constellation/bazel/ci/BUILD.bazel
Paul Meyer f108ff8539
bazel: add govulncheck to //:check target (#1512)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 13:35:51 +02:00

342 lines
9.7 KiB
Python

load("@bazel_gazelle//:def.bzl", "gazelle")
load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier", "buildifier_test")
load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template")
required_tags = ["e2e"]
gazelle(
name = "gazelle_generate",
build_tags = required_tags,
)
gazelle(
name = "gazelle_check",
build_tags = required_tags,
command = "fix",
mode = "diff",
)
gazelle(
name = "gazelle_update_repos",
args = [
"-from_file=go.work",
"-to_macro=bazel/toolchains/go_module_deps.bzl%go_dependencies",
"-build_file_proto_mode=disable_global",
"-build_file_generation=on",
"-prune",
],
command = "update-repos",
)
buildifier_test(
name = "buildifier_check",
timeout = "short",
lint_mode = "warn",
lint_warnings = ["all"],
mode = "diff",
no_sandbox = True,
verbose = True,
workspace = "//:WORKSPACE.bazel",
)
buildifier(
name = "buildifier_fix",
lint_mode = "fix",
lint_warnings = ["all"],
mode = "fix",
verbose = True,
)
sh_template(
name = "go_mod_tidy",
data = [
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
},
template = "tidy.sh.in",
)
sh_template(
name = "shfmt",
data = [
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shfmt.sh.in",
)
noop_warn(
name = "shellcheck_noop_warning",
warning = "Shellcheck should have been executed, but is currently not available for your platform.",
)
alias(
name = "com_github_koalaman_shellcheck",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_koalaman_shellcheck_darwin_x86_64//:shellcheck",
"@io_bazel_rules_go//go/platform:darwin_arm64": ":shellcheck_noop_warning",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_koalaman_shellcheck_linux_x86_64//:shellcheck",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_koalaman_shellcheck_linux_aaarch64//:shellcheck",
}),
)
sh_template(
name = "shellcheck",
data = [
":com_github_koalaman_shellcheck",
"@com_github_katexochen_sh_v3//cmd/shfmt",
],
substitutions = {
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
"@@SHFMT@@": "$(rootpath @com_github_katexochen_sh_v3//cmd/shfmt)",
},
template = "shellcheck.sh.in",
)
alias(
name = "com_github_rhysd_actionlint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_rhysd_actionlint_darwin_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_rhysd_actionlint_darwin_arm64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_rhysd_actionlint_linux_amd64//:actionlint",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_rhysd_actionlint_linux_arm64//:actionlint",
}),
)
sh_template(
name = "actionlint",
data = [
":com_github_koalaman_shellcheck",
":com_github_rhysd_actionlint",
],
substitutions = {
"@@ACTIONLINT@@": "$(rootpath :com_github_rhysd_actionlint)",
"@@SHELLCHECK@@": "$(rootpath :com_github_koalaman_shellcheck)",
},
template = "actionlint.sh.in",
)
repo_command(
name = "actionlint_no_shellcheck",
command = ":com_github_rhysd_actionlint",
)
alias(
name = "com_github_mvdan_gofumpt",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_mvdan_gofumpt_darwin_amd64//file",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_mvdan_gofumpt_darwin_arm64//file",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_mvdan_gofumpt_linux_amd64//file",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_mvdan_gofumpt_linux_arm64//file",
}),
)
repo_command(
name = "gofumpt",
args = [
"-l",
"-w",
".",
],
command = ":com_github_mvdan_gofumpt",
)
alias(
name = "com_github_aquasecurity_tfsec",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_aquasecurity_tfsec_darwin_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_aquasecurity_tfsec_darwin_arm64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_aquasecurity_tfsec_linux_amd64//:tfsec",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_aquasecurity_tfsec_linux_arm64//:tfsec",
}),
)
sh_template(
name = "tfsec",
data = [
":com_github_aquasecurity_tfsec",
],
substitutions = {
"@@TFSEC@@": "$(rootpath :com_github_aquasecurity_tfsec)",
},
template = "tfsec.sh.in",
)
alias(
name = "com_github_hashicorp_terraform",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_hashicorp_terraform_darwin_amd64//:terraform",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_hashicorp_terraform_darwin_arm64//:terraform",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_hashicorp_terraform_linux_amd64//:terraform",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_hashicorp_terraform_linux_arm64//:terraform",
}),
)
sh_template(
name = "terraform_gen",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "generate",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "tf.sh.in",
)
sh_template(
name = "terraform_check",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "check",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "tf.sh.in",
)
sh_template(
name = "terraform_fmt",
data = [
":com_github_hashicorp_terraform",
],
substitutions = {
"@@MODE@@": "format",
"@@TERRAFORM@@": "$(rootpath :com_github_hashicorp_terraform)",
},
template = "tf.sh.in",
)
alias(
name = "com_github_golangci_golangci_lint",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_golangci_golangci_lint_darwin_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_golangci_golangci_lint_darwin_arm64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_golangci_golangci_lint_linux_amd64//:golangci_lint_bin",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_golangci_golangci_lint_linux_arm64//:golangci_lint_bin",
}),
)
sh_template(
name = "golangci_lint",
data = [
":com_github_golangci_golangci_lint",
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GOLANGCI-LINT@@": "$(rootpath :com_github_golangci_golangci_lint)",
},
template = "golangci.sh.in",
)
alias(
name = "com_github_bufbuild_buf",
actual = select({
"@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_bufbuild_buf_darwin_amd64//:bin/buf",
"@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_bufbuild_buf_darwin_arm64//:bin/buf",
"@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_bufbuild_buf_linux_amd64//:bin/buf",
"@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_bufbuild_buf_linux_arm64//:bin/buf",
}),
)
sh_template(
name = "buf_fmt",
data = [
":com_github_bufbuild_buf",
],
substitutions = {
"@@BUF@@": "$(rootpath :com_github_bufbuild_buf)",
},
template = "buf.sh.in",
)
sh_template(
name = "golicenses_check",
data = [
"@com_github_google_go_licenses//:go-licenses",
"@go_sdk//:bin/go",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GO_LICENSES@@": "$(rootpath @com_github_google_go_licenses//:go-licenses)",
},
template = "golicenses.sh.in",
)
sh_template(
name = "license_header_check",
data = [],
substitutions = {},
template = "licenseheader.sh.in",
)
sh_template(
name = "govulncheck",
data = [
"@go_sdk//:bin/go",
"@org_golang_x_vuln//cmd/govulncheck",
],
substitutions = {
"@@GO@@": "$(rootpath @go_sdk//:bin/go)",
"@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)",
},
template = "govulncheck.sh.in",
)
multirun(
name = "tidy",
commands = [
":shfmt",
":gofumpt",
":go_mod_tidy",
":gazelle_update_repos",
":gazelle_generate",
":buildifier_fix",
":terraform_fmt",
":buf_fmt",
],
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)
multirun(
name = "check",
testonly = True,
commands = [
":gazelle_check",
":buildifier_check",
":golangci_lint",
":terraform_check",
":golicenses_check",
":license_header_check",
":govulncheck",
] + select({
"@io_bazel_rules_go//go/platform:darwin_arm64": [
":shellcheck_noop_warning",
":actionlint_no_shellcheck",
],
"//conditions:default": [
":shellcheck",
":actionlint",
],
}),
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)
multirun(
name = "generate",
commands = [
":terraform_gen",
],
jobs = 1, # execute sequentially
visibility = ["//visibility:public"],
)