMON_ARGS += --build-arg=PROTOBUF_GO_VERSION=$(PROTOBUF_GO_VERSION) +COMMON_ARGS += --build-arg=GRPC_GO_VERSION=$(GRPC_GO_VERSION) +COMMON_ARGS += --build-arg=GRPC_GATEWAY_VERSION=$(GRPC_GATEWAY_VERSION) +COMMON_ARGS += --build-arg=TESTPKGS=$(TESTPKGS) +TOOLCHAIN ?= docker.io/golang:1.16-alpine + +# help menu + +export define HELP_MENU_HEADER +# Getting Started + +To build this project, you must have the following installed: + +- git +- make +- docker (19.03 or higher) + +## Creating a Builder Instance + +The build process makes use of experimental Docker features (buildx). +To enable experimental features, add 'experimental: "true"' to '/etc/docker/daemon.json' on +Linux or enable experimental features in Docker GUI for Windows or Mac. + +To create a builder instance, run: + + docker buildx create --name local --use + + +If you already have a compatible builder instance, you may use that instead. + +## Artifacts + +All artifacts will be output to ./$(ARTIFACTS). Images will be tagged with the +registry "$(REGISTRY)", username "$(USERNAME)", and a dynamic tag (e.g. $(IMAGE):$(TAG)). +The registry and username can be overridden by exporting REGISTRY, and USERNAME +respectively. + +endef + +all: unit-tests conform image-conform lint + +.PHONY: clean +clean: ## Cleans up all artifacts. + @rm -rf $(ARTIFACTS) + +target-%: ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache. + @$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) . + +local-%: ## Builds the specified target defined in the Dockerfile using the local output type. The build result will be output to the specified local destination. + @$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)" + +lint-golangci-lint: ## Runs golangci-lint linter. + @$(MAKE) target-$@ + +lint-gofumpt: ## Runs gofumpt linter. + @$(MAKE) target-$@ + +.PHONY: fmt +fmt: ## Formats the source code + @docker run --rm -it -v $(PWD):/src -w /src golang:$(GO_VERSION) \ + bash -c "export GO111MODULE=on; export GOPROXY=https://proxy.golang.org; \ + go install mvdan.cc/gofumpt/gofumports@$(GOFUMPT_VERSION) && \ + gofumports -w -local github.com/talos-systems/conform ." + +.PHONY: base +base: ## Prepare base toolchain + @$(MAKE) target-$@ + +.PHONY: unit-tests +unit-tests: ## Performs unit tests + @$(MAKE) local-$@ DEST=$(ARTIFACTS) + +.PHONY: unit-tests-race +unit-tests-race: ## Performs unit tests with race detection enabled. + @$(MAKE) target-$@ + +.PHONY: coverage +coverage: ## Upload coverage data to codecov.io. + bash -c "bash <(curl -s https://codecov.io/bash) -f $(ARTIFACTS)/coverage.txt -X fix" + +.PHONY: $(ARTIFACTS)/conform-darwin-amd64 +$(ARTIFACTS)/conform-darwin-amd64: + @$(MAKE) local-conform-darwin-amd64 DEST=$(ARTIFACTS) + +.PHONY: conform-darwin-amd64 +conform-darwin-amd64: $(ARTIFACTS)/conform-darwin-amd64 ## Builds executable for conform-darwin-amd64. + +.PHONY: $(ARTIFACTS)/conform-darwin-arm64 +$(ARTIFACTS)/conform-darwin-arm64: + @$(MAKE) local-conform-darwin-arm64 DEST=$(ARTIFACTS) + +.PHONY: conform-darwin-arm64 +conform-darwin-arm64: $(ARTIFACTS)/conform-darwin-arm64 ## Builds executable for conform-darwin-arm64. + +.PHONY: $(ARTIFACTS)/conform-linux-amd64 +$(ARTIFACTS)/conform-linux-amd64: + @$(MAKE) local-conform-linux-amd64 DEST=$(ARTIFACTS) + +.PHONY: conform-linux-amd64 +conform-linux-amd64: $(ARTIFACTS)/conform-linux-amd64 ## Builds executable for conform-linux-amd64. + +.PHONY: $(ARTIFACTS)/conform-linux-arm64 +$(ARTIFACTS)/conform-linux-arm64: + @$(MAKE) local-conform-linux-arm64 DEST=$(ARTIFACTS) + +.PHONY: conform-linux-arm64 +conform-linux-arm64: $(ARTIFACTS)/conform-linux-arm64 ## Builds executable for conform-linux-arm64. + +.PHONY: conform +conform: conform-darwin-amd64 conform-darwin-arm64 conform-linux-amd64 conform-linux-arm64 ## Builds executables for conform. + +.PHONY: lint-markdown +lint-markdown: ## Runs markdownlint. + @$(MAKE) target-$@ + +.PHONY: lint +lint: lint-golangci-lint lint-gofumpt lint-markdown ## Run all linters for the project. + +.PHONY: image-conform +image-conform: ## Builds image for conform. + @$(MAKE) target-$@ TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/conform:$(TAG)" + +.PHONY: rekres +rekres: + @docker pull $(KRES_IMAGE) + @docker run --rm -v $(PWD):/src -w /src -e GITHUB_TOKEN $(KRES_IMAGE) + +.PHONY: help +help: ## This help menu. + @echo "$$HELP_MENU_HEADER" + @grep -E '^[a-zA-Z%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' + +.PHONY: release-notes +release-notes: + mkdir -p $(ARTIFACTS) + @ARTIFACTS=$(ARTIFACTS) ./hack/release.sh $@ $(ARTIFACTS)/RELEASE_NOTES.md $(TAG) + diff --git a/README.md b/README.md index 66631f19..73ecf5a5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ + +

