bazel check: silent env for cleaner output (#1898)

* explicitly ignore pkgs for cleaner output * do not ignore but redirect stderr * silent env var to silent stderr * add silent env var to vuln,lint,tf * fix golangci silent * Update bazel/ci/terraform.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/golicenses.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/govulncheck.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> * Update bazel/ci/golangci_lint.sh.in Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com> --------- Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-06-14 13:58:21 +02:00 · 2023-06-14 13:58:21 +02:00 · c1f9d86cd3
commit c1f9d86cd3
parent 7a1c70d7e5
4 changed files with 170 additions and 136 deletions
--- a/bazel/ci/golangci_lint.sh.in
+++ b/bazel/ci/golangci_lint.sh.in
@ -27,22 +27,31 @@ excludeMods=(
  "hack/tools"
 )

-echo "The following Go modules are excluded and won't be linted with golangci-lint:"
-for exclude in "${excludeMods[@]}"; do
-  for i in "${!modules[@]}"; do
-    if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then
-      echo "  ${modules[i]}"
-      unset 'modules[i]'
-    fi
+check() {
+  echo "The following Go modules are excluded and won't be linted with golangci-lint:"
+  for exclude in "${excludeMods[@]}"; do
+    for i in "${!modules[@]}"; do
+      if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then
+        echo "  ${modules[i]}"
+        unset 'modules[i]'
+      fi
+    done
  done
-done

-statuscode=0
+  statuscode=0

-echo "Linting the following Go modules with golangci-lint:"
-for mod in "${modules[@]}"; do
-  echo "  ${mod}"
-  PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." || statuscode=$?
-done
+  echo "Linting the following Go modules with golangci-lint:"
+  for mod in "${modules[@]}"; do
+    echo "  ${mod}"
+    PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." >&2
+    statuscode=$?
+  done

-exit "${statuscode}"
+  exit "${statuscode}"
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi
--- a/bazel/ci/golicenses.sh.in
+++ b/bazel/ci/golicenses.sh.in
@ -27,65 +27,73 @@ not_allowed() {
  err=1
 }

+license_report() {
+  PATH="$(dirname "${go}"):${PATH}" \
+  GOROOT=$(${go} env GOROOT) \
+  GOPATH=$(${go} env GOPATH) \
+  GOCACHE=$(${go} env GOCACHE) \
+    ${golicenses} report ./... | {
+    while read -r line; do
+
+      pkg=${line%%,*}
+      lic=${line##*,}
+
+      case ${lic} in
+      Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
+
+      MPL-2.0)
+        case ${pkg} in
+        github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
+
+        github.com/letsencrypt/boulder) ;;
+
+        github.com/hashicorp/*) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      AGPL-3.0)
+        case ${pkg} in
+        github.com/edgelesssys/constellation/v2) ;;
+
+        github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      Unknown)
+        case ${pkg} in
+        github.com/edgelesssys/go-tdx-qpl/*) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      *)
+        echo "unknown license: ${line}"
+        err=1
+        ;;
+      esac
+
+    done
+    exit "${err}"
+  }
+}
+
 ${go} mod download

 err=0

-PATH="$(dirname "${go}"):${PATH}" \
-GOROOT=$(${go} env GOROOT) \
-GOPATH=$(${go} env GOPATH) \
-GOCACHE=$(${go} env GOCACHE) \
-  ${golicenses} csv ./... | {
-  while read -r line; do
-
-    pkg=${line%%,*}
-    lic=${line##*,}
-
-    case ${lic} in
-    Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
-
-    MPL-2.0)
-      case ${pkg} in
-      github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
-
-      github.com/letsencrypt/boulder) ;;
-
-      github.com/hashicorp/*) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    AGPL-3.0)
-      case ${pkg} in
-      github.com/edgelesssys/constellation/v2) ;;
-
-      github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    Unknown)
-      case ${pkg} in
-      github.com/edgelesssys/go-tdx-qpl/*) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    *)
-      echo "unknown license: ${line}"
-      err=1
-      ;;
-    esac
-
-  done
-  exit "${err}"
-}
+if test -v SILENT; then
+  license_report 2> /dev/null
+else
+  license_report
+fi
--- a/bazel/ci/govulncheck.sh.in
+++ b/bazel/ci/govulncheck.sh.in
@ -24,18 +24,27 @@ submodules=$(${go} list -f '{{.Dir}}' -m)

