Lint (Go and Rust) #89637
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint (Go) | |
run-name: Lint (Go and Rust) | |
on: | |
pull_request: | |
merge_group: | |
env: | |
GOFLAGS: '-buildvcs=false' | |
jobs: | |
changes: | |
name: Check for relevant changes | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
outputs: | |
has_go: ${{ steps.changes.outputs.has_go }} | |
has_rust: ${{ steps.changes.outputs.has_rust }} | |
has_proto: ${{ steps.changes.outputs.has_proto }} | |
steps: | |
- name: Checkout | |
if: ${{ github.event_name == 'merge_group' }} | |
uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
id: changes | |
with: | |
base: ${{ github.event.pull_request.base.ref || github.event.merge_group.base_ref }} | |
ref: ${{ github.event.pull_request.head.ref || github.event.merge_group.head_ref }} | |
filters: | | |
has_go: | |
- '.github/workflows/lint.yaml' | |
- '**.go' | |
- 'go.mod' | |
- 'go.sum' | |
- 'build.assets/Makefile' | |
- 'build.assets/Dockerfile*' | |
- 'Makefile' | |
- '.golangci.yml' | |
has_rust: | |
- '.github/workflows/lint.yaml' | |
- '**.rs' | |
- 'Cargo.toml' | |
- 'Cargo.lock' | |
- 'build.assets/versions.mk' | |
- 'Makefile' | |
has_proto: | |
# workflow changes | |
- '.github/workflows/lint.yaml' | |
# proto files or buf changes | |
- 'go.mod' | |
- 'go.sum' | |
- 'api/proto/**' | |
- 'proto/**' | |
# operator protoc generator change | |
- 'integrations/operator/crdgen' | |
# terraform protoc generator changes | |
- 'integrations/terraform/go.mod' | |
- 'integrations/terraform/gen/docs.sh' | |
- 'integrations/terraform/protoc-gen-terraform-*' | |
- 'integrations/terraform/Makefile' | |
- 'integrations/terraform/examples/**' | |
- 'integrations/terraform/templates/**' | |
# rendered doc changes | |
- 'docs/pages/admin-guides/**' | |
- 'docs/pages/enroll-resources/**' | |
- 'docs/pages/reference/operator-resources/**' | |
- 'docs/pages/reference/terraform-provider/**' | |
- 'examples/chart/teleport-cluster/charts/teleport-operator/operator-crds' | |
lint-go: | |
name: Lint (Go) | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_go == 'true' }} | |
runs-on: ubuntu-22.04-16core | |
permissions: | |
contents: read | |
container: | |
image: ghcr.io/gravitational/teleport-buildbox:teleport17 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Check for untidy go modules | |
shell: bash | |
run: | | |
find . -path ./e -prune -o -name go.mod -print | while read f; do | |
echo "checking $f" | |
pushd $(dirname "$f") > /dev/null; | |
go mod tidy -diff; | |
popd > /dev/null; | |
done | |
- name: Set linter versions | |
run: | | |
echo GOLANGCI_LINT_VERSION=$(cd build.assets; make print-golangci-lint-version) >> $GITHUB_ENV | |
- name: Print linter versions | |
run: | | |
echo "GOLANGCI_LINT_VERSION=$GOLANGCI_LINT_VERSION" | |
# Run various golangci-lint checks. | |
# TODO(codingllama): Using go.work could save a bunch of repetition here. | |
- name: golangci-lint (api) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: api | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (teleport) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
args: --out-format=colored-line-number --build-tags libfido2,piv | |
skip-cache: true | |
- name: golangci-lint (assets/backport) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: assets/backport | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (build.assets/tooling) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: build.assets/tooling | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (integrations/terraform) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: integrations/terraform | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: golangci-lint (integrations/event-handler) | |
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 | |
with: | |
version: ${{ env.GOLANGCI_LINT_VERSION }} | |
working-directory: integrations/event-handler | |
args: --out-format=colored-line-number | |
skip-cache: true | |
- name: Run (non-action) linters | |
run: make lint-no-actions | |
- name: Check if derived functions are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make derive-up-to-date | |
lint-rust: | |
name: Lint (Rust) | |
runs-on: ubuntu-22.04 | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_rust == 'true' }} | |
permissions: | |
contents: read | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set Rust version | |
run: echo "RUST_VERSION=$(make -s -C build.assets print-rust-version)" >> $GITHUB_ENV | |
- name: Set up Rust | |
run: | | |
echo "Setting up Rust version ${RUST_VERSION}" | |
rustup toolchain install ${RUST_VERSION} --component rustfmt,clippy | |
rustup override set ${RUST_VERSION} | |
rustc --version | |
cargo --version | |
rustfmt --version | |
cargo clippy --version | |
- name: Run Rust linters | |
run: make lint-rust | |
lint-proto: | |
name: Lint (Proto) | |
needs: changes | |
if: ${{ !startsWith(github.head_ref, 'dependabot/') && needs.changes.outputs.has_proto == 'true' }} | |
runs-on: ubuntu-22.04-16core | |
permissions: | |
contents: read | |
container: | |
image: ghcr.io/gravitational/teleport-buildbox:teleport17 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set linter versions | |
run: | | |
echo BUF_VERSION=$(cd build.assets; make print-buf-version) >> $GITHUB_ENV | |
- name: Print linter versions | |
run: | | |
echo "BUF_VERSION=$BUF_VERSION" | |
- uses: bufbuild/buf-setup-action@5d38b66514ec5b6b7b753e133245555ea664d0ac # v1.46.0 | |
with: | |
github_token: ${{ github.token }} | |
version: ${{ env.BUF_VERSION }} | |
- uses: bufbuild/buf-lint-action@06f9dd823d873146471cfaaf108a993fe00e5325 # v1.1.1 | |
- name: buf breaking from parent to self | |
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 | |
with: | |
against: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}' | |
- name: buf breaking from self to master | |
uses: bufbuild/buf-breaking-action@c57b3d842a5c3f3b454756ef65305a50a587c5ba # v1.1.4 | |
if: ${{ github.base_ref != 'master' && github.event.merge_group.base_ref != 'refs/heads/master' }} | |
with: | |
input: 'https://github.com/${GITHUB_REPOSITORY}.git#branch=master' | |
against: '.' | |
- name: Check if protos are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make protos-up-to-date/host | |
- name: Check if Operator CRDs are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
run: git config --global --add safe.directory $(realpath .) && make crds-up-to-date | |
- name: Check if Terraform resources are up to date | |
# We have to add the current directory as a safe directory or else git commands will not work as expected. | |
# The protoc-gen-terraform version must match the version in integrations/terraform/Makefile | |
run: git config --global --add safe.directory $(realpath .) && go install github.com/gravitational/protoc-gen-terraform@c91cc3ef4d7d0046c36cb96b1cd337e466c61225 && make terraform-resources-up-to-date |