Conform

Policy enforcement for your pipelines.

diff --git a/cmd/enforce.go b/cmd/conform/enforce.go similarity index 83% rename from cmd/enforce.go rename to cmd/conform/enforce.go index 1088e2e7..47353ddf 100644 --- a/cmd/enforce.go +++ b/cmd/conform/enforce.go @@ -1,8 +1,8 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. -package cmd +package main import ( "errors" @@ -30,7 +30,7 @@ var enforceCmd = &cobra.Command{ reporter := cmd.Flags().Lookup("reporter").Value.String() e, err := enforcer.New(reporter) if err != nil { - return fmt.Errorf("failed to create enforcer: %+v", err) + return fmt.Errorf("failed to create enforcer: %w", err) } opts := []policy.Option{} diff --git a/cmd/conform/main.go b/cmd/conform/main.go new file mode 100644 index 00000000..a5ff24d6 --- /dev/null +++ b/cmd/conform/main.go @@ -0,0 +1,9 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package main + +func main() { + Execute() +} diff --git a/cmd/root.go b/cmd/conform/root.go similarity index 66% rename from cmd/root.go rename to cmd/conform/root.go index 306ad283..2bb2eadf 100644 --- a/cmd/root.go +++ b/cmd/conform/root.go @@ -1,9 +1,9 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. -// Package cmd provides CLI commands. -package cmd +// Package main provides CLI commands. +package main import ( "os" diff --git a/cmd/serve.go b/cmd/conform/serve.go similarity index 94% rename from cmd/serve.go rename to cmd/conform/serve.go index 5e35d2ca..4b811591 100644 --- a/cmd/serve.go +++ b/cmd/conform/serve.go @@ -1,8 +1,8 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. -package cmd +package main import ( "encoding/json" @@ -50,7 +50,7 @@ var serveCmd = &cobra.Command{ return } - // nolint: errcheck + //nolint: errcheck defer os.RemoveAll(dir) if err = os.MkdirAll(filepath.Join(dir, "github"), 0o700); err != nil { diff --git a/cmd/conform/version.go b/cmd/conform/version.go new file mode 100644 index 00000000..c9faf1f6 --- /dev/null +++ b/cmd/conform/version.go @@ -0,0 +1,32 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package main + +import ( + "github.com/spf13/cobra" + + "github.com/talos-systems/conform/internal/version" +) + +var shortVersion bool + +// versionCmd represents the version command. +var versionCmd = &cobra.Command{ + Use: "version", + Short: "Prints the version", + Long: ``, + Run: func(cmd *cobra.Command, args []string) { + if shortVersion { + version.PrintShortVersion() + } else { + version.PrintLongVersion() + } + }, +} + +func init() { + versionCmd.Flags().BoolVar(&shortVersion, "short", false, "Print the short version") + rootCmd.AddCommand(versionCmd) +} diff --git a/hack/release.sh b/hack/release.sh new file mode 100755 index 00000000..19844a76 --- /dev/null +++ b/hack/release.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. +# +# Generated on 2021-09-01T21:21:54Z by kres 5ca7963. + + +#!/bin/bash + +set -e + +RELEASE_TOOL_IMAGE="ghcr.io/talos-systems/release-tool:latest" + +function release-tool { + docker pull "${RELEASE_TOOL_IMAGE}" >/dev/null + docker run --rm -w /src -v "${PWD}":/src:ro "${RELEASE_TOOL_IMAGE}" -l -d -n -t "${1}" ./hack/release.toml +} + +function changelog { + if [ "$#" -eq 1 ]; then + (release-tool ${1}; echo; cat CHANGELOG.md) > CHANGELOG.md- && mv CHANGELOG.md- CHANGELOG.md + else + echo 1>&2 "Usage: $0 changelog [tag]" + exit 1 + fi +} + +function release-notes { + release-tool "${2}" > "${1}" +} + +function cherry-pick { + if [ $# -ne 2 ]; then + echo 1>&2 "Usage: $0 cherry-pick " + exit 1 + fi + + git checkout $2 + git fetch + git rebase upstream/$2 + git cherry-pick -x $1 +} + +function commit { + if [ $# -ne 1 ]; then + echo 1>&2 "Usage: $0 commit " + exit 1 + fi + + git commit -s -m "release($1): prepare release" -m "This is the official $1 release." +} + +if declare -f "$1" > /dev/null +then + cmd="$1" + shift + $cmd "$@" +else + cat <