 PATH=$(dirname "${go}"):${PATH}

-err=0
+check() {
+  err=0

-echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
-for mod in ${submodules}; do
-  echo "  ${mod}"
-  echo -n "  "
-  CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
-    tail -n 2 | # Providing some nice output...
-    tr '\n' ' ' |
-    sed s/" your code and"// &&
-    printf "\n" ||
-    err=$?
-done
+  echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
+  for mod in ${submodules}; do
+    echo "  ${mod}"
+    echo -n "  "
+    CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
+      tail -n 2 | # Providing some nice output...
+      tr '\n' ' ' |
+      sed s/" your code and"// &&
+      printf "\n" ||
+      err=$?
+  done

-exit "${err}"
+  exit "${err}"
+
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi
--- a/bazel/ci/terraform.sh.in
+++ b/bazel/ci/terraform.sh.in
@ -39,58 +39,66 @@ excludeDirs=(
  "build"
 )

-echo "The following Terraform modules are excluded and won't be tidied:"
-for exclude in "${excludeDirs[@]}"; do
-  for i in "${!terraformModules[@]}"; do
-    if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
-      echo "  ${terraformModules[i]}"
-      unset 'terraformModules[i]'
-    fi
+check() {
+  echo "The following Terraform modules are excluded and won't be tidied:"
+  for exclude in "${excludeDirs[@]}"; do
+    for i in "${!terraformModules[@]}"; do
+      if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
+        echo "  ${terraformModules[i]}"
+        unset 'terraformModules[i]'
+      fi
+    done
  done
-done

-case ${mode} in
-"check")
-  echo "Checking validity and format of the following Terraform modules:"
-  for script in "${terraformModules[@]}"; do
-    echo "  ${script}"
-  done
-  echo "This may take a minute..."
-  for module in "${terraformModules[@]}"; do
-    ${terraform} -chdir="${module}" init > /dev/null
-    ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null
-    ${terraform} -chdir="${module}" validate > /dev/null
-    rm -rf "${module}/.terraform"
-  done
-  ;;
+  case ${mode} in
+  "check")
+    echo "Checking validity and format of the following Terraform modules:"
+    for script in "${terraformModules[@]}"; do
+      echo "  ${script}"
+    done
+    echo "This may take a minute..."
+    for module in "${terraformModules[@]}"; do
+      ${terraform} -chdir="${module}" init > /dev/null
+      ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null
+      ${terraform} -chdir="${module}" validate > /dev/null
+      rm -rf "${module}/.terraform"
+    done
+    ;;

-"format")
-  echo "Formatting the following Terraform modules:"
-  for module in "${terraformModules[@]}"; do
-    echo "  ${module}"
-    ${terraform} -chdir="${module}" fmt -recursive > /dev/null
-  done
-  ;;
+  "format")
+    echo "Formatting the following Terraform modules:"
+    for module in "${terraformModules[@]}"; do
+      echo "  ${module}"
+      ${terraform} -chdir="${module}" fmt -recursive > /dev/null
+    done
+    ;;

-"generate")
-  echo "Formatting and generating lock files for the following Terraform modules:"
-  for script in "${terraformModules[@]}"; do
-    echo "  ${script}"
-  done
-  echo "This may take 5-10 min..."
-  for module in "${terraformModules[@]}"; do
-    ${terraform} -chdir="${module}" init > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null
-    rm -rf "${module}/.terraform"
-  done
-  ;;
+  "generate")
+    echo "Formatting and generating lock files for the following Terraform modules:"
+    for script in "${terraformModules[@]}"; do
+      echo "  ${script}"
+    done
+    echo "This may take 5-10 min..."
+    for module in "${terraformModules[@]}"; do
+      ${terraform} -chdir="${module}" init > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null
+      rm -rf "${module}/.terraform"
+    done
+    ;;

-*)
-  echo "Error: unknown mode \"${mode}\""
-  exit 1
-  ;;
-esac
+  *)
+    echo "Error: unknown mode \"${mode}\""
+    exit 1
+    ;;
+  esac
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi