bazel: add go generate to //:generate target

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

.github/workflows/test-go-generate.yml

@@ -1,72 +0,0 @@
-name: Go generate check
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - main
-      - "release/**"
-  pull_request:
-
-jobs:
-  go-generate:
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
-        with:
-          path: constellation
-          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
-          token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
-
-      - name: Setup Go
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
-        with:
-          go-version: "1.20.2"
-          cache: true
-          cache-dependency-path: constellation/go.mod
-
-      - name: Install docgen
-        uses: ./constellation/.github/actions/install_docgen
-
-      - name: Install stringer
-        shell: bash
-        run: go install golang.org/x/tools/cmd/stringer@7db99dd12661adab9ce92e9b9633b6ef90867fad # v0.5.0
-
-      - name: Get Go submodules
-        id: submods
-        shell: bash
-        working-directory: constellation
-        run: |
-          mods=$(go list -f '{{.Dir}}' -m | xargs)
-          echo "Found mods: $mods"
-          echo "submods=${mods}" >> "$GITHUB_OUTPUT"
-
-      - name: Go generate check
-        id: generatecheck
-        shell: bash
-        working-directory: constellation
-        run: |
-          mods="${{ steps.submods.outputs.submods }}"
-          for mod in $mods; do
-              go generate "$mod/..."
-          done
-          git diff --exit-code
-
-      - name: Push changes on renovate branch
-        if: |
-          failure() &&
-          (steps.generatecheck.conclusion == 'failure')
-          && startsWith(github.head_ref, 'renovate/') &&
-          !github.event.pull_request.head.repo.fork
-        shell: bash
-        working-directory: constellation
-        run: |
-          diff_dirs=$(git diff --name-only)
-          if [[ "${diff_dirs}" == "internal/versions/versions.go" ]]; then
-            echo "internal/versions/versions.go is the only changed file, so we can push the changes."
-            git config --global user.name "edgelessci"
-            git config --global user.email "edgelessci@users.noreply.github.com"
-            git commit -am "deps: update versions.go"
-            git push
-          fi

bazel/ci/BUILD.bazel

@@ -300,6 +300,37 @@ alias(
     }),
 )
 
+alias(
+    name = "com_github_helm_helm",
+    actual = select({
+        "@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_helm_helm_darwin_amd64//:helm",
+        "@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_helm_helm_darwin_arm64//:helm",
+        "@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_helm_helm_linux_amd64//:helm",
+        "@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_helm_helm_linux_arm64//:helm",
+    }),
+)
+
+sh_template(
+    name = "go_generate",
+    data = [
+        ":com_github_helm_helm",
+        ":com_github_siderolabs_talos_hack_docgen",
+        "//internal/attestation/measurements/measurement-generator",
+        "//internal/versions/hash-generator",
+        "@go_sdk//:bin/go",
+        "@org_golang_x_tools//cmd/stringer",
+    ],
+    substitutions = {
+        "@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)",
+        "@@GO@@": "$(rootpath @go_sdk//:bin/go)",
+        "@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)",
+        "@@HELM@@": "$(rootpath :com_github_helm_helm)",
+        "@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)",
+        "@@STRINGER@@": "$(rootpath @org_golang_x_tools//cmd/stringer:stringer)",
+    },
+    template = "go_generate.sh.in",
+)
+
 multirun(
     name = "tidy",
     commands = [
@@ -346,6 +377,7 @@ multirun(
     commands = [
         ":terraform_gen",
         "//3rdparty/bazel/com_github_medik8s_node_maintainance_operator:pull_files",
+        ":go_generate",
     ],
     jobs = 1,  # execute sequentially
     visibility = ["//visibility:public"],

