diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 7238572..3f4bd80 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -5,6 +5,10 @@ on: required: false type: boolean default: true + runs-on: + required: false + type: string + default: '' codeql-build-cmd: required: false type: string @@ -16,7 +20,15 @@ on: codeql-runs-on: required: false type: string - default: ubuntu-latest + default: '' + os-dependencies: + required: false + type: string + default: '' + codeql-os-dependencies: + required: false + type: string + default: '' permissions: actions: read @@ -28,6 +40,7 @@ jobs: if: inputs.run-codeql uses: ./.github/workflows/codeql-analysis.yml with: - codeql-build-cmd: ${{ inputs.codeql-build-cmd }} - codeql-build-mode: ${{ inputs.codeql-build-mode }} - codeql-runs-on: ${{ inputs.codeql-runs-on }} + runs-on: ${{ inputs.codeql-runs-on || inputs.runs-on || 'ubuntu-latest' }} + build-cmd: ${{ inputs.codeql-build-cmd }} + build-mode: ${{ inputs.codeql-build-mode }} + os-dependencies: ${{ inputs.codeql-os-dependencies || inputs.os-dependencies || '' }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index db564ab..40eb31b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -3,21 +3,21 @@ name: "CodeQL" on: workflow_call: inputs: - codeql-make-bootstrap: + runs-on: required: false - type: boolean - codeql-build-cmd: + type: string + default: ubuntu-latest + build-cmd: required: false type: string default: 'V=1 make build' - codeql-build-mode: + build-mode: required: false type: string default: '' - codeql-runs-on: + make-bootstrap: required: false - type: string - default: ubuntu-latest + type: boolean goprivate: required: false type: string @@ -34,7 +34,7 @@ on: jobs: codeql-analyze: name: CodeQL Analyze - runs-on: ${{ inputs.codeql-runs-on }} + runs-on: ${{ inputs.runs-on }} strategy: fail-fast: false matrix: @@ -44,48 +44,44 @@ jobs: env: GOPRIVATE: ${{ inputs.goprivate }} steps: - - - name: Install Dependencies + - name: Install Dependencies if: ${{ inputs.os-dependencies != '' }} + shell: bash env: OS_DEPS: ${{ inputs.os-dependencies }} run: | - sudo apt-get update - # shellcheck disable=SC2086 - sudo apt-get install ${OS_DEPS} - - - name: Checkout + case "${RUNNER_OS}" in + Linux) + sudo apt-get update + # shellcheck disable=SC2086 + sudo apt-get install -y ${OS_DEPS} + ;; + macOS) + # shellcheck disable=SC2086 + brew install ${OS_DEPS} + ;; + Windows) + # shellcheck disable=SC2086 + choco install -y ${OS_DEPS} + ;; + *) + echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2 + exit 1 + ;; + esac + - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - submodules: true + submodules: recursive ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} - - - name: Setup Go - id: setup-go + - name: Setup Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: 'stable' check-latest: true cache: true - - - name: chmod cache dir - if: steps.setup-go.outputs.cache-hit == 'true' - run: | - chmod -R 0755 \ - ~/.cache/go-build \ - ~/go/pkg/mod || true - - - name: Action Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Setup SSH key for private dependencies + cache-dependency-path: '**/go.sum' + - name: Setup SSH key for private dependencies uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} @@ -93,41 +89,37 @@ jobs: with: ssh-private-key: | ${{ secrets.SSH_PRIVATE_KEY }} - - - name: Reconfigure Git for private repos + - name: Reconfigure Git for private repos + if: ${{ env.PAT != '' }} env: PAT: ${{ secrets.PAT }} - if: ${{ env.PAT != '' }} run: | git config --global url.https://${{ secrets.PAT }}@github.com/.insteadOf git+ssh://git@github.com git config --global url.git@github.com:.insteadOf https://github.com/ - - - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: languages: ${{ matrix.language }} - build-mode: ${{ inputs.codeql-build-mode }} - queries: security-and-quality # use Canonical suite - packs: codeql/go-queries # and pin the official pack explicitly - - - name: Make bootstrap - if: inputs.codeql-make-bootstrap + build-mode: ${{ inputs.build-mode }} + queries: security-and-quality # use Canonical suite + packs: codeql/go-queries # and pin the official pack explicitly + - name: Make bootstrap + if: inputs.make-bootstrap run: | make bootstrap - - - # Run only when the selected build mode expects a manual build: - # - '' (unset) keeps legacy behavior for existing callers. - # - 'manual' means the