constellation/bazel/ci/BUILD.bazel
Markus Rudy 32d3b4e87c
ci: introduce keep-sorted (#2836)
Long lists of items in source code or config can be hard to work with as
a human, most problematic being out-of-order entries in an otherwise
ordered list. This is where keep-sorted comes to the rescue: we can
leave two little comments on every listing we care about, and
keep-sorted ensures that the listing stays in order.

This commit also applied keep-sorted to the CODEOWNERS file, hopefully
demonstrating its usefulness to some extent. I'd expect more uses for
keep-sorted to be discovered organically over time.

keep-sorted is super fast, so it should not be a problem to add it to
the //:tidy target, even if we scan all files in the code base. On my
MacBook:

$ time (find . -not -path "./.git/*" -type f | sort | xargs "${keep_sorted}" --mode fix)

real	0m0.249s
user	0m0.124s
sys	0m0.129s
2024-01-30 14:39:49 +01:00

584 lines
17 KiB
Python

load("@bazel_gazelle//:def.bzl", "gazelle")
load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "command", "multirun")
load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier", "buildifier_test")
load("//bazel/ci:proto_targets.bzl", "proto_targets")
load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template")
required_tags = [
"e2e",
"integration",
]
# TODO(malt3): Remove this once we have a better solution for
# gazelle not respecting the default go env.
command(
name = "cmd_gazelle_update_repos",
command = ":gazelle_update_repos",
environment = {
"GOPROXY": "https://proxy.golang.org,direct",
"GOSUMDB": "sum.golang.org",
"GOTOOLCHAIN": "local",
},
)
gazelle(
name = "gazelle_generate",
build_tags = required_tags,
)
gazelle(
name = "gazelle_check",
build_tags = required_tags,
command = "fix",
mode = "diff",
)
gazelle(
name = "gazelle_update_repos",
args = [
"-from_file=go.work",
"-to_macro=bazel/toolchains/go_module_deps.bzl%go_dependencies",
"-build_file_proto_mode=disable_global",
"-build_file_generation=on",
"-prune",
],
command = "update-repos",
)
buildifier_test(
name = "buildifier_check",
timeout = "short",
lint_mode = "warn",
lint_warnings = ["all"],
mode = "diff",
no_sandbox = True,
tags = ["no-remote-exec"],
verbose = True,
workspace = "//:WORKSPACE.bazel",
)
buildifier(
name = "buildifier_fix",
lint_mode = "fix",
lint_warnings = ["all"],
mode = "fix",
tags = ["no-remote-exec"],
verbose = True,
)
sh_template(
name = "keep_sorted",
data = [
"@com_github_google_keep_sorted//:keep-sorted",
],
substitutions = {
"@@KEEP_SORTED@@": "$(rootpath @com_github_google_keep_sorted//:keep-sorted)",
},
template = "keep_sorted.sh.in",
)
sh_template(
name = "go_mod_tidy",
data = [
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
},
template = "go_tidy.sh.in",
)
sh_template(
name = "shfmt",
data = [
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shfmt.sh.in",
)
noop_warn(
name = "shellcheck_noop_warning",
warning = "Shellcheck should have been executed, but is currently not available for your platform.",
)
alias(
name = "com_github_koalaman_shellcheck",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_koalaman_shellcheck_darwin_amd64//:shellcheck",
"@io_bazel_rules_go//go/platform:darwin_arm64": ":shellcheck_noop_warning",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_koalaman_shellcheck_linux_amd64//:shellcheck",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_koalaman_shellcheck_linux_arm64//:shellcheck",
}),
)
sh_template(
name = "shellcheck",
data = [
":com_github_koalaman_shellcheck",
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shellcheck.sh.in",
)
alias(
name = "com_github_rhysd_actionlint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_rhysd_actionlint_darwin_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_rhysd_actionlint_darwin_arm64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_rhysd_actionlint_linux_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_rhysd_actionlint_linux_arm64//:actionlint",
}),
)
sh_template(
name = "actionlint",
data = [
":com_github_koalaman_shellcheck",
":com_github_rhysd_actionlint",
],
substitutions = {
"@@ACTIONLINT@@": "$(rootpath :com_github_rhysd_actionlint)",
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
},
template = "actionlint.sh.in",
)
repo_command(
name = "actionlint_no_shellcheck",
command = ":com_github_rhysd_actionlint",
)
alias(
name = "com_github_mvdan_gofumpt",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_mvdan_gofumpt_darwin_amd64//file",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_mvdan_gofumpt_darwin_arm64//file",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_mvdan_gofumpt_linux_amd64//file",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_mvdan_gofumpt_linux_arm64//file",
}),
)
repo_command(
name = "gofumpt",
args = [
"-l",
"-w",
".",
],
command = ":com_github_mvdan_gofumpt",
)
alias(
