diff --git a/.github/workflows/knative-go-build.yaml b/.github/workflows/knative-go-build.yaml index eebce78dd..b377c975a 100644 --- a/.github/workflows/knative-go-build.yaml +++ b/.github/workflows/knative-go-build.yaml @@ -22,5 +22,44 @@ on: branches: [ 'main', 'master', 'release-*' ] jobs: + build: - uses: knative/actions/.github/workflows/go-build.yaml@main \ No newline at end of file + name: Build + strategy: + matrix: + go-version: [1.17.x] + platform: [ubuntu-latest] + + runs-on: ${{ matrix.platform }} + + steps: + + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - id: go_mod + uses: andstor/file-existence-action@v1 + with: + files: go.mod + + - name: Build + if: ${{ steps.go_mod.outputs.files_exists == 'true' }} + run: | + tags="$(grep -I -r '// +build' . | \ + grep -v '^./vendor/' | \ + grep -v '^./hack/' | \ + grep -v '^./third_party' | \ + cut -f3 -d' ' | \ + tr ',' '\n' | \ + sort | uniq | \ + grep -v '^!' | \ + tr '\n' ' ')" + + echo "Building with tags: ${tags}" + go test -vet=off -tags "${tags}" -exec echo ./... diff --git a/.github/workflows/knative-go-test.yaml b/.github/workflows/knative-go-test.yaml index b47d1211a..8c531a631 100644 --- a/.github/workflows/knative-go-test.yaml +++ b/.github/workflows/knative-go-test.yaml @@ -18,9 +18,64 @@ name: Test on: + + push: + branches: [ 'main', 'master' ] + pull_request: branches: [ 'main', 'master', 'release-*' ] jobs: + test: - uses: knative/actions/.github/workflows/go-test.yaml@main + name: Unit Tests + strategy: + matrix: + go-version: [1.17.x] + platform: [ubuntu-latest] + + runs-on: ${{ matrix.platform }} + + steps: + + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + id: go + + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Merge upstream + if: github.event_name == 'pull_request' + run: | + if ! git config user.name > /dev/null; then + git config user.name "John Doe" + fi + if ! git config user.email > /dev/null; then + git config user.email "johndoe@localhost" + fi + git remote add upstream https://github.com/${{ github.repository }}.git + git fetch upstream ${{ github.base_ref }} + git pull --no-rebase --no-commit upstream ${{ github.base_ref }} + shell: bash + + - name: Check for .codecov.yaml + id: codecov-enabled + uses: andstor/file-existence-action@v1 + with: + files: .codecov.yaml + + - if: steps.codecov-enabled.outputs.files_exists == 'true' + name: Produce Go Coverage + run: echo 'COVER_OPTS=-coverprofile=coverage.txt -covermode=atomic' >> $GITHUB_ENV + + - name: Test + run: go test -race $COVER_OPTS ./... + + - if: steps.codecov-enabled.outputs.files_exists == 'true' + name: Codecov + uses: codecov/codecov-action@v1 diff --git a/.github/workflows/knative-releasability.yaml b/.github/workflows/knative-releasability.yaml index f0c71557c..93f29da3d 100644 --- a/.github/workflows/knative-releasability.yaml +++ b/.github/workflows/knative-releasability.yaml @@ -25,20 +25,139 @@ on: inputs: releaseFamily: description: 'Release? (vX.Y)' - required: false moduleReleaseFamily: description: 'Module Release? (vX.Y)' - required: false slackChannel: description: 'Slack Channel? (release-#)' - required: false jobs: releasability: - uses: knative/actions/.github/workflows/releasability.yaml@main - with: - releaseFamily: ${{ github.event.inputs.releaseFamily }} - moduleReleaseFamily: ${{ github.event.inputs.moduleReleaseFamily }} - slackChannel: ${{ github.event.inputs.slackChannel }} - secrets: - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + name: Releasability + runs-on: 'ubuntu-latest' + + env: + ######################################### + # Update this section each release. # + RELEASE: 'v1.3' + MODULE_RELEASE: 'v0.30' + SLACK_CHANNEL: 