caller wants this step to drive the build. - # 'autobuild' and 'none' are handled by codeql-action itself, so we skip. - name: Build - if: inputs.codeql-build-mode == '' || inputs.codeql-build-mode == 'manual' + # Run only when the selected build mode expects a manual build: + # - '' (unset) keeps legacy behavior for existing callers. + # - 'manual' means the caller wants this step to drive the build. + # 'autobuild' and 'none' are handled by codeql-action itself, so we skip. + - name: Build + if: inputs.build-mode == '' || inputs.build-mode == 'manual' + shell: bash env: - CODEQL_BUILD_CMD: ${{ inputs.codeql-build-cmd }} + BUILD_CMD: ${{ inputs.build-cmd }} run: | - eval "${CODEQL_BUILD_CMD}" - - - name: Perform CodeQL Analysis + eval "${BUILD_CMD}" + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 with: output: codeql-results diff --git a/.github/workflows/goBuild.yml b/.github/workflows/goBuild.yml index eba8e77..5516d46 100644 --- a/.github/workflows/goBuild.yml +++ b/.github/workflows/goBuild.yml @@ -1,6 +1,10 @@ on: workflow_call: inputs: + runs-on: + required: false + type: string + default: ubuntu-latest build-command: required: false type: string @@ -44,44 +48,57 @@ jobs: build: needs: set-go-matrix - runs-on: ubuntu-latest + runs-on: ${{ inputs.runs-on }} env: GOPRIVATE: ${{ inputs.goprivate }} strategy: matrix: ${{ fromJson(needs.set-go-matrix.outputs.matrix) }} steps: - - - name: Install Dependencies # Some dependencies require this package + - name: Install Dependencies # Some dependencies require this package if: ${{ inputs.os-dependencies != '' }} + shell: bash env: OS_DEPS: ${{ inputs.os-dependencies }} run: | - sudo apt-get update - # shellcheck disable=SC2086 - sudo apt-get install ${OS_DEPS} - - - name: Checkout + case "${RUNNER_OS}" in + Linux) + sudo apt-get update + # shellcheck disable=SC2086 + sudo apt-get install -y ${OS_DEPS} + ;; + macOS) + # shellcheck disable=SC2086 + brew install ${OS_DEPS} + ;; + Windows) + # shellcheck disable=SC2086 + choco install -y ${OS_DEPS} + ;; + *) + echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2 + exit 1 + ;; + esac + - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: submodules: true ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} - - - name: Reconfigure Git for go.step.sm + - name: Reconfigure Git for go.step.sm env: PAT: ${{ secrets.PAT }} if: ${{ env.PAT != '' }} run: | git config --global url.https://${{ secrets.PAT }}@github.com/.insteadOf git+ssh://git@github.com git config --global url.git@github.com:.insteadOf https://github.com/ - - - name: Install Go + - name: Install Go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go }} check-latest: true cache: true - - - name: Setup SSH key for private dependencies + cache-dependency-path: '**/go.sum' + - name: Setup SSH key for private dependencies uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} @@ -89,8 +106,8 @@ jobs: with: ssh-private-key: | ${{ secrets.SSH_PRIVATE_KEY }} - - - name: Build + - name: Build + shell: bash env: BUILD_CMD: ${{ inputs.build-command }} run: eval "${BUILD_CMD}" diff --git a/.github/workflows/goCI.yml b/.github/workflows/goCI.yml index 2f75082..11ec63b 100644 --- a/.github/workflows/goCI.yml +++ b/.github/workflows/goCI.yml @@ -16,10 +16,30 @@ on: codeql-make-bootstrap: required: false type: boolean + runs-on: + required: false + type: string + default: '' + build-runs-on: + required: false + type: string + default: '' codeql-runs-on: required: false type: string - default: ubuntu-latest + default: '' + govulncheck-runs-on: + required: false + type: string + default: '' + lint-runs-on: + required: false + type: string + default: '' + test-runs-on: + required: false + type: string + default: '' golangci-lint-version: required: false type: string @@ -39,6 +59,27 @@ on: os-dependencies: required: false type: string + default: '' + build-os-dependencies: + required: false + type: string + default: '' + codeql-os-dependencies: + required: false + type: string + default: '' + govulncheck-os-dependencies: + required: false + type: string + default: '' + lint-os-dependencies: + required: false + type: string + default: '' + test-os-dependencies: + required: false + type: string + default: '' run-actionlint: required: false type: boolean @@ -97,10 +138,11 @@ jobs: uses: ./.github/workflows/goLint.yml if: inputs.run-lint with: + runs-on: ${{ inputs.lint-runs-on || inputs.runs-on || 'ubuntu-latest' }} goprivate: ${{ inputs.goprivate }} golangci-lint-version: ${{ inputs.golangci-lint-version }} golangci-lint-args: ${{ inputs.golangci-lint-args }} - os-dependencies: ${{ inputs.os-dependencies }} + os-dependencies: ${{ inputs.lint-os-dependencies || inputs.os-dependencies || '' }} skip-go-generate: ${{ inputs.lint-skip-go-generate }} skip-go-mod-tidy: ${{ inputs.lint-skip-go-mod-tidy }} secrets: @@ -111,7 +153,8 @@ jobs: uses: ./.github/workflows/govulncheck.yml if: inputs.run-govulncheck with: - os-dependencies: ${{ inputs.os-dependencies }} + runs-on: ${{ inputs.govulncheck-runs-on || inputs.runs-on || 'ubuntu-latest' }} + os-dependencies: ${{ inputs.govulncheck-os-dependencies || inputs.os-dependencies || '' }} goprivate: ${{ inputs.goprivate }} secrets: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} @@ -121,12 +164,12 @@ jobs: if: inputs.run-codeql uses: ./.github/workflows/codeql-analysis.yml with: + runs-on: ${{ inputs.codeql-runs-on || inputs.runs-on || 'ubuntu-latest' }} goprivate: ${{ inputs.goprivate }} - os-dependencies: ${{ inputs.os-dependencies }} - codeql-make-bootstrap: ${{ inputs.codeql-make-bootstrap }} - codeql-build-cmd: ${{ inputs.codeql-build-cmd }} - codeql-build-mode: ${{ inputs.codeql-build-mode }} - codeql-runs-on: ${{ inputs.codeql-runs-on }} + os-dependencies: ${{ inputs.codeql-os-dependencies || inputs.os-dependencies || '' }} + make-bootstrap: ${{ inputs.codeql-make-bootstrap }} + build-cmd: ${{ inputs.codeql-build-cmd }} + build-mode: ${{ inputs.codeql-build-mode }} secrets: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} PAT: ${{ secrets.PAT }} @@ -135,9 +178,10 @@ jobs: uses: ./.github/workflows/goTest.yml if: inputs.run-test with: + runs-on: ${{ inputs.test-runs-on || inputs.runs-on || 'ubuntu-latest' }} goprivate: ${{ inputs.goprivate }} only-latest-golang: ${{ inputs.only-latest-golang }} - os-dependencies: ${{ inputs.os-dependencies }} + os-dependencies: ${{ inputs.test-os-dependencies || inputs.os-dependencies || '' }} run-codecov: ${{ inputs.run-codecov }} setup-bats: ${{ inputs.setup-bats }} test-command: ${{ inputs.test-command }} @@ -150,10 +194,11 @@ jobs: uses: ./.github/workflows/goBuild.yml if: inputs.run-build with: + runs-on: ${{ inputs.build-runs-on || inputs.runs-on || 'ubuntu-latest' }} build-command: ${{ inputs.build-command }} goprivate: ${{ inputs.goprivate }} only-latest-golang: ${{ inputs.only-latest-golang }} - os-dependencies: ${{ inputs.os-dependencies }} + os-dependencies: ${{ inputs.build-os-dependencies || inputs.os-dependencies || '' }} secrets: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} PAT: ${{ secrets.PAT }} diff --git a/.github/workflows/goLint.yml b/.github/workflows/goLint.yml index 4e79ec5..b08fcb2 100644 --- a/.github/workflows/goLint.yml +++ b/.github/workflows/goLint.yml @@ -1,6 +1,10 @@ on: workflow_call: inputs: + runs-on: + required: false + type: string + default: ubuntu-latest os-dependencies: required: false type: string @@ -32,19 +36,36 @@ on: jobs: lint: - runs-on: ubuntu-latest + runs-on: ${{ inputs.runs-on }} env: GOPRIVATE: ${{ inputs.goprivate }} steps: - name: Install Dependencies # Some dependencies require this package if: ${{ inputs.os-dependencies != '' }} + shell: bash env: OS_DEPS: ${{ inputs.os-dependencies }} run: | - sudo apt-get update - # shellcheck disable=SC2086 - sudo apt-get install ${OS_DEPS} + case "${RUNNER_OS}" in + Linux) + sudo apt-get update + # shellcheck disable=SC2086 + sudo apt-get install -y ${OS_DEPS} + ;; + macOS) + # shellcheck disable=SC2086 + brew install ${OS_DEPS} + ;; + Windows) + # shellcheck disable=SC2086 + choco install -y ${OS_DEPS} + ;; + *) + echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2 + exit 1 + ;; + esac - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -57,6 +78,8 @@ jobs: with: go-version-file: go.mod check-latest: true + cache: true + cache-dependency-path: '**/go.sum' - name: Setup SSH key for private dependencies uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 @@ -69,6 +92,7 @@ jobs: - name: Configure Linter if: ${{ hashFiles('.golangci.yml', '.golangci.yaml', '.golangci.toml', '.golangci.json') == '' }} + shell: bash run: | curl -O https://raw.githubusercontent.com/smallstep/workflows/main/.golangci.yml - @@ -94,9 +118,10 @@ jobs: - name: Run go generate if: ( success() || failure() ) && !inputs.skip-go-generate + shell: bash run: | # delete all go-generated files (that adhere to the comment convention); protobuf code is excluded, because its output is (currently) not fully controlled by tools.go - git ls-files -z | grep --include \*.go --exclude \*.pb.go -lrIZ "^// Code generated .