From 909bfb92741ad380f798a56a32785ee996c4684d Mon Sep 17 00:00:00 2001 From: Paul Meyer <49727155+katexochen@users.noreply.github.com> Date: Wed, 29 Mar 2023 13:58:37 +0200 Subject: [PATCH] bazel: add go generate to //:generate target Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --- .github/workflows/test-go-generate.yml | 72 ------------------- bazel/ci/BUILD.bazel | 32 +++++++++ bazel/ci/go_generate.sh.in | 49 +++++++++++++ bazel/toolchains/ci_deps.bzl | 31 ++++++++ cli/internal/helm/generateCertManager.sh | 20 +++++- cli/internal/helm/generateCilium.sh | 30 +++++--- cli/internal/helm/update-csi-charts.sh | 28 ++++++-- .../measurement-generator/BUILD.bazel | 2 + .../measurements/measurements_enterprise.go | 2 +- internal/versions/versions.go | 2 +- 10 files changed, 178 insertions(+), 90 deletions(-) delete mode 100644 .github/workflows/test-go-generate.yml create mode 100644 bazel/ci/go_generate.sh.in diff --git a/.github/workflows/test-go-generate.yml b/.github/workflows/test-go-generate.yml deleted file mode 100644 index d6063c4a4..000000000 --- a/.github/workflows/test-go-generate.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Go generate check - -on: - workflow_dispatch: - push: - branches: - - main - - "release/**" - pull_request: - -jobs: - go-generate: - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 - with: - path: constellation - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} - - - name: Setup Go - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.20.2" - cache: true - cache-dependency-path: constellation/go.mod - - - name: Install docgen - uses: ./constellation/.github/actions/install_docgen - - - name: Install stringer - shell: bash - run: go install golang.org/x/tools/cmd/stringer@7db99dd12661adab9ce92e9b9633b6ef90867fad # v0.5.0 - - - name: Get Go submodules - id: submods - shell: bash - working-directory: constellation - run: | - mods=$(go list -f '{{.Dir}}' -m | xargs) - echo "Found mods: $mods" - echo "submods=${mods}" >> "$GITHUB_OUTPUT" - - - name: Go generate check - id: generatecheck - shell: bash - working-directory: constellation - run: | - mods="${{ steps.submods.outputs.submods }}" - for mod in $mods; do - go generate "$mod/..." - done - git diff --exit-code - - - name: Push changes on renovate branch - if: | - failure() && - (steps.generatecheck.conclusion == 'failure') - && startsWith(github.head_ref, 'renovate/') && - !github.event.pull_request.head.repo.fork - shell: bash - working-directory: constellation - run: | - diff_dirs=$(git diff --name-only) - if [[ "${diff_dirs}" == "internal/versions/versions.go" ]]; then - echo "internal/versions/versions.go is the only changed file, so we can push the changes." - git config --global user.name "edgelessci" - git config --global user.email "edgelessci@users.noreply.github.com" - git commit -am "deps: update versions.go" - git push - fi diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index f7c4d8102..e6e3934f9 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -300,6 +300,37 @@ alias( }), ) +alias( + name = "com_github_helm_helm", + actual = select({ + "@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_helm_helm_darwin_amd64//:helm", + "@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_helm_helm_darwin_arm64//:helm", + "@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_helm_helm_linux_amd64//:helm", + "@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_helm_helm_linux_arm64//:helm", + }), +) + +sh_template( + name = "go_generate", + data = [ + ":com_github_helm_helm", + ":com_github_siderolabs_talos_hack_docgen", + "//internal/attestation/measurements/measurement-generator", + "//internal/versions/hash-generator", + "@go_sdk//:bin/go", + "@org_golang_x_tools//cmd/stringer", + ], + substitutions = { + "@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)", + "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)", + "@@HELM@@": "$(rootpath :com_github_helm_helm)", + "@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)", + "@@STRINGER@@": "$(rootpath @org_golang_x_tools//cmd/stringer:stringer)", + }, + template = "go_generate.sh.in", +) + multirun( name = "tidy", commands = [ @@ -346,6 +377,7 @@ multirun( commands = [ ":terraform_gen", "//3rdparty/bazel/com_github_medik8s_node_maintainance_operator:pull_files", + ":go_generate", ], jobs = 1, # execute sequentially visibility = ["//visibility:public"], diff --git a/bazel/ci/go_generate.sh.in b/bazel/ci/go_generate.sh.in new file mode 100644 index 000000000..f238dd896 --- /dev/null +++ b/bazel/ci/go_generate.sh.in @@ -0,0 +1,49 @@ +#!