bazel/ci/go_generate.sh.in

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+
+###### script header ######
+
+lib=$(realpath @@BASE_LIB@@) || exit 1
+stat "${lib}" >> /dev/null || exit 1
+
+# shellcheck source=../sh/lib.bash
+if ! source "${lib}"; then
+  echo "Error: could not find import"
+  exit 1
+fi
+
+go=$(realpath @@GO@@)
+stat "${go}" >> /dev/null
+stringer=$(realpath @@STRINGER@@)
+stat "${stringer}" >> /dev/null
+docgen=$(realpath @@DOCGEN@@)
+stat "${docgen}" >> /dev/null
+helm=$(realpath @@HELM@@)
+stat "${helm}" >> /dev/null
+hash_generator=$(realpath @@HASH_GENERATOR@@)
+stat "${hash_generator}" >> /dev/null
+measurement_generator=$(realpath @@MEASUREMENT_GENERATOR@@)
+stat "${measurement_generator}" >> /dev/null
+
+cd "${BUILD_WORKSPACE_DIRECTORY}"
+
+###### script body ######
+
+PATH=$(dirname "${go}"):${PATH}
+PATH=$(dirname "${stringer}"):${PATH}
+PATH=$(dirname "${docgen}"):${PATH}
+PATH=$(dirname "${helm}"):${PATH}
+PATH=$(dirname "${hash_generator}"):${PATH}
+PATH=$(dirname "${measurement_generator}"):${PATH}
+export PATH
+
+submodules=$(${go} list -f '{{.Dir}}' -m)
+
+err=0
+
+echo "Running 'go generate' on the following Go modules:"
+for mod in ${submodules}; do
+  echo "${mod}"
+  ${go} generate -C "${mod}" ./... 2>&1 | sed 's/^/  /' || err=$?
+done
+
+exit "${err}"

bazel/toolchains/ci_deps.bzl

@@ -12,6 +12,7 @@ def ci_deps():
     _golangci_lint_deps()
     _buf_deps()
     _talos_docgen_deps()
+    _helm_deps()
 
 def _shellcheck_deps():
     http_archive(
@@ -287,3 +288,33 @@ def _talos_docgen_deps():
         downloaded_file_path = "docgen",
         sha256 = "4aa7ed0de31932d541aa11c9b75ed214ffc28dbd618f489fb5a598407aca072e",
     )
+
+def _helm_deps():
+    http_archive(
+        name = "com_github_helm_helm_linux_amd64",
+        sha256 = "781d826daec584f9d50a01f0f7dadfd25a3312217a14aa2fbb85107b014ac8ca",
+        url = "https://get.helm.sh/helm-v3.11.2-linux-amd64.tar.gz",
+        strip_prefix = "linux-amd64",
+        build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""",
+    )
+    http_archive(
+        name = "com_github_helm_helm_linux_arm64",
+        sha256 = "0a60baac83c3106017666864e664f52a4e16fbd578ac009f9a85456a9241c5db",
+        url = "https://get.helm.sh/helm-v3.11.2-linux-arm64.tar.gz",
+        strip_prefix = "linux-arm64",
+        build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""",
+    )
+    http_archive(
+        name = "com_github_helm_helm_darwin_amd64",
+        sha256 = "404938fd2c6eff9e0dab830b0db943fca9e1572cd3d7ee40904705760faa390f",
+        url = "https://get.helm.sh/helm-v3.11.2-darwin-amd64.tar.gz",
+        strip_prefix = "darwin-amd64",
+        build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""",
+    )
+    http_archive(
+        name = "com_github_helm_helm_darwin_arm64",
+        sha256 = "f61a3aa55827de2d8c64a2063fd744b618b443ed063871b79f52069e90813151",
+        url = "https://get.helm.sh/helm-v3.11.2-darwin-arm64.tar.gz",
+        strip_prefix = "darwin-arm64",
+        build_file_content = """exports_files(["helm"], visibility = ["//visibility:public"])""",
+    )

cli/internal/helm/generateCertManager.sh

@@ -1,3 +1,21 @@
 #!/usr/bin/env bash
 
-helm pull cert-manager --version 1.10.0 --repo https://charts.jetstack.io --untar --untardir charts && rm -rf charts/cert-manager/README.md charts/cert-manager-v1.10.0.tgz
+set -euo pipefail
+set -o errtrace
+shopt -s inherit_errexit
+
+echo "Pulling cert-manager Helm chart..."
+
+function cleanup {
+  rm -r "charts/cert-manager/README.md" "charts/cert-manager-v1.10.0.tgz"
+}
+
+trap cleanup EXIT
+
+helm pull cert-manager \
+  --version 1.10.0 \
+  --repo "https://charts.jetstack.io" \
+  --untar \
+  --untardir "charts"
+
+echo # final newline