* DO NOT EDIT\.$" | tr '\0' '\n' | xargs rm -f + git grep -l "^// Code generated .* DO NOT EDIT\.$" -- '*.go' ':!*.pb.go' | xargs rm -f # now generate everything go generate ./... # check if any files were changed diff --git a/.github/workflows/goTest.yml b/.github/workflows/goTest.yml index bbf32f0..19dc880 100644 --- a/.github/workflows/goTest.yml +++ b/.github/workflows/goTest.yml @@ -1,6 +1,10 @@ on: workflow_call: inputs: + runs-on: + required: false + type: string + default: ubuntu-latest goprivate: required: false type: string @@ -61,7 +65,7 @@ jobs: test: needs: set-go-matrix - runs-on: ubuntu-latest + runs-on: ${{ inputs.runs-on }} env: GOPRIVATE: ${{ inputs.goprivate }} strategy: @@ -70,12 +74,29 @@ jobs: - name: Install Dependencies if: inputs.os-dependencies != '' + shell: bash env: OS_DEPS: ${{ inputs.os-dependencies }} run: | - sudo apt-get update - # shellcheck disable=SC2086 - sudo apt-get install ${OS_DEPS} + case "${RUNNER_OS}" in + Linux) + sudo apt-get update + # shellcheck disable=SC2086 + sudo apt-get install -y ${OS_DEPS} + ;; + macOS) + # shellcheck disable=SC2086 + brew install ${OS_DEPS} + ;; + Windows) + # shellcheck disable=SC2086 + choco install -y ${OS_DEPS} + ;; + *) + echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2 + exit 1 + ;; + esac - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -84,37 +105,20 @@ jobs: ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Reconfigure for Git go.step.sm + if: env.PAT != '' env: PAT: ${{ secrets.PAT }} - if: env.PAT != '' run: | git config --global url.https://${{ secrets.PAT }}@github.com/.insteadOf git+ssh://git@github.com git config --global url.git@github.com:.insteadOf https://github.com/ - name: Setup Go - id: setup-go uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: ${{ matrix.go }} check-latest: true cache: true - - - name: chmod cache dir - if: steps.setup-go.outputs.cache-hit == 'true' - run: | - chmod -R 0755 \ - ~/.cache/go-build \ - ~/go/pkg/mod || true - - - name: Action Cache - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 - with: - path: | - ~/.cache/go-build - ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- + cache-dependency-path: '**/go.sum' - name: Setup SSH key for private dependencies uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0 @@ -126,10 +130,10 @@ jobs: ${{ secrets.SSH_PRIVATE_KEY }} - name: Install gotestsum + shell: bash env: GOTESTSUM_VERSION: ${{ inputs.gotestsum-version }} - run: | - go install "gotest.tools/gotestsum@v${GOTESTSUM_VERSION}" + run: go install "gotest.tools/gotestsum@v${GOTESTSUM_VERSION}" - name: Setup BATS if: inputs.setup-bats @@ -138,6 +142,7 @@ jobs: bats-version: 1.9.0 - name: Run Test Suite + shell: bash env: TEST_CMD: ${{ inputs.test-command }} GOTESTSUM_JSONFILE: gotestsum.json diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 7e445af..65c96cc 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -1,6 +1,10 @@ on: workflow_call: inputs: + runs-on: + required: false + type: string + default: ubuntu-latest os-dependencies: required: false type: string @@ -16,19 +20,36 @@ on: jobs: govulncheck: - runs-on: ubuntu-latest + runs-on: ${{ inputs.runs-on }} env: GOPRIVATE: ${{ inputs.goprivate }} steps: - name: Install Dependencies # Some dependencies require this package if: ${{ inputs.os-dependencies != '' }} + shell: bash env: OS_DEPS: ${{ inputs.os-dependencies }} run: | - sudo apt-get update - # shellcheck disable=SC2086 - sudo apt-get install ${OS_DEPS} + case "${RUNNER_OS}" in + Linux) + sudo apt-get update + # shellcheck disable=SC2086 + sudo apt-get install -y ${OS_DEPS} + ;; + macOS) + # shellcheck disable=SC2086 + brew install ${OS_DEPS} + ;; + Windows) + # shellcheck disable=SC2086 + choco install -y ${OS_DEPS} + ;; + *) + echo "unsupported RUNNER_OS=${RUNNER_OS}" >&2 + exit 1 + ;; + esac - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -50,6 +71,7 @@ jobs: go-version: 'stable' check-latest: true cache: true + cache-dependency-path: '**/go.sum' - name: Setup SSH key for private dependencies uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 # v0.10.0