name = "com_github_aquasecurity_tfsec",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_aquasecurity_tfsec_darwin_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_aquasecurity_tfsec_darwin_arm64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_aquasecurity_tfsec_linux_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_aquasecurity_tfsec_linux_arm64//:tfsec",
}),
)
sh_template(
name = "tfsec",
data = [
":com_github_aquasecurity_tfsec",
],
substitutions = {
"@@TFSEC@@": "$(rootpath :com_github_aquasecurity_tfsec)",
},
template = "tfsec.sh.in",
)
alias(
name = "com_github_hashicorp_terraform",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_hashicorp_terraform_darwin_amd64//:terraform",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_hashicorp_terraform_darwin_arm64//:terraform",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_hashicorp_terraform_linux_amd64//:terraform",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_hashicorp_terraform_linux_arm64//:terraform",
}),
visibility = ["//visibility:public"],
)
sh_template(
name = "terraform_gen",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "generate",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
sh_template(
name = "terraform_check",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "check",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
sh_template(
name = "terraform_fmt",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "format",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "terraform.sh.in",
)
alias(
name = "com_github_golangci_golangci_lint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_golangci_golangci_lint_darwin_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_golangci_golangci_lint_darwin_arm64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_golangci_golangci_lint_linux_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_golangci_golangci_lint_linux_arm64//:golangci_lint_bin",
}),
)
sh_template(
name = "golangci_lint",
data = [
":com_github_golangci_golangci_lint",
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GOLANGCI-LINT@@": "$(rootpath :com_github_golangci_golangci_lint)",
},
template = "golangci_lint.sh.in",
)
alias(
name = "com_github_bufbuild_buf",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_bufbuild_buf_darwin_amd64//:buf",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_bufbuild_buf_darwin_arm64//:buf",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_bufbuild_buf_linux_amd64//:buf",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_bufbuild_buf_linux_arm64//:buf",
}),
)
sh_template(
name = "buf_fmt",
data = [
":com_github_bufbuild_buf",
],
substitutions = {
"@@BUF@@": "$(rootpath :com_github_bufbuild_buf)",
},
template = "buf.sh.in",
)
sh_template(
name = "golicenses_check",
data = [
"@com_github_google_go_licenses//:go-licenses",
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GO_LICENSES@@": "$(rootpath @com_github_google_go_licenses//:go-licenses)",
},
template = "golicenses.sh.in",
)
sh_template(
name = "license_header_check",
data = [],
substitutions = {},
template = "license_header.sh.in",
)
sh_template(
name = "govulncheck",
data = [
"@go_sdk//:bin/go",
"@org_golang_x_vuln//cmd/govulncheck",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)",
},
template = "govulncheck.sh.in",
)
alias(
name = "com_github_siderolabs_talos_hack_docgen",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_siderolabs_talos_hack_docgen_darwin_amd64//file",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_siderolabs_talos_hack_docgen_darwin_arm64//file",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_siderolabs_talos_hack_docgen_linux_amd64//file",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_siderolabs_talos_hack_docgen_linux_arm64//file",
}),
)
alias(
name = "com_github_helm_helm",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_helm_helm_darwin_amd64//:helm",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_helm_helm_darwin_arm64//:helm",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_helm_helm_linux_amd64//:helm",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_helm_helm_linux_arm64//:helm",
}),
)
sh_template(
name = "go_generate",
data = [
":com_github_helm_helm",
":com_github_siderolabs_talos_hack_docgen",
"//internal/attestation/measurements/measurement-generator",
"//internal/versions/hash-generator",
"@go_sdk//:bin/go",
"@org_golang_x_tools//cmd/stringer",
"@yq_toolchains//:resolved_toolchain",
],
substitutions = {
"@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)",
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)",
"@@HELM@@": "$(rootpath :com_github_helm_helm)",
"@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)",
"@@STRINGER@@": "$(rootpath @org_golang_x_tools//cmd/stringer:stringer)",
"@@YQ@@": "$(rootpath @yq_toolchains//:resolved_toolchain)",