cli/internal/helm/generateCilium.sh

@@ -1,20 +1,34 @@
 #!/usr/bin/env bash
 
 set -euo pipefail
+set -o errtrace
 shopt -s inherit_errexit
 
+echo "Pulling Cilium Helm chart..."
+
+function cleanup {
+  rm -r "${ciliumTmpDir}"
+}
+
+trap cleanup EXIT
+
 calldir=$(pwd)
 ciliumTmpDir=$(mktemp -d)
-pushd "${ciliumTmpDir}"
+cd "${ciliumTmpDir}"
-git clone --filter=blob:none --no-checkout --sparse --depth 1 -b 1.12.1 https://github.com/cilium/cilium.git
+
-pushd cilium
+git clone \
+  --filter=blob:none \
+  --no-checkout \
+  --sparse \
+  --depth 1 \
+  -b 1.12.1 \
+  https://github.com/cilium/cilium.git
+cd cilium
 
 git sparse-checkout add install/kubernetes/cilium
 git checkout
 
-git apply "${calldir}"/cilium.patch
+git apply "${calldir}/cilium.patch"
-cp -r install/kubernetes/cilium "${calldir}"/charts
+cp -r install/kubernetes/cilium "${calldir}/charts"
 
-popd
+echo # final newline
-popd
-rm -r "${ciliumTmpDir}"

cli/internal/helm/update-csi-charts.sh

@@ -3,8 +3,11 @@
 # update-csi-charts updates the Helm charts for the CSI drivers in the CLI.
 
 set -euo pipefail
+set -o errtrace
 shopt -s inherit_errexit
 
+echo "Updating CSI Helm charts..."
+
 # Required tools
 if ! command -v git &> /dev/null; then
   echo "git could not be found"
@@ -19,29 +22,38 @@ fi
 #   $3: path to the Helm chart in the git repo
 #   $4: name of the Helm chart
 download_chart() {
+  cleanup() {
+    rm -r "${repo_tmp_dir}"
+  }
   chart_url=$1
   branch=$2
   chart_dir=$3
   chart_name=$4
 
+  callDir=$(pwd)
   repo_tmp_dir=$(mktemp -d)
 
-  chart_base_path="charts/edgeless/constellation-services/charts/"
+  chart_base_path="charts/edgeless/constellation-services/charts"
 
-  pushd "${repo_tmp_dir}"
+  cd "${repo_tmp_dir}"
-  git clone --filter=blob:none --no-checkout --sparse --depth 1 --branch="${branch}" "${chart_url}" "${repo_tmp_dir}"
+  git clone \
+    --filter=blob:none \
+    --no-checkout \
+    --sparse \
+    --depth 1 \
+    --branch="${branch}" \
+    "${chart_url}" "${repo_tmp_dir}"
 
   git sparse-checkout add "${chart_dir}"
   git checkout
-  popd
+  cd "${callDir}"
 
   # remove old chart
-  rm -r "${chart_base_path}${chart_name}"
+  rm -r "${chart_base_path:?}/${chart_name}"
 
   # move new chart
   mkdir -p "${chart_base_path}/${chart_name}"
-  cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}${chart_name}"
+  cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}/${chart_name}"
-  rm -r "${repo_tmp_dir}"
 
   return
 }
@@ -53,3 +65,5 @@ download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persist
 ## Azure CSI Driver
 # TODO: clone from main branch once we rebase on upstream
 download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.1.2" "charts/edgeless" "azuredisk-csi-driver"
+
+echo # final newline

internal/attestation/measurements/measurement-generator/BUILD.bazel

@@ -20,6 +20,8 @@ go_library(
 go_binary(
     name = "measurement-generator",
     embed = [":measurement-generator_lib"],
+    # keep
+    gotags = ["enterprise"],
     visibility = ["//:__subpackages__"],
 )
 

internal/attestation/measurements/measurements_enterprise.go

@@ -13,7 +13,7 @@ import "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 // Regenerate the measurements by running go generate.
 // The enterprise build tag is required to validate the measurements using production
 // sigstore certificates.
-//go:generate go run -tags enterprise measurement-generator/generate.go
+//go:generate measurement-generator
 
 // DefaultsFor provides the default measurements for given cloud provider.
 func DefaultsFor(provider cloudprovider.Provider) M {

internal/versions/versions.go

@@ -110,7 +110,7 @@ const (
 
 // Regenerate the hashes by running go generate.
 // To add another Kubernetes version, add a new entry to the VersionConfigs map below and fill the Hash field with an empty string.
-//go:generate go run hash-generator/generate.go
+//go:generate hash-generator
 
 // VersionConfigs holds download URLs for all required kubernetes components for every supported version.
 var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{