/usr/bin/env bash + +###### script header ###### + +lib=$(realpath @@BASE_LIB@@) || exit 1 +stat "${lib}" >> /dev/null || exit 1 + +# shellcheck source=../sh/lib.bash +if ! source "${lib}"; then + echo "Error: could not find import" + exit 1 +fi + +go=$(realpath @@GO@@) +stat "${go}" >> /dev/null +stringer=$(realpath @@STRINGER@@) +stat "${stringer}" >> /dev/null +docgen=$(realpath @@DOCGEN@@) +stat "${docgen}" >> /dev/null +helm=$(realpath @@HELM@@) +stat "${helm}" >> /dev/null +hash_generator=$(realpath @@HASH_GENERATOR@@) +stat "${hash_generator}" >> /dev/null +measurement_generator=$(realpath @@MEASUREMENT_GENERATOR@@) +stat "${measurement_generator}" >> /dev/null + +cd "${BUILD_WORKSPACE_DIRECTORY}" + +###### script body ###### + +PATH=$(dirname "${go}"):${PATH} +PATH=$(dirname "${stringer}"):${PATH} +PATH=$(dirname "${docgen}"):${PATH} +PATH=$(dirname "${helm}"):${PATH} +PATH=$(dirname "${hash_generator}"):${PATH} +PATH=$(dirname "${measurement_generator}"):${PATH} +export PATH + +submodules=$(${go} list -f '{{.Dir}}' -m) + +err=0 + +echo "Running 'go generate' on the following Go modules:" +for mod in ${submodules}; do + echo "${mod}" + ${go} generate -C "${mod}" ./... 2>&1 | sed 's/^/ /' || err=$? +done + +exit "${err}" diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 7727fcd62..54a45c8d9 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -12,6 +12,7 @@ def ci_deps(): _golangci_lint_deps() _buf_deps() _talos_docgen_deps() + _helm_deps() def _shellcheck_deps(): http_archive( @@ -287,3 +288,33 @@ def _talos_docgen_deps(): downloaded_file_path = "docgen", sha256 = "4aa7ed0de31932d541aa11c9b75ed214ffc28dbd618f489fb5a598407aca072e", ) + +def _helm_deps(): + http_archive( + name = "com_github_helm_helm_linux_amd64", + sha256 = "781d826daec584f9d50a01f0f7dadfd25a3312217a14aa2fbb85107b014ac8ca", + url = "https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz", + strip_prefix = "linux-amd64", + build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_helm_helm_linux_arm64", + sha256 = "0a60baac83c3106017666864e664f52a4e16fbd578ac009f9a85456a9241c5db", + url = "https://get.helm.sh/helm-v3.11.2-linux-arm64.tar.gz", + strip_prefix = "linux-arm64", + build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_helm_helm_darwin_amd64", + sha256 = "404938fd2c6eff9e0dab830b0db943fca9e1572cd3d7ee40904705760faa390f", + url = "https://get.helm.sh/helm-v3.11.2-darwin-amd64.tar.gz", + strip_prefix = "darwin-amd64", + build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_helm_helm_darwin_arm64", + sha256 = "f61a3aa55827de2d8c64a2063fd744b618b443ed063871b79f52069e90813151", + url = "https://get.helm.sh/helm-v3.11.2-darwin-arm64.tar.gz", + strip_prefix = "darwin-arm64", + build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""", + ) diff --git a/cli/internal/helm/generateCertManager.sh b/cli/internal/helm/generateCertManager.sh index 6adee7eaa..395446830 100755 --- a/cli/internal/helm/generateCertManager.sh +++ b/cli/internal/helm/generateCertManager.sh @@ -1,3 +1,21 @@ #!/usr/bin/env bash -helm pull cert-manager --version 1.10.0 --repo https://charts.jetstack.io --untar --untardir charts && rm -rf charts/cert-manager/README.md charts/cert-manager-v1.10.0.tgz +set -euo pipefail +set -o errtrace +shopt -s inherit_errexit + +echo "Pulling cert-manager Helm chart..." + +function cleanup { + rm -r "charts/cert-manager/README.md" "charts/cert-manager-v1.10.0.tgz" +} + +trap cleanup EXIT + +helm pull cert-manager \ + --version 1.10.0 \ + --repo "https://charts.jetstack.io" \ + --untar \ + --untardir "charts" + +echo # final newline diff --git a/cli/internal/helm/generateCilium.sh b/cli/internal/helm/generateCilium.sh index 1408696ba..f95436e65 100755 --- a/cli/internal/helm/generateCilium.sh +++ b/cli/internal/helm/generateCilium.sh @@ -1,20 +1,34 @@ #!