},
template = "go_generate.sh.in",
)
# deps_mirror_fix fixes bazel workspace rules for external dependencies.
# It normalizes the rules and rewrites WORKSPACE and bzl files.
# If files are not in the mirror, it will fail.
# Use deps_mirror_upload to upload missing files.
repo_command(
name = "deps_mirror_fix",
args = [
"fix",
"--unauthenticated",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_upload fixes bazel workspace rules for external dependencies.
# It uploads all dependencies to the mirror, normalizes the rules and rewrites WORKSPACE and bzl files.
repo_command(
name = "deps_mirror_upload",
args = [
"fix",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_upgrade upgrades bazel workspace rules for external dependencies.
# Users are supposed to replace any upstream URLs.
# It replaces the expected hash and uploads the new dep to the mirror.
repo_command(
name = "deps_mirror_upgrade",
args = [
"upgrade",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_check checks bazel workspace rules for external dependencies.
# It checks if all dependency rules have mirror urls and are properly formatted.
# It doesn't check if the mirror has the files.
# Use deps_mirror_check_mirror to check if the mirror has the files.
repo_command(
name = "deps_mirror_check",
args = [
"check",
],
command = "//hack/bazel-deps-mirror",
)
# deps_mirror_check_mirror checks bazel workspace rules for external dependencies.
# It checks if all dependency rules are correctly mirrored and checks that the rules are properly formatted.
repo_command(
name = "deps_mirror_check_mirror",
args = [
"check",
"--mirror",
],
command = "//hack/bazel-deps-mirror",
)
sh_template(
name = "proto_targets_check",
data = [
"@diffutils//:bin/diff",
],
env = {
"DIFF": "$(rootpath @diffutils//:bin/diff)",
},
substitutions = {
"@@PROTO_TARGETS@@": " ".join(proto_targets()),
},
template = "proto_targets_check.sh.in",
)
multirun(
name = "proto_generate",
commands = proto_targets(),
jobs = 0, # execute concurrently
)
sh_template(
name = "cli_docgen",
data = [
"//hack/clidocgen",
],
substitutions = {
"@@CLIDOCGEN@@": "$(rootpath //hack/clidocgen:clidocgen)",
},
template = "cli_docgen.sh.in",
)
sh_template(
name = "terraform_docgen",
data = [
":com_github_hashicorp_terraform",
"//terraform-provider-constellation:tf_provider",
"@terraform-plugin-docs//:bin/tfplugindocs",
],
substitutions = {
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
"@@TFPLUGINDOCS@@": "$(rootpath @terraform-plugin-docs//:bin/tfplugindocs)",
},
template = "terraform_docgen.sh.in",
)
sh_template(
name = "version_info_gen",
data = [
"//hack/versioninfogen",
],
substitutions = {
"@@VERSIONINFOGEN@@": "$(rootpath //hack/versioninfogen:versioninfogen)",
},
template = "version_info_gen.sh.in",
)
alias(
name = "com_github_katexochen_ghh",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_katexochen_ghh_darwin_amd64//:ghh",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_katexochen_ghh_darwin_arm64//:ghh",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_katexochen_ghh_linux_amd64//:ghh",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_katexochen_ghh_linux_arm64//:ghh",
}),
)
repo_command(
name = "ghh",
args = [],
command = ":com_github_katexochen_ghh",
)
sh_template(
name = "bazel_container",
data = [],
substitutions = {},
template = "bazel_container.sh.in",
)
sh_template(
name = "unused_gh_actions",
data = [],
substitutions = {},
template = "unused_gh_actions.sh.in",
)
sh_template(
name = "gocoverage_diff",
data = [
"//hack/gocoverage",
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GOCOVERAGE@@": "$(rootpath //hack/gocoverage:gocoverage)",
},
template = "gocoverage_diff.sh.in",
)
multirun(
name = "tidy",
commands = [
":shfmt",
":gofumpt",
":go_mod_tidy",
":cmd_gazelle_update_repos",
":gazelle_generate",
":buildifier_fix",
":terraform_fmt",
":buf_fmt",
":deps_mirror_fix",
":bazel_container",
":keep_sorted",
],
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)
multirun(
name = "check",
testonly = True,
commands = [
":gazelle_check",
":buildifier_check",
":golangci_lint",
":terraform_check",
":golicenses_check",
":license_header_check",
":govulncheck",
":deps_mirror_check",
":proto_targets_check",
":unused_gh_actions",
] + select({
"@io_bazel_rules_go//go/platform:darwin_arm64": [
":shellcheck_noop_warning",
":actionlint_no_shellcheck",
],
"//conditions:default": [
":shellcheck",
":actionlint",
],
}),
jobs = 0, # execute concurrently
stop_on_error = False,
visibility = ["//visibility:public"],
)
multirun(
name = "generate",
commands = [
":terraform_gen",
"//3rdparty/bazel/com_github_medik8s_node_maintainance_operator:pull_files",
":go_generate",
":proto_generate",
":cli_docgen",
":terraform_docgen",
":version_info_gen",
],
jobs = 0, # execute concurrently
visibility = ["//visibility:public"],
)