diff --git a/bazel/ci/golangci_lint.sh.in b/bazel/ci/golangci_lint.sh.in index c1893ff4a..32e6cc31a 100644 --- a/bazel/ci/golangci_lint.sh.in +++ b/bazel/ci/golangci_lint.sh.in @@ -27,22 +27,31 @@ excludeMods=( "hack/tools" ) -echo "The following Go modules are excluded and won't be linted with golangci-lint:" -for exclude in "${excludeMods[@]}"; do - for i in "${!modules[@]}"; do - if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then - echo " ${modules[i]}" - unset 'modules[i]' - fi +check() { + echo "The following Go modules are excluded and won't be linted with golangci-lint:" + for exclude in "${excludeMods[@]}"; do + for i in "${!modules[@]}"; do + if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then + echo " ${modules[i]}" + unset 'modules[i]' + fi + done done -done -statuscode=0 + statuscode=0 -echo "Linting the following Go modules with golangci-lint:" -for mod in "${modules[@]}"; do - echo " ${mod}" - PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." || statuscode=$? -done + echo "Linting the following Go modules with golangci-lint:" + for mod in "${modules[@]}"; do + echo " ${mod}" + PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." >&2 + statuscode=$? + done -exit "${statuscode}" + exit "${statuscode}" +} + +if test -v SILENT; then + check > /dev/null +else + check +fi diff --git a/bazel/ci/golicenses.sh.in b/bazel/ci/golicenses.sh.in index c16cb4e09..3d342d78b 100644 --- a/bazel/ci/golicenses.sh.in +++ b/bazel/ci/golicenses.sh.in @@ -27,65 +27,73 @@ not_allowed() { err=1 } +license_report() { + PATH="$(dirname "${go}"):${PATH}" \ + GOROOT=$(${go} env GOROOT) \ + GOPATH=$(${go} env GOPATH) \ + GOCACHE=$(${go} env GOCACHE) \ + ${golicenses} report ./... | { + while read -r line; do + + pkg=${line%%,*} + lic=${line##*,} + + case ${lic} in + Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;; + + MPL-2.0) + case ${pkg} in + github.com/siderolabs/talos/pkg/machinery/config/encoder) ;; + + github.com/letsencrypt/boulder) ;; + + github.com/hashicorp/*) ;; + + *) + not_allowed + ;; + esac + ;; + + AGPL-3.0) + case ${pkg} in + github.com/edgelesssys/constellation/v2) ;; + + github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;; + + *) + not_allowed + ;; + esac + ;; + + Unknown) + case ${pkg} in + github.com/edgelesssys/go-tdx-qpl/*) ;; + + *) + not_allowed + ;; + esac + ;; + + *) + echo "unknown license: ${line}" + err=1 + ;; + esac + + done + exit "${err}" + } +} + ${go} mod download err=0 -PATH="$(dirname "${go}"):${PATH}" \ -GOROOT=$(${go} env GOROOT) \ -GOPATH=$(${go} env GOPATH) \ -GOCACHE=$(${go} env GOCACHE) \ - ${golicenses} csv ./... | { - while read -r line; do - - pkg=${line%%,*} - lic=${line##*,} - - case ${lic} in - Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;; - - MPL-2.0) - case ${pkg} in - github.com/siderolabs/talos/pkg/machinery/config/encoder) ;; - - github.com/letsencrypt/boulder) ;; - - github.com/hashicorp/*) ;; - - *) - not_allowed - ;; - esac - ;; - - AGPL-3.0) - case ${pkg} in - github.com/edgelesssys/constellation/v2) ;; - - github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;; - - *) - not_allowed - ;; - esac - ;; - - Unknown) - case ${pkg} in - github.com/edgelesssys/go-tdx-qpl/*) ;; - - *) - not_allowed - ;; - esac - ;; - - *) - echo "unknown license: ${line}" - err=1 - ;; - esac - - done - exit "${err}" -} +if test -v SILENT; then + license_report 2> /dev/null +else + license_report +fi diff --git a/bazel/ci/govulncheck.sh.in b/bazel/ci/govulncheck.sh.in index a91cb5e3f..c4c440e1a 100644 --- a/bazel/ci/govulncheck.sh.in +++ b/bazel/ci/govulncheck.sh.in @@ -24,18 +24,27 @@ submodules=$(${go} list -f '{{.Dir}}' -m) PATH=$(dirname "${go}"):${PATH} -err=0 +check() { + err=0 -echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:" -for mod in ${submodules}; do - echo " ${mod}" - echo -n " " - CGO_ENABLED=0 ${govulncheck} "${mod}/..." | - tail -n 2 | # Providing some nice output... - tr '\n' ' ' | - sed s/" your code and"// && - printf "\n" || - err=$? -done + echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:" + for mod in ${submodules}; do + echo " ${mod}" + echo -n " " + CGO_ENABLED=0 ${govulncheck} "${mod}/..." | + tail -n 2 | # Providing some nice output... + tr '\n' ' ' | + sed s/" your code and"// && + printf "\n" || + err=$? + done -exit "${err}" + exit "${err}" + +} + +if test -v SILENT; then + check > /dev/null +else + check +fi diff --git a/bazel/ci/terraform.sh.in b/bazel/ci/terraform.sh.in index bd462c4c4..aacf40b61 100644 --- a/bazel/ci/terraform.sh.in +++ b/bazel/ci/terraform.sh.in @@ -39,58 +39,66 @@ excludeDirs=( "build" ) -echo "The following Terraform modules are excluded and won't be tidied:" -for exclude in "${excludeDirs[@]}"; do - for i in "${!terraformModules[@]}"; do - if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then - echo " ${terraformModules[i]}" - unset 'terraformModules[i]' - fi +check() { + echo "The following Terraform modules are excluded and won't be tidied:" + for exclude in "${excludeDirs[@]}"; do + for i in "${!terraformModules[@]}"; do + if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then + echo " ${terraformModules[i]}" + unset 'terraformModules[i]' + fi + done done -done -case ${mode} in -"check") - echo "Checking validity and format of the following Terraform modules:" - for script in "${terraformModules[@]}"; do - echo " ${script}" - done - echo "This may take a minute..." - for module in "${terraformModules[@]}"; do - ${terraform} -chdir="${module}" init > /dev/null - ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null - ${terraform} -chdir="${module}" validate > /dev/null - rm -rf "${module}/.terraform" - done - ;; + case ${mode} in + "check") + echo "Checking validity and format of the following Terraform modules:" + for script in "${terraformModules[@]}"; do + echo " ${script}" + done + echo "This may take a minute..." + for module in "${terraformModules[@]}"; do + ${terraform} -chdir="${module}" init > /dev/null + ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null + ${terraform} -chdir="${module}" validate > /dev/null + rm -rf "${module}/.terraform" + done + ;; -"format") - echo "Formatting the following Terraform modules:" - for module in "${terraformModules[@]}"; do - echo " ${module}" - ${terraform} -chdir="${module}" fmt -recursive > /dev/null - done - ;; + "format") + echo "Formatting the following Terraform modules:" + for module in "${terraformModules[@]}"; do + echo " ${module}" + ${terraform} -chdir="${module}" fmt -recursive > /dev/null + done + ;; -"generate") - echo "Formatting and generating lock files for the following Terraform modules:" - for script in "${terraformModules[@]}"; do - echo " ${script}" - done - echo "This may take 5-10 min..." - for module in "${terraformModules[@]}"; do - ${terraform} -chdir="${module}" init > /dev/null - ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null - ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null - ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null - ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null - ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null - rm -rf "${module}/.terraform" - done - ;; + "generate") + echo "Formatting and generating lock files for the following Terraform modules:" + for script in "${terraformModules[@]}"; do + echo " ${script}" + done + echo "This may take 5-10 min..." + for module in "${terraformModules[@]}"; do + ${terraform} -chdir="${module}" init > /dev/null + ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null + ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null + ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null + ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null + ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null + rm -rf "${module}/.terraform" + done + ;; -*) - echo "Error: unknown mode \"${mode}\"" - exit 1 - ;; -esac + *) + echo "Error: unknown mode \"${mode}\"" + exit 1 + ;; + esac +} + +if test -v SILENT; then + check > /dev/null +else + check +fi