diff --git a/.github/workflows/knative-go-build.yaml b/.github/workflows/knative-go-build.yaml index b377c975..eebce78d 100644 --- a/.github/workflows/knative-go-build.yaml +++ b/.github/workflows/knative-go-build.yaml @@ -22,44 +22,5 @@ on: branches: [ 'main', 'master', 'release-*' ] jobs: - build: - name: Build - strategy: - matrix: - go-version: [1.17.x] - platform: [ubuntu-latest] - - runs-on: ${{ matrix.platform }} - - steps: - - - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - id: go - - - name: Check out code - uses: actions/checkout@v2 - - - id: go_mod - uses: andstor/file-existence-action@v1 - with: - files: go.mod - - - name: Build - if: ${{ steps.go_mod.outputs.files_exists == 'true' }} - run: | - tags="$(grep -I -r '// +build' . | \ - grep -v '^./vendor/' | \ - grep -v '^./hack/' | \ - grep -v '^./third_party' | \ - cut -f3 -d' ' | \ - tr ',' '\n' | \ - sort | uniq | \ - grep -v '^!' | \ - tr '\n' ' ')" - - echo "Building with tags: ${tags}" - go test -vet=off -tags "${tags}" -exec echo ./... + uses: knative/actions/.github/workflows/go-build.yaml@main \ No newline at end of file diff --git a/.github/workflows/knative-go-test.yaml b/.github/workflows/knative-go-test.yaml index 8c531a63..b47d1211 100644 --- a/.github/workflows/knative-go-test.yaml +++ b/.github/workflows/knative-go-test.yaml @@ -18,64 +18,9 @@ name: Test on: - - push: - branches: [ 'main', 'master' ] - pull_request: branches: [ 'main', 'master', 'release-*' ] jobs: - test: - name: Unit Tests - strategy: - matrix: - go-version: [1.17.x] - platform: [ubuntu-latest] - - runs-on: ${{ matrix.platform }} - - steps: - - - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go-version }} - id: go - - - name: Check out code - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Merge upstream - if: github.event_name == 'pull_request' - run: | - if ! git config user.name > /dev/null; then - git config user.name "John Doe" - fi - if ! git config user.email > /dev/null; then - git config user.email "johndoe@localhost" - fi - git remote add upstream https://github.com/${{ github.repository }}.git - git fetch upstream ${{ github.base_ref }} - git pull --no-rebase --no-commit upstream ${{ github.base_ref }} - shell: bash - - - name: Check for .codecov.yaml - id: codecov-enabled - uses: andstor/file-existence-action@v1 - with: - files: .codecov.yaml - - - if: steps.codecov-enabled.outputs.files_exists == 'true' - name: Produce Go Coverage - run: echo 'COVER_OPTS=-coverprofile=coverage.txt -covermode=atomic' >> $GITHUB_ENV - - - name: Test - run: go test -race $COVER_OPTS ./... - - - if: steps.codecov-enabled.outputs.files_exists == 'true' - name: Codecov - uses: codecov/codecov-action@v1 + uses: knative/actions/.github/workflows/go-test.yaml@main diff --git a/.github/workflows/knative-releasability.yaml b/.github/workflows/knative-releasability.yaml index 93f29da3..f0c71557 100644 --- a/.github/workflows/knative-releasability.yaml +++ b/.github/workflows/knative-releasability.yaml @@ -25,139 +25,20 @@ on: inputs: releaseFamily: description: 'Release? (vX.Y)' + required: false moduleReleaseFamily: description: 'Module Release? (vX.Y)' + required: false slackChannel: description: 'Slack Channel? (release-#)' + required: false jobs: releasability: - name: Releasability - runs-on: 'ubuntu-latest' - - env: - ######################################### - # Update this section each release. # - RELEASE: 'v1.3' - MODULE_RELEASE: 'v0.30' - SLACK_CHANNEL: 'release-1dot3' - ######################################### - - steps: - - name: Defaults - run: | - # If manual trigger sent releaseFamily, moduleReleaseFamily and slackChannel, then override them - if [[ "${{ github.event.inputs.releaseFamily }}" != "" ]]; then - echo "RELEASE=${{ github.event.inputs.releaseFamily }}" >> $GITHUB_ENV - fi - if [[ "${{ github.event.inputs.moduleReleaseFamily }}" != "" ]]; then - echo "MODULE_RELEASE=${{ github.event.inputs.moduleReleaseFamily }}" >> $GITHUB_ENV - fi - if [[ "${{ github.event.inputs.slackChannel }}" != "" ]]; then - echo "SLACK_CHANNEL=${{ github.event.inputs.slackChannel }}" >> $GITHUB_ENV - fi - if [[ "${{ secrets.SLACK_WEBHOOK }}" != "" ]]; then - echo "SLACK_WEBHOOK=exists" >> $GITHUB_ENV - fi - - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.17.x - - - name: Install Dependencies - run: go install knative.dev/test-infra/buoy@main - - - name: Check out code - uses: actions/checkout@v2 - - - name: Exists - id: exists - run: | - EXISTS=0 - buoy exists go.mod --release ${RELEASE} --module-release ${MODULE_RELEASE} --verbose || EXISTS=$? - if [[ "$EXISTS" -eq "0" ]]; then - EXISTS=true - else - EXISTS=false - fi - echo ::set-output name=release-branch::${EXISTS} - - - name: Check - if: steps.exists.outputs.release-branch == 'false' - run: | - # The following pushes the stdout of buoy into $CHECK_MESSAGE - CHECK=0 - echo 'CHECK_MESSAGE<> $GITHUB_ENV - buoy check go.mod --release ${RELEASE} --module-release ${MODULE_RELEASE} --domain knative.dev --verbose >> $GITHUB_ENV 2>&1 || CHECK=$? - echo 'EOF' >> $GITHUB_ENV - - # We just captured the return code of the buoy call, test it to see - # if we should continue validating. The next steps short circuit if - # we already know we are not ready for a release. - if [[ "$CHECK" -eq "0" ]]; then - echo 'current=true' >> $GITHUB_ENV - else - echo 'current=false' >> $GITHUB_ENV - fi - - - name: Upgrade - if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' - run: | - # if update deps returns un-successful, then mark current to false. - if ! ./hack/update-deps.sh --release ${RELEASE} --module-release ${MODULE_RELEASE} --upgrade; then - echo "VERIFY_MESSAGE=Unable to update deps for ${{ github.repository }}." >> $GITHUB_ENV - echo 'current=false' >> $GITHUB_ENV - fi - - - name: Verify - if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' - run: | - # If we don't run `git status` before the "git diff-index" it seems - # to list every file that's been touched by codegen. - git status - - CHANGED="$(git diff-index --name-only HEAD --)" - - # If we see no changes after the upgrade, then we are up to date. - if [[ "$CHANGED" == "" ]]; then - echo "VERIFY_MESSAGE=${{ github.repository }} up to date." >> $GITHUB_ENV - else - echo "VERIFY_MESSAGE=${{ github.repository }} is out of date." >> $GITHUB_ENV - echo "The following files are changed: $CHANGED" - echo 'current=false' >> $GITHUB_ENV - fi - - - name: Status GO - if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' - run: | - echo 'SLACK_COLOR=#098e00' >> $GITHUB_ENV - echo 'SLACK_TITLE=Releasability for ${{ github.repository }} @ ${{ env.RELEASE }} is GO!' >> $GITHUB_ENV - - - name: Status NO-GO - if: steps.exists.outputs.release-branch == 'false' && env.current == 'false' - run: | - echo 'SLACK_COLOR=#8E1600' >> $GITHUB_ENV - echo 'SLACK_TITLE=Releasability for ${{ github.repository }} @ ${{ env.RELEASE }} is NO-GO!' >> $GITHUB_ENV - - - name: Post status to Slack - # Note: using env.SLACK_WEBHOOK here because secrets are not allowed in the if block. - if: env.SLACK_WEBHOOK != '' && steps.exists.outputs.release-branch == 'false' - uses: rtCamp/action-slack-notify@v2.1.0 - env: - SLACK_ICON: http://github.com/knative.png?size=48 - SLACK_USERNAME: github-actions - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} - MSG_MINIMAL: 'true' - SLACK_MESSAGE: | - ${{ env.CHECK_MESSAGE }} - ${{ env.VERIFY_MESSAGE }} - For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} - - - name: Fail if NO-GO - if: steps.exists.outputs.release-branch == 'false' && env.current == 'false' - run: | - # When we have figured out that things are NO-GO, we intentionally fail the job - # so that the status badge shows up red and we can use the badges to create a - # releasability dashboard for all of the repos. - exit 1 + uses: knative/actions/.github/workflows/releasability.yaml@main + with: + releaseFamily: ${{ github.event.inputs.releaseFamily }} + moduleReleaseFamily: ${{ github.event.inputs.moduleReleaseFamily }} + slackChannel: ${{ github.event.inputs.slackChannel }} + secrets: + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} diff --git a/.github/workflows/knative-release-notes.yaml b/.github/workflows/knative-release-notes.yaml index 5b011ba2..ac5465d8 100644 --- a/.github/workflows/knative-release-notes.yaml +++ b/.github/workflows/knative-release-notes.yaml @@ -26,79 +26,15 @@ on: default: 'main' start-rev: description: 'Start Tag (defaults to merge-base(branch, prev-branch))' + required: false end-rev: description: 'End Tag (defaults to HEAD of the target branch)' + required: false jobs: release-notes: - name: Release Notes - runs-on: 'ubuntu-latest' - - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - steps: - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.17.x - - - name: Install Dependencies - # https://github.com/kubernetes/release/tree/master/cmd/release-notes - run: go install k8s.io/release/cmd/release-notes@latest - - - name: Check out code - uses: actions/checkout@v2 - with: - # fetch-depth of 