bazel check: silent env for cleaner output (#1898)

* explicitly ignore pkgs for cleaner output

* do not ignore but redirect stderr

* silent env var to silent stderr

* add silent env var to vuln,lint,tf

* fix golangci silent

* Update bazel/ci/terraform.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golicenses.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/govulncheck.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golangci_lint.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

---------

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

bazel/ci/golangci_lint.sh.in

@@ -27,22 +27,31 @@ excludeMods=(
   "hack/tools"
 )
 
-echo "The following Go modules are excluded and won't be linted with golangci-lint:"
+check() {
-for exclude in "${excludeMods[@]}"; do
+  echo "The following Go modules are excluded and won't be linted with golangci-lint:"
-  for i in "${!modules[@]}"; do
+  for exclude in "${excludeMods[@]}"; do
-    if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then
+    for i in "${!modules[@]}"; do
-      echo "  ${modules[i]}"
+      if [[ ${modules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}" ]]; then
-      unset 'modules[i]'
+        echo "  ${modules[i]}"
-    fi
+        unset 'modules[i]'
+      fi
+    done
   done
-done
 
-statuscode=0
+  statuscode=0
 
-echo "Linting the following Go modules with golangci-lint:"
+  echo "Linting the following Go modules with golangci-lint:"
-for mod in "${modules[@]}"; do
+  for mod in "${modules[@]}"; do
-  echo "  ${mod}"
+    echo "  ${mod}"
-  PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." || statuscode=$?
+    PATH="$(dirname "${go}"):${PATH}" GOROOT=$(${go} env GOROOT) GOPATH=$(${go} env GOPATH) GOCACHE=$(${go} env GOCACHE) CGO_ENABLED=0 ${golangcilint} run --timeout=15m "${mod}/..." >&2
-done
+    statuscode=$?
+  done
 
-exit "${statuscode}"
+  exit "${statuscode}"
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi

bazel/ci/golicenses.sh.in

@@ -27,65 +27,73 @@ not_allowed() {
   err=1
 }
 
+license_report() {
+  PATH="$(dirname "${go}"):${PATH}" \
+  GOROOT=$(${go} env GOROOT) \
+  GOPATH=$(${go} env GOPATH) \
+  GOCACHE=$(${go} env GOCACHE) \
+    ${golicenses} report ./... | {
+    while read -r line; do
+
+      pkg=${line%%,*}
+      lic=${line##*,}
+
+      case ${lic} in
+      Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
+
+      MPL-2.0)
+        case ${pkg} in
+        github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
+
+        github.com/letsencrypt/boulder) ;;
+
+        github.com/hashicorp/*) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      AGPL-3.0)
+        case ${pkg} in
+        github.com/edgelesssys/constellation/v2) ;;
+
+        github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      Unknown)
+        case ${pkg} in
+        github.com/edgelesssys/go-tdx-qpl/*) ;;
+
+        *)
+          not_allowed
+          ;;
+        esac
+        ;;
+
+      *)
+        echo "unknown license: ${line}"
+        err=1
+        ;;
+      esac
+
+    done
+    exit "${err}"
+  }
+}
+
 ${go} mod download
 
 err=0
 
-PATH="$(dirname "${go}"):${PATH}" \
+if test -v SILENT; then
-GOROOT=$(${go} env GOROOT) \
+  license_report 2> /dev/null
-GOPATH=$(${go} env GOPATH) \
+else
-GOCACHE=$(${go} env GOCACHE) \
+  license_report
-  ${golicenses} csv ./... | {
+fi
-  while read -r line; do
-
-    pkg=${line%%,*}
-    lic=${line##*,}
-
-    case ${lic} in
-    Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
-
-    MPL-2.0)
-      case ${pkg} in
-      github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
-
-      github.com/letsencrypt/boulder) ;;
-
-      github.com/hashicorp/*) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    AGPL-3.0)
-      case ${pkg} in
-      github.com/edgelesssys/constellation/v2) ;;
-
-      github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    Unknown)
-      case ${pkg} in
-      github.com/edgelesssys/go-tdx-qpl/*) ;;
-
-      *)
-        not_allowed
-        ;;
-      esac
-      ;;
-
-    *)
-      echo "unknown license: ${line}"
-      err=1
-      ;;
-    esac
-
-  done
-  exit "${err}"
-}

bazel/ci/govulncheck.sh.in

@@ -24,18 +24,27 @@ submodules=$(${go} list -f '{{.Dir}}' -m)
 
