diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 054c3f45ad..67aae1074e 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -1,21 +1,21 @@ name: go-tests -on: +on: pull_request: branches-ignore: - stable-website - - 'docs/**' - - 'ui/**' - - 'mktg-**' # Digital Team Terraform-generated branches' prefix - - 'backport/docs/**' - - 'backport/ui/**' - - 'backport/mktg-**' + - "docs/**" + - "ui/**" + - "mktg-**" # Digital Team Terraform-generated branches' prefix + - "backport/docs/**" + - "backport/ui/**" + - "backport/mktg-**" push: branches: # Push events on the main branch - main - release/** - + permissions: contents: read @@ -37,14 +37,14 @@ jobs: compute-large: ${{ steps.setup-outputs.outputs.compute-large }} compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - - id: setup-outputs - name: Setup outputs - run: ./.github/scripts/get_runner_classes.sh + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 + - id: setup-outputs + name: Setup outputs + run: ./.github/scripts/get_runner_classes.sh check-go-mod: - needs: - - setup + needs: + - setup uses: ./.github/workflows/reusable-check-go-mod.yml with: runs-on: ${{ needs.setup.outputs.compute-small }} @@ -53,97 +53,97 @@ jobs: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} check-generated-protobuf: - needs: - - setup + needs: + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - with: - go-version-file: 'go.mod' - - run: make proto-tools - name: Install protobuf - - run: make proto-format - name: "Protobuf Format" - - run: make --always-make proto - - run: | - if ! git diff --exit-code; then - echo "Generated code was not updated correctly" - exit 1 - fi - - run: make proto-lint - name: "Protobuf Lint" - - name: Notify Slack - if: ${{ failure() }} - run: .github/scripts/notify_slack.sh + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 + with: + go-version-file: "go.mod" + - run: make proto-tools + name: Install protobuf + - run: make proto-format + name: "Protobuf Format" + - run: make --always-make proto + - run: | + if ! git diff --exit-code; then + echo "Generated code was not updated correctly" + exit 1 + fi + - run: make proto-lint + name: "Protobuf Lint" + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh check-generated-deep-copy: - needs: - - setup + needs: + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - with: - go-version-file: 'go.mod' - - run: make codegen-tools - name: Install deep-copy - - run: make --always-make deep-copy - - run: | - if ! git diff --exit-code; then - echo "Generated code was not updated correctly" - exit 1 - fi - - name: Notify Slack - if: ${{ failure() }} - run: .github/scripts/notify_slack.sh + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: make codegen-tools + name: Install deep-copy + - run: make --always-make deep-copy + - run: | + if ! git diff --exit-code; then + echo "Generated code was not updated correctly" + exit 1 + fi + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint-enums: - needs: - - setup + needs: + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - with: - go-version-file: 'go.mod' - - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./... - - name: Notify Slack - if: ${{ failure() }} - run: .github/scripts/notify_slack.sh + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./... + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint-consul-retry: - needs: - - setup + needs: + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} steps: - - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 - with: - go-version-file: 'go.mod' - - run: go install github.com/hashicorp/lint-consul-retry@master && lint-consul-retry - - name: Notify Slack - if: ${{ failure() }} - run: .github/scripts/notify_slack.sh + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # pin@v3.3.0 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # pin@v3.5.0 + with: + go-version-file: "go.mod" + - run: go install github.com/hashicorp/lint-consul-retry@v1.3.0 && lint-consul-retry + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint: - needs: - - setup + needs: + - setup uses: ./.github/workflows/reusable-lint.yml with: runs-on: ${{ needs.setup.outputs.compute-large }} @@ -152,8 +152,8 @@ jobs: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} lint-32bit: - needs: - - setup + needs: + - setup uses: ./.github/workflows/reusable-lint.yml with: go-arch: "386" @@ -164,10 +164,10 @@ jobs: # create a development build dev-build: - needs: - - setup + needs: + - setup uses: ./.github/workflows/reusable-dev-build.yml - with: + with: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} secrets: @@ -176,8 +176,8 @@ jobs: # dev-build-arm64: # # only run on enterprise because GHA does not have arm64 runners in CE # if: ${{ endsWith(github.repository, '-enterprise') }} - # needs: - # - setup + # needs: + # - setup # uses: ./.github/workflows/reusable-dev-build.yml # with: # uploaded-binary-name: 'consul-bin-arm64' @@ -190,8 +190,8 @@ jobs: # go-test-arm64: # # only run on enterprise because GHA does not have arm64 runners in CE # if: ${{ endsWith(github.repository, '-enterprise') }} - # needs: - # - setup + # needs: + # - setup # - dev-build-arm64 # uses: ./.github/workflows/reusable-unit-split.yml # with: @@ -208,8 +208,8 @@ jobs: go-test-ce: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit-split.yml with: directory: . @@ -219,7 +219,7 @@ jobs: go-tags: "" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} @@ -227,9 +227,9 @@ jobs: go-test-enterprise: if: ${{ endsWith(github.repository, '-enterprise') }} - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit-split.yml with: directory: . @@ -239,16 +239,16 @@ jobs: go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-race: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: . @@ -259,16 +259,16 @@ jobs: go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-32bit: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: . @@ -279,16 +279,16 @@ jobs: go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-api-1-19: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: api @@ -298,16 +298,16 @@ jobs: go-version: "1.19" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-api-1-20: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: api @@ -317,16 +317,16 @@ jobs: go-version: "1.20" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-sdk-1-19: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: sdk @@ -336,16 +336,16 @@ jobs: go-version: "1.19" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} datadog-api-key: "${{ !endsWith(github.repository, '-enterprise') && secrets.DATADOG_API_KEY || '' }}" go-test-sdk-1-20: - needs: - - setup - - dev-build + needs: + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: sdk @@ -355,7 +355,7 @@ jobs: go-version: "1.20" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read + contents: read secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} consul-license: ${{secrets.CONSUL_LICENSE}} @@ -375,30 +375,30 @@ jobs: # - be placed after the fanout of a workflow so that everything fans back in # to this job. # - "need" any job that is part of the fan out / fan in - # - implement the if logic because we have conditional jobs - # (go-test-enteprise) that this job needs and this would potentially get - # skipped if a previous job got skipped. So we use the if clause to make + # - implement the if logic because we have conditional jobs + # (go-test-enteprise) that this job needs and this would potentially get + # skipped if a previous job got skipped. So we use the if clause to make # sure it does not get skipped. go-tests-success: - needs: - - setup - - check-generated-deep-copy - - check-generated-protobuf - - check-go-mod - - lint-consul-retry - - lint-enums - - lint - - lint-32bit - # - go-test-arm64 - - go-test-enterprise - - go-test-ce - - go-test-race - - go-test-api-1-19 - - go-test-api-1-20 - - go-test-sdk-1-19 - - go-test-sdk-1-20 - - go-test-32bit + needs: + - setup + - check-generated-deep-copy + - check-generated-protobuf + - check-go-mod + - lint-consul-retry + - lint-enums + - lint + - lint-32bit + # - go-test-arm64 + - go-test-enterprise + - go-test-ce + - go-test-race + - go-test-api-1-19 + - go-test-api-1-20 + - go-test-sdk-1-19 + - go-test-sdk-1-20 + - go-test-32bit runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: ${{ always() }} steps: diff --git a/GNUmakefile b/GNUmakefile index 8bcbf67f63..49ad1f66d1 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -15,6 +15,7 @@ MOG_VERSION='v0.4.0' PROTOC_GO_INJECT_TAG_VERSION='v1.3.0' PROTOC_GEN_GO_BINARY_VERSION="v0.0.1" DEEP_COPY_VERSION='bc3f5aa5735d8a54961580a3a24422c308c831c2' +LINT_CONSUL_RETRY_VERSION='v1.3.0' MOCKED_PB_DIRS= pbdns diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh index 6973077bba..726ac366d1 100755 --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -128,12 +128,16 @@ function proto_tools_install { } function lint_install { + local lint_consul_retry_version + lint_consul_retry_version="$(make --no-print-directory print-LINT_CONSUL_RETRY_VERSION)" local golangci_lint_version golangci_lint_version="$(make --no-print-directory print-GOLANGCI_LINT_VERSION)" - install_unversioned_tool \ + install_versioned_tool \ 'lint-consul-retry' \ - 'github.com/hashicorp/lint-consul-retry@master' + 'github.com/hashicorp/lint-consul-retry' \ + "${lint_consul_retry_version}" \ + 'github.com/hashicorp/lint-consul-retry' install_unversioned_tool \ 'enumcover' \