/usr/bin/env bash set -euo pipefail +set -o errtrace shopt -s inherit_errexit +echo "Pulling Cilium Helm chart..." + +function cleanup { + rm -r "${ciliumTmpDir}" +} + +trap cleanup EXIT + calldir=$(pwd) ciliumTmpDir=$(mktemp -d) -pushd "${ciliumTmpDir}" -git clone --filter=blob:none --no-checkout --sparse --depth 1 -b 1.12.1 https://github.com/cilium/cilium.git -pushd cilium +cd "${ciliumTmpDir}" + +git clone \ + --filter=blob:none \ + --no-checkout \ + --sparse \ + --depth 1 \ + -b 1.12.1 \ + https://github.com/cilium/cilium.git +cd cilium git sparse-checkout add install/kubernetes/cilium git checkout -git apply "${calldir}"/cilium.patch -cp -r install/kubernetes/cilium "${calldir}"/charts +git apply "${calldir}/cilium.patch" +cp -r install/kubernetes/cilium "${calldir}/charts" -popd -popd -rm -r "${ciliumTmpDir}" +echo # final newline diff --git a/cli/internal/helm/update-csi-charts.sh b/cli/internal/helm/update-csi-charts.sh index 929809b48..281b9d553 100755 --- a/cli/internal/helm/update-csi-charts.sh +++ b/cli/internal/helm/update-csi-charts.sh @@ -3,8 +3,11 @@ # update-csi-charts updates the Helm charts for the CSI drivers in the CLI. set -euo pipefail +set -o errtrace shopt -s inherit_errexit +echo "Updating CSI Helm charts..." + # Required tools if ! command -v git &> /dev/null; then echo "git could not be found" @@ -19,29 +22,38 @@ fi # $3: path to the Helm chart in the git repo # $4: name of the Helm chart download_chart() { + cleanup() { + rm -r "${repo_tmp_dir}" + } chart_url=$1 branch=$2 chart_dir=$3 chart_name=$4 + callDir=$(pwd) repo_tmp_dir=$(mktemp -d) - chart_base_path="charts/edgeless/constellation-services/charts/" + chart_base_path="charts/edgeless/constellation-services/charts" - pushd "${repo_tmp_dir}" - git clone --filter=blob:none --no-checkout --sparse --depth 1 --branch="${branch}" "${chart_url}" "${repo_tmp_dir}" + cd "${repo_tmp_dir}" + git clone \ + --filter=blob:none \ + --no-checkout \ + --sparse \ + --depth 1 \ + --branch="${branch}" \ + "${chart_url}" "${repo_tmp_dir}" git sparse-checkout add "${chart_dir}" git checkout - popd + cd "${callDir}" # remove old chart - rm -r "${chart_base_path}${chart_name}" + rm -r "${chart_base_path:?}/${chart_name}" # move new chart mkdir -p "${chart_base_path}/${chart_name}" - cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}${chart_name}" - rm -r "${repo_tmp_dir}" + cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}/${chart_name}" return } @@ -53,3 +65,5 @@ download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persist ## Azure CSI Driver # TODO: clone from main branch once we rebase on upstream download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.1.2" "charts/edgeless" "azuredisk-csi-driver" + +echo # final newline diff --git a/internal/attestation/measurements/measurement-generator/BUILD.bazel b/internal/attestation/measurements/measurement-generator/BUILD.bazel index 3e72e2724..e4cbe0acb 100644 --- a/internal/attestation/measurements/measurement-generator/BUILD.bazel +++ b/internal/attestation/measurements/measurement-generator/BUILD.bazel @@ -20,6 +20,8 @@ go_library( go_binary( name = "measurement-generator", embed = [":measurement-generator_lib"], + # keep + gotags = ["enterprise"], visibility = ["//:__subpackages__"], ) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 17941db87..78a0b5489 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -13,7 +13,7 @@ import "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" // Regenerate the measurements by running go generate. // The enterprise build tag is required to validate the measurements using production // sigstore certificates. -//go:generate go run -tags enterprise measurement-generator/generate.go +//go:generate measurement-generator // DefaultsFor provides the default measurements for given cloud provider. func DefaultsFor(provider cloudprovider.Provider) M { diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 30dbbf1ce..8e5407cd6 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -110,7 +110,7 @@ const ( // Regenerate the hashes by running go generate. // To add another Kubernetes version, add a new entry to the VersionConfigs map below and fill the Hash field with an empty string. -//go:generate go run hash-generator/generate.go +//go:generate hash-generator // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{