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Generate Notes - run: | - set -x - # The release-notes tool access ENV vars as options - # https://github.com/kubernetes/release/tree/master/cmd/release-notes#options - - export ORG=$(echo '${{ github.repository }}' | awk -F '/' '{print $1}') - export REPO=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}') - export BRANCH="${{ github.event.inputs.branch }}" - - export START_REV=${{ github.event.inputs.start-rev }} - export END_REV=${{ github.event.inputs.end-rev }} - - if [[ -z "$END_REV" ]]; then - END_REV="origin/$BRANCH" - fi - - # If start rev isn't set find the merge base of - # the target branch and the previous branch - if [[ -z "$START_REV" ]]; then - BRANCHES=$(mktemp) - # List of branches sorted by semver descending - git branch -r -l "origin/release-[0-9]*\.[0-9]*" | sed 's/ //g' | sort -Vr > "$BRANCHES" - - if [[ "$BRANCH" == "main" ]]; then - LAST_BRANCH="$(head -n1 "$BRANCHES")" - else - # use grep magic to find the next branch - # '-A 1' - prints the line after the match which we can parse - LAST_BRANCH="$(grep -A 1 "$BRANCH" "$BRANCHES" | tail -n1)" - fi - - export START_SHA=$(git merge-base $LAST_BRANCH origin/$BRANCH) - fi - - release-notes \ - --required-author="" \ - --output=release-notes.md \ - --repo-path="$PWD" \ - - - name: Display Notes - run: | - cat release-notes.md - - - name: Archive Release Notes - uses: actions/upload-artifact@v2 - with: - name: release-notes.md - path: release-notes.md + uses: knative/actions/.github/workflows/release-notes.yaml@main + with: + branch: ${{ github.event.inputs.branch }} + start-rev: ${{ github.event.inputs.start-rev }} + end-rev: ${{ github.event.inputs.end-rev }} diff --git a/.github/workflows/knative-security.yaml b/.github/workflows/knative-security.yaml index 9f7bb3ed..d3df6a5a 100644 --- a/.github/workflows/knative-security.yaml +++ b/.github/workflows/knative-security.yaml @@ -26,31 +26,4 @@ on: jobs: analyze: - name: Analyze - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: go - - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 - - - name: Find Unicode Control Characters - uses: pierdipi/unicode-control-characters-action@v0.1.1 - with: - args: -d . - + uses: knative/actions/.github/workflows/security.yaml@main diff --git a/.github/workflows/knative-stale.yaml b/.github/workflows/knative-stale.yaml index 899890a3..b5ac7437 100644 --- a/.github/workflows/knative-stale.yaml +++ b/.github/workflows/knative-stale.yaml @@ -22,28 +22,6 @@ on: - cron: '0 1 * * *' jobs: + stale: - runs-on: 'ubuntu-latest' - steps: - - uses: 'actions/stale@v3' - with: - repo-token: '${{ secrets.GITHUB_TOKEN }}' # No need to setup - - stale-issue-message: |- - This issue is stale because it has been open for 90 days with no - activity. It will automatically close after 30 more days of - inactivity. Reopen the issue with `/reopen`. Mark the issue as - fresh by adding the comment `/remove-lifecycle stale`. - stale-issue-label: 'lifecycle/stale' - exempt-issue-labels: 'lifecycle/frozen,triage/accepted' - - stale-pr-message: |- - This Pull Request is stale because it has been open for 90 days with - no activity. It will automatically close after 30 more days of - inactivity. Reopen with `/reopen`. Mark as fresh by adding the - comment `/remove-lifecycle stale`. - stale-pr-label: 'lifecycle/stale' - exempt-pr-labels: 'lifecycle/frozen' - - days-before-stale: 90 - days-before-close: 30 + uses: knative/actions/.github/workflows/stale.yaml@main diff --git a/.github/workflows/knative-style.yaml b/.github/workflows/knative-style.yaml index 545602ce..c2952087 100644 --- a/.github/workflows/knative-style.yaml +++ b/.github/workflows/knative-style.yaml @@ -23,242 +23,5 @@ on: jobs: - autoformat: - name: Auto-format and Check - runs-on: ubuntu-latest - strategy: - fail-fast: false # Keep running if one leg fails. - matrix: - tool: - - goimports - - gofmt - - include: - - tool: gofmt - options: -s - - tool: goimports - package: golang.org/x/tools/cmd/goimports@latest - - steps: - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.17.x - id: go - - - name: Check out code - uses: actions/checkout@v2 - - - name: Install Dependencies - if: ${{ matrix.package != '' }} - run: | - cd $(mktemp -d) - go install ${{ matrix.package }} - - - name: ${{ matrix.tool }} ${{ matrix.options }} - shell: bash - run: > - ${{ matrix.tool }} ${{ matrix.options }} -w - $(find . - -path './vendor' -prune - -o -path './third_party' -prune - -o -name '*.pb.go' -prune - -o -name 'wire_gen.go' -prune - -o -type f -name '*.go' -print) - - - name: Verify ${{ matrix.tool }} - shell: bash - run: | - # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ - # This is to leverage this workaround: - # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 - function urlencode() { - sed ':begin;$!N;s/\n/%0A/;tbegin' - } - if [[ $(git diff-index --name-only HEAD --) ]]; then - for x in $(git diff-index --name-only HEAD --); do - echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)" - done - echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}." - exit 1 - fi - echo "${{ github.repository }} is formatted correctly." - - lint: - name: Lint - runs-on: ubuntu-latest - - steps: - - name: Set up Go - uses: actions/setup-go@v2 - with: - go-version: 1.17.x - id: go - - - name: Check out code - uses: actions/checkout@v2 - - - id: golangci_configuration - uses: andstor/file-existence-action@v1 - with: - files: .golangci.yaml - - name: Go Lint - if: steps.golangci_configuration.outputs.files_exists == 'true' - uses: golangci/golangci-lint-action@v2 - with: - version: v1.43 - - - name: Install Tools - if: ${{ always() }} - env: - WOKE_VERSION: v0.13.0 - run: | - TEMP_PATH="$(mktemp -d)" - cd $TEMP_PATH - - echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' - curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 - echo '::endgroup::' - - echo '::group:: Installing misspell ... https://github.com/client9/misspell' - curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 - echo '::endgroup::' - - echo '::group:: Installing woke ... https://github.com/get-woke/woke' - curl -sfL https://raw.githubusercontent.com/get-woke/woke/main/install.sh | sh -s -- -b "${TEMP_PATH}" "${WOKE_VERSION}" 2>&1 - echo '::endgroup::' - - echo "${TEMP_PATH}" >> $GITHUB_PATH - - - name: misspell - shell: bash - if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - echo '::group:: Running github.com/client9/misspell with reviewdog 🐶 ...' - # Don't fail because of misspell - set +o pipefail - # Exclude generated and vendored files, plus some legacy - # paths until we update all .gitattributes - git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git)' | - grep -v '\.svg$' | - xargs misspell -i importas -error | - reviewdog -efm="%f:%l:%c: %m" \ - -name="github.com/client9/misspell" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - - echo '::endgroup::' - - - name: trailing whitespace - shell: bash - if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' - # Don't fail because of grep - set +o pipefail - - # Exclude generated and vendored files, plus some legacy - # paths until we update all .gitattributes - git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git)' | - grep -v '\.svg$' | - xargs grep -nE " +$" | - reviewdog -efm="%f:%l:%m" \ - -name="trailing whitespace" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - - echo '::endgroup::' - - - name: EOF newline - shell: bash - if: ${{ always() }} - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' - # Don't fail because of misspell - set +o pipefail - # Lint exclude rule: - # - nothing in vendor/ - # - nothing in third_party - # - nothing in .git/ - # - no *.ai (Adobe Illustrator) files. - LINT_FILES=$(git ls-files | - git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | - git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | - grep -Ev '^(vendor/|third_party/|.git)' | - grep -v '\.ai$' | - grep -v '\.svg$') - - for x in $LINT_FILES; do - # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file - if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then - # We add 1 to `wc -l` here because of this limitation (from the man page): - # Characters beyond the final character will not be included in the line count. - echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline - fi - done | - reviewdog -efm="%f:%l: %m" \ - -name="EOF Newline" \ - -reporter="github-pr-check" \ - -filter-mode="added" \ - -fail-on-error="true" \ - -level="error" - - echo '::endgroup::' - - # This is mostly copied from https://github.com/get-woke/woke-action-reviewdog/blob/main/entrypoint.sh - # since their action is not yet released under a stable version. - - name: Language - if: ${{ always() && github.event_name == 'pull_request' }} - shell: bash - env: - REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} - run: | - set -e - cd "${GITHUB_WORKSPACE}" || exit 1 - - # Create a minimal .wokeignore if none already exist. - if [ ! -f .wokeignore ]; then - cat > .wokeignore <