 PATH=$(dirname "${go}"):${PATH}
 
-err=0
+check() {
+  err=0
 
-echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
+  echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:"
-for mod in ${submodules}; do
+  for mod in ${submodules}; do
-  echo "  ${mod}"
+    echo "  ${mod}"
-  echo -n "  "
+    echo -n "  "
-  CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
+    CGO_ENABLED=0 ${govulncheck} "${mod}/..." |
-    tail -n 2 | # Providing some nice output...
+      tail -n 2 | # Providing some nice output...
-    tr '\n' ' ' |
+      tr '\n' ' ' |
-    sed s/" your code and"// &&
+      sed s/" your code and"// &&
-    printf "\n" ||
+      printf "\n" ||
-    err=$?
+      err=$?
-done
+  done
 
-exit "${err}"
+  exit "${err}"
+
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi

bazel/ci/terraform.sh.in

@@ -39,58 +39,66 @@ excludeDirs=(
   "build"
 )
 
-echo "The following Terraform modules are excluded and won't be tidied:"
+check() {
-for exclude in "${excludeDirs[@]}"; do
+  echo "The following Terraform modules are excluded and won't be tidied:"
-  for i in "${!terraformModules[@]}"; do
+  for exclude in "${excludeDirs[@]}"; do
-    if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
+    for i in "${!terraformModules[@]}"; do
-      echo "  ${terraformModules[i]}"
+      if [[ ${terraformModules[i]} == "${BUILD_WORKSPACE_DIRECTORY}/${exclude}"* ]]; then
-      unset 'terraformModules[i]'
+        echo "  ${terraformModules[i]}"
-    fi
+        unset 'terraformModules[i]'
+      fi
+    done
   done
-done
 
-case ${mode} in
+  case ${mode} in
-"check")
+  "check")
-  echo "Checking validity and format of the following Terraform modules:"
+    echo "Checking validity and format of the following Terraform modules:"
-  for script in "${terraformModules[@]}"; do
+    for script in "${terraformModules[@]}"; do
-    echo "  ${script}"
+      echo "  ${script}"
-  done
+    done
-  echo "This may take a minute..."
+    echo "This may take a minute..."
-  for module in "${terraformModules[@]}"; do
+    for module in "${terraformModules[@]}"; do
-    ${terraform} -chdir="${module}" init > /dev/null
+      ${terraform} -chdir="${module}" init > /dev/null
-    ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null
+      ${terraform} -chdir="${module}" fmt -check -recursive > /dev/null
-    ${terraform} -chdir="${module}" validate > /dev/null
+      ${terraform} -chdir="${module}" validate > /dev/null
-    rm -rf "${module}/.terraform"
+      rm -rf "${module}/.terraform"
-  done
+    done
-  ;;
+    ;;
 
-"format")
+  "format")
-  echo "Formatting the following Terraform modules:"
+    echo "Formatting the following Terraform modules:"
-  for module in "${terraformModules[@]}"; do
+    for module in "${terraformModules[@]}"; do
-    echo "  ${module}"
+      echo "  ${module}"
-    ${terraform} -chdir="${module}" fmt -recursive > /dev/null
+      ${terraform} -chdir="${module}" fmt -recursive > /dev/null
-  done
+    done
-  ;;
+    ;;
 
-"generate")
+  "generate")
-  echo "Formatting and generating lock files for the following Terraform modules:"
+    echo "Formatting and generating lock files for the following Terraform modules:"
-  for script in "${terraformModules[@]}"; do
+    for script in "${terraformModules[@]}"; do
-    echo "  ${script}"
+      echo "  ${script}"
-  done
+    done
-  echo "This may take 5-10 min..."
+    echo "This may take 5-10 min..."
-  for module in "${terraformModules[@]}"; do
+    for module in "${terraformModules[@]}"; do
-    ${terraform} -chdir="${module}" init > /dev/null
+      ${terraform} -chdir="${module}" init > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=linux_arm64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=linux_amd64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=darwin_arm64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=darwin_amd64 > /dev/null
-    ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null
+      ${terraform} -chdir="${module}" providers lock -platform=windows_amd64 > /dev/null
-    rm -rf "${module}/.terraform"
+      rm -rf "${module}/.terraform"
-  done
+    done
-  ;;
+    ;;
 
-*)
+  *)
-  echo "Error: unknown mode \"${mode}\""
+    echo "Error: unknown mode \"${mode}\""
-  exit 1
+    exit 1
-  ;;
+    ;;
-esac
+  esac
+}
+
+if test -v SILENT; then
+  check > /dev/null
+else
+  check
+fi