'release-1dot3' + ######################################### + + steps: + - name: Defaults + run: | + # If manual trigger sent releaseFamily, moduleReleaseFamily and slackChannel, then override them + if [[ "${{ github.event.inputs.releaseFamily }}" != "" ]]; then + echo "RELEASE=${{ github.event.inputs.releaseFamily }}" >> $GITHUB_ENV + fi + if [[ "${{ github.event.inputs.moduleReleaseFamily }}" != "" ]]; then + echo "MODULE_RELEASE=${{ github.event.inputs.moduleReleaseFamily }}" >> $GITHUB_ENV + fi + if [[ "${{ github.event.inputs.slackChannel }}" != "" ]]; then + echo "SLACK_CHANNEL=${{ github.event.inputs.slackChannel }}" >> $GITHUB_ENV + fi + if [[ "${{ secrets.SLACK_WEBHOOK }}" != "" ]]; then + echo "SLACK_WEBHOOK=exists" >> $GITHUB_ENV + fi + + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.17.x + + - name: Install Dependencies + run: go install knative.dev/test-infra/buoy@main + + - name: Check out code + uses: actions/checkout@v2 + + - name: Exists + id: exists + run: | + EXISTS=0 + buoy exists go.mod --release ${RELEASE} --module-release ${MODULE_RELEASE} --verbose || EXISTS=$? + if [[ "$EXISTS" -eq "0" ]]; then + EXISTS=true + else + EXISTS=false + fi + echo ::set-output name=release-branch::${EXISTS} + + - name: Check + if: steps.exists.outputs.release-branch == 'false' + run: | + # The following pushes the stdout of buoy into $CHECK_MESSAGE + CHECK=0 + echo 'CHECK_MESSAGE<> $GITHUB_ENV + buoy check go.mod --release ${RELEASE} --module-release ${MODULE_RELEASE} --domain knative.dev --verbose >> $GITHUB_ENV 2>&1 || CHECK=$? + echo 'EOF' >> $GITHUB_ENV + + # We just captured the return code of the buoy call, test it to see + # if we should continue validating. The next steps short circuit if + # we already know we are not ready for a release. + if [[ "$CHECK" -eq "0" ]]; then + echo 'current=true' >> $GITHUB_ENV + else + echo 'current=false' >> $GITHUB_ENV + fi + + - name: Upgrade + if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' + run: | + # if update deps returns un-successful, then mark current to false. + if ! ./hack/update-deps.sh --release ${RELEASE} --module-release ${MODULE_RELEASE} --upgrade; then + echo "VERIFY_MESSAGE=Unable to update deps for ${{ github.repository }}." >> $GITHUB_ENV + echo 'current=false' >> $GITHUB_ENV + fi + + - name: Verify + if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' + run: | + # If we don't run `git status` before the "git diff-index" it seems + # to list every file that's been touched by codegen. + git status + + CHANGED="$(git diff-index --name-only HEAD --)" + + # If we see no changes after the upgrade, then we are up to date. + if [[ "$CHANGED" == "" ]]; then + echo "VERIFY_MESSAGE=${{ github.repository }} up to date." >> $GITHUB_ENV + else + echo "VERIFY_MESSAGE=${{ github.repository }} is out of date." >> $GITHUB_ENV + echo "The following files are changed: $CHANGED" + echo 'current=false' >> $GITHUB_ENV + fi + + - name: Status GO + if: steps.exists.outputs.release-branch == 'false' && env.current == 'true' + run: | + echo 'SLACK_COLOR=#098e00' >> $GITHUB_ENV + echo 'SLACK_TITLE=Releasability for ${{ github.repository }} @ ${{ env.RELEASE }} is GO!' >> $GITHUB_ENV + + - name: Status NO-GO + if: steps.exists.outputs.release-branch == 'false' && env.current == 'false' + run: | + echo 'SLACK_COLOR=#8E1600' >> $GITHUB_ENV + echo 'SLACK_TITLE=Releasability for ${{ github.repository }} @ ${{ env.RELEASE }} is NO-GO!' >> $GITHUB_ENV + + - name: Post status to Slack + # Note: using env.SLACK_WEBHOOK here because secrets are not allowed in the if block. + if: env.SLACK_WEBHOOK != '' && steps.exists.outputs.release-branch == 'false' + uses: rtCamp/action-slack-notify@v2.1.0 + env: + SLACK_ICON: http://github.com/knative.png?size=48 + SLACK_USERNAME: github-actions + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + MSG_MINIMAL: 'true' + SLACK_MESSAGE: | + ${{ env.CHECK_MESSAGE }} + ${{ env.VERIFY_MESSAGE }} + For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} + + - name: Fail if NO-GO + if: steps.exists.outputs.release-branch == 'false' && env.current == 'false' + run: | + # When we have figured out that things are NO-GO, we intentionally fail the job + # so that the status badge shows up red and we can use the badges to create a + # releasability dashboard for all of the repos. + exit 1 diff --git a/.github/workflows/knative-release-notes.yaml b/.github/workflows/knative-release-notes.yaml index ac5465d8a..5b011ba2a 100644 --- a/.github/workflows/knative-release-notes.yaml +++ b/.github/workflows/knative-release-notes.yaml @@ -26,15 +26,79 @@ on: default: 'main' start-rev: description: 'Start Tag (defaults to merge-base(branch, prev-branch))' - required: false end-rev: description: 'End Tag (defaults to HEAD of the target branch)' - required: false jobs: release-notes: - uses: knative/actions/.github/workflows/release-notes.yaml@main - with: - branch: ${{ github.event.inputs.branch }} - start-rev: ${{ github.event.inputs.start-rev }} - end-rev: ${{ github.event.inputs.end-rev }} + name: Release Notes + runs-on: 'ubuntu-latest' + + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + steps: + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.17.x + + - name: Install Dependencies + # https://github.com/kubernetes/release/tree/master/cmd/release-notes + run: go install k8s.io/release/cmd/release-notes@latest + + - name: Check out code + uses: actions/checkout@v2 + with: + # fetch-depth of 0 indicates all history for all branches and tags. + fetch-depth: 0 + + - name: Generate Notes + run: | + set -x + # The release-notes tool access ENV vars as options + # https://github.com/kubernetes/release/tree/master/cmd/release-notes#options + + export ORG=$(echo '${{ github.repository }}' | awk -F '/' '{print $1}') + export REPO=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}') + export BRANCH="${{ github.event.inputs.branch }}" + + export START_REV=${{ github.event.inputs.start-rev }} + export END_REV=${{ github.event.inputs.end-rev }} + + if [[ -z "$END_REV" ]]; then + END_REV="origin/$BRANCH" + fi + + # If start rev isn't set find the merge base of + # the target branch and the previous branch + if [[ -z "$START_REV" ]]; then + BRANCHES=$(mktemp) + # List of branches sorted by semver descending + git branch -r -l "origin/release-[0-9]*\.[0-9]*" | sed 's/ //g' | sort -Vr > "$BRANCHES" + + if [[ "$BRANCH" == "main" ]]; then + LAST_BRANCH="$(head -n1 "$BRANCHES")" + else + # use grep magic to find the next branch + # '-A 1' - prints the line after the match which we can parse + LAST_BRANCH="$(grep -A 1 "$BRANCH" "$BRANCHES" | tail -n1)" + fi + + export START_SHA=$(git merge-base $LAST_BRANCH origin/$BRANCH) + fi + + release-notes \ + --required-author="" \ + --output=release-notes.md \ + --repo-path="$PWD" \ + + - name: Display Notes + run: | + cat release-notes.md + + - name: Archive Release Notes + uses: actions/upload-artifact@v2 + with: + name: release-notes.md + path: release-notes.md diff --git a/.github/workflows/knative-security.yaml b/.github/workflows/knative-security.yaml index d3df6a5ab..9f7bb3eda 100644 --- a/.github/workflows/knative-security.yaml +++ b/.github/workflows/knative-security.yaml @@ -26,4 +26,31 @@ on: jobs: analyze: - uses: knative/actions/.github/workflows/security.yaml@main + name: Analyze + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: go + + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 + + - name: Find Unicode Control Characters + uses: pierdipi/unicode-control-characters-action@v0.1.1 + with: + args: -d . + diff --git a/.github/workflows/knative-stale.yaml b/.github/workflows/knative-stale.yaml index b5ac74375..899890a35 100644 --- a/.github/workflows/knative-stale.yaml +++ b/.github/workflows/knative-stale.yaml @@ -22,6 +22,28 @@ on: - cron: '0 1 * * *' jobs: - stale: - uses: knative/actions/.github/workflows/stale.yaml@main + runs-on: 'ubuntu-latest' + steps: + - uses: 'actions/stale@v3' + with: + repo-token: '${{ secrets.GITHUB_TOKEN }}' # No need to setup + + stale-issue-message: |- + This issue is stale because it has been open for 90 days with no + activity. It will automatically close after 30 more days of + inactivity. Reopen the issue with `/reopen`. Mark the issue as + fresh by adding the comment `/remove-lifecycle stale`. + stale-issue-label: 'lifecycle/stale' + exempt-issue-labels: 'lifecycle/frozen,triage/accepted' + + stale-pr-message: |- + This Pull Request is stale because it has been open for 90 days with + no activity. It will automatically close after 30 more days of + inactivity. Reopen with `/reopen`. Mark as fresh by adding the + comment `/remove-lifecycle stale`. + stale-pr-label: 'lifecycle/stale' + exempt-pr-labels: 'lifecycle/frozen' + + days-before-stale: 90 + days-before-close: 30 diff --git a/.github/workflows/knative-style.yaml b/.github/workflows/knative-style.yaml index c2952087e..545602ce3 100644 --- a/.github/workflows/knative-style.yaml +++ b/.github/workflows/knative-style.yaml @@ -23,5 +23,242 @@ on: jobs: - style: - uses: knative/actions/.github/workflows/style.yaml@main + autoformat: + name: Auto-format and Check + runs-on: ubuntu-latest + strategy: + fail-fast: false # Keep running if one leg fails. + matrix: + tool: + - goimports + - gofmt + + include: + - tool: gofmt + options: -s + - tool: goimports + package: golang.org/x/tools/cmd/goimports@latest + + steps: + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.17.x + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - name: Install Dependencies + if: ${{ matrix.package != '' }} + run: | + cd $(mktemp -d) + go install ${{ matrix.package }} + + - name: ${{ matrix.tool }} ${{ matrix.options }} + shell: bash + run: > + ${{ matrix.tool }} ${{ matrix.options }} -w + $(find . + -path './vendor' -prune + -o -path './third_party' -prune + -o -name '*.pb.go' -prune + -o -name 'wire_gen.go' -prune + -o -type f -name '*.go' -print) + + - name: Verify ${{ matrix.tool }} + shell: bash + run: | + # From: https://backreference.org/2009/12/23/how-to-match-newlines-in-sed/ + # This is to leverage this workaround: + # https://github.com/actions/toolkit/issues/193#issuecomment-605394935 + function urlencode() { + sed ':begin;$!N;s/\n/%0A/;tbegin' + } + if [[ $(git diff-index --name-only HEAD --) ]]; then + for x in $(git diff-index --name-only HEAD --); do + echo "::error file=$x::Please run ${{ matrix.tool }} ${{ matrix.options }}.%0A$(git diff $x | urlencode)" + done + echo "${{ github.repository }} is out of style. Please run ${{ matrix.tool }} ${{ matrix.options }}." + exit 1 + fi + echo "${{ github.repository }} is formatted correctly." + + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.17.x + id: go + + - name: Check out code + uses: actions/checkout@v2 + + - id: golangci_configuration + uses: andstor/file-existence-action@v1 + with: + files: .golangci.yaml + - name: Go Lint + if: steps.golangci_configuration.outputs.files_exists == 'true' + uses: golangci/golangci-lint-action@v2 + with: + version: v1.43 + + - name: Install Tools + if: ${{ always() }} + env: + WOKE_VERSION: v0.13.0 + run: | + TEMP_PATH="$(mktemp -d)" + cd $TEMP_PATH + + echo '::group::🐶 Installing reviewdog ... https://github.com/reviewdog/reviewdog' + curl -sfL https://raw.githubusercontent.com/reviewdog/reviewdog/master/install.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 + echo '::endgroup::' + + echo '::group:: Installing misspell ... https://github.com/client9/misspell' + curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | sh -s -- -b "${TEMP_PATH}" 2>&1 + echo '::endgroup::' + + echo '::group:: Installing woke ... https://github.com/get-woke/woke' + curl -sfL https://raw.githubusercontent.com/get-woke/woke/main/install.sh | sh -s -- -b "${TEMP_PATH}" "${WOKE_VERSION}" 2>&1 + echo '::endgroup::' + + echo "${TEMP_PATH}" >> $GITHUB_PATH + + - name: misspell + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Running github.com/client9/misspell with reviewdog 🐶 ...' + # Don't fail because of misspell + set +o pipefail + # Exclude generated and vendored files, plus some legacy + # paths until we update all .gitattributes + git ls-files | + git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | + grep -Ev '^(vendor/|third_party/|.git)' | + grep -v '\.svg$' | + xargs misspell -i importas -error | + reviewdog -efm="%f:%l:%c: %m" \ + -name="github.com/client9/misspell" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + - name: trailing whitespace + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Flagging trailing whitespace with reviewdog 🐶 ...' + # Don't fail because of grep + set +o pipefail + + # Exclude generated and vendored files, plus some legacy + # paths until we update all .gitattributes + git ls-files | + git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | + grep -Ev '^(vendor/|third_party/|.git)' | + grep -v '\.svg$' | + xargs grep -nE " +$" | + reviewdog -efm="%f:%l:%m" \ + -name="trailing whitespace" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + - name: EOF newline + shell: bash + if: ${{ always() }} + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + echo '::group:: Flagging missing EOF newlines with reviewdog 🐶 ...' + # Don't fail because of misspell + set +o pipefail + # Lint exclude rule: + # - nothing in vendor/ + # - nothing in third_party + # - nothing in .git/ + # - no *.ai (Adobe Illustrator) files. + LINT_FILES=$(git ls-files | + git check-attr --stdin linguist-generated | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin linguist-vendored | grep -Ev ': (set|true)$' | cut -d: -f1 | + git check-attr --stdin ignore-lint | grep -Ev ': (set|true)$' | cut -d: -f1 | + grep -Ev '^(vendor/|third_party/|.git)' | + grep -v '\.ai$' | + grep -v '\.svg$') + + for x in $LINT_FILES; do + # Based on https://stackoverflow.com/questions/34943632/linux-check-if-there-is-an-empty-line-at-the-end-of-a-file + if [[ -f $x && ! ( -s "$x" && -z "$(tail -c 1 $x)" ) ]]; then + # We add 1 to `wc -l` here because of this limitation (from the man page): + # Characters beyond the final character will not be included in the line count. + echo $x:$((1 + $(wc -l $x | tr -s ' ' | cut -d' ' -f 1))): Missing newline + fi + done | + reviewdog -efm="%f:%l: %m" \ + -name="EOF Newline" \ + -reporter="github-pr-check" \ + -filter-mode="added" \ + -fail-on-error="true" \ + -level="error" + + echo '::endgroup::' + + # This is mostly copied from https://github.com/get-woke/woke-action-reviewdog/blob/main/entrypoint.sh + # since their action is not yet released under a stable version. + - name: Language + if: ${{ always() && github.event_name == 'pull_request' }} + shell: bash + env: + REVIEWDOG_GITHUB_API_TOKEN: ${{ github.token }} + run: | + set -e + cd "${GITHUB_WORKSPACE}" || exit 1 + + # Create a minimal .wokeignore if none already exist. + if [ ! -f .wokeignore ]; then + cat > .wokeignore <