Skip to content

Commit

Permalink
Move the tash tool here
Browse files Browse the repository at this point in the history
Moves the current state of the `tash` code from hacks[^1] and adjusts
the `hack/generate-ta-tasks.sh` script to use `go run` and run the local
version of it.

Resolves: https://issues.redhat.com/browse/EC-690

[^1]: https://github.com/enterprise-contract/hacks/tree/main/tash
  • Loading branch information
zregvart committed Aug 15, 2024
1 parent 2d81397 commit c8b6d29
Show file tree
Hide file tree
Showing 28 changed files with 4,078 additions and 21 deletions.
1 change: 1 addition & 0 deletions .github/workflows/checkton.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ jobs:
# Set to false when re-enabling SARIF uploads
fail-on-findings: true
find-copies-harder: true
exclude-regex: ^ta-generator

# Currently, code scanning alerts annoyingly stay open even if you fix them.
# Don't upload SARIF until https://github.com/orgs/community/discussions/132787 is resolved.
Expand Down
36 changes: 29 additions & 7 deletions .github/workflows/go-ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,39 @@ jobs:
lint:
name: Lint
runs-on: ubuntu-latest
strategy:
matrix:
path:
- task-generator
- ta-generator
steps:
- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: './task-generator/go.mod'
go-version-file: './${{matrix.path}}/go.mod'
cache-dependency-path: './${{matrix.path}}/go.sum'
- name: golangci-lint
uses: golangci/golangci-lint-action@e13590484647602042886c51e2a8e43a670a22b7
with:
working-directory: task-generator
working-directory: ${{matrix.path}}
args: "--timeout=10m --build-tags='normal periodic'"
go:
name: Check sources
runs-on: ubuntu-latest
strategy:
matrix:
path:
- task-generator
- ta-generator
steps:
- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- name: Install Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: './task-generator/go.mod'
go-version-file: './${{matrix.path}}/go.mod'
cache-dependency-path: './${{matrix.path}}/go.sum'
- name: Check go mod status
working-directory: task-generator
working-directory: ${{matrix.path}}
run: |
go mod tidy
if [[ ! -z $(git status -s) ]]
Expand All @@ -36,7 +48,7 @@ jobs:
exit 1
fi
- name: Check format
working-directory: task-generator
working-directory: ${{matrix.path}}
run: |
go fmt ./...
Expand All @@ -46,21 +58,31 @@ jobs:
git --no-pager diff
exit 1
fi
- name: Tests
working-directory: ${{matrix.path}}
run: |
go test ./...
security_scan:
name: Security scan
runs-on: ubuntu-latest
strategy:
matrix:
path:
- task-generator
- ta-generator
steps:
- uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: './task-generator/go.mod'
go-version-file: './${{matrix.path}}/go.mod'
cache-dependency-path: './${{matrix.path}}/go.sum'
# https://github.com/securego/gosec/blob/12be14859bc7d4b956b71bef0b443694aa519d8a/README.md#integrating-with-code-scanning
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-tags normal,periodic -no-fail -fmt sarif -out results.sarif ./...'
args: '-tags normal,periodic -no-fail -fmt sarif -out results.sarif ${{matrix.path}}/...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@9c646c24a4c8410122b0d6a1311088e9377eea95
with:
Expand Down
23 changes: 9 additions & 14 deletions hack/generate-ta-tasks.sh
Original file line number Diff line number Diff line change
@@ -1,29 +1,23 @@
#!/usr/bin/env bash

set -o errexit
set -o errtrace
set -o nounset
set -o pipefail
set -o posix

shopt -s globstar nullglob

command -v go &> /dev/null || { echo Please install golang to run this tool; exit 1; }
[[ "$(go env GOVERSION)" == @(go1|go1.[1-9]+(|.*|rc*|beta*)|go1.1[0-9]+(|.*|rc*|beta*)|go1.20*) ]] && { echo Please install golang 1.21.0 or newer; exit 1; }

HACK_DIR="$(realpath "$(dirname "${BASH_SOURCE[0]}")")"
ROOT_DIR="$(git rev-parse --show-toplevel)"
TASK_DIR="$(realpath "${ROOT_DIR}/task")"

if ! command -v tash &> /dev/null; then
echo INFO: tash command is not available will download and use the latest version
tash_dir="$(mktemp -d)"
trap 'rm -rf ${tash_dir}' EXIT
tash_url=https://github.com/enterprise-contract/hacks/releases/download/latest/tash
echo INFO: downloading from ${tash_url} to "${tash_dir}"
curl --no-progress-meter --location --output "${tash_dir}/tash" "${tash_url}"
echo INFO: SHA256: "$(sha256sum "${tash_dir}/tash")"
chmod +x "${tash_dir}/tash"
tash() {
"${tash_dir}/tash" "$@"
}
fi
tash() {
go run -C "${ROOT_DIR}/ta-generator/" github.com/konflux-ci/build-definitions/ta-generator "$@"
}

declare -i changes=0
emit() {
Expand All @@ -44,7 +38,8 @@ fi
cd "${TASK_DIR}"
for recipe_path in **/recipe.yaml; do
task_path="${recipe_path%/recipe.yaml}/$(basename "${recipe_path%/*/*}").yaml"
cat <<< "$(tash "${recipe_path}")" > "${task_path}"
sponge=$(tash "${TASK_DIR}/${recipe_path}")
echo "${sponge}" > "${task_path}"
readme_path="${recipe_path%/recipe.yaml}/README.md"
"${HACK_DIR}/generate-readme.sh" "${task_path}" > "${readme_path}"
if ! git diff --quiet HEAD "${task_path}"; then
Expand Down
17 changes: 17 additions & 0 deletions ta-generator/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Trusted Artifacts variants generator

## Description and usage

The code in here will process a set of directions in `recipe.yaml` file and
based on that and a set of builtin conventions generate the Tekton Task
definition in YAML format.

Usage (from this directory):

go run . path/to/recipe.yaml

The generated Trusted Artifacts Task is provided on the standard output.

## Development

To build the tool executable run `go build`, to run the tests run `go test`.
22 changes: 22 additions & 0 deletions ta-generator/expect.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package main

import (
"fmt"
"os"
)

func expect(err error) {
if err == nil {
return
}
fmt.Fprint(os.Stderr, err)
os.Exit(1)
}

func expectValue[T any](val T, err error) T {
if err != nil {
expect(err)
}

return val
}
91 changes: 91 additions & 0 deletions ta-generator/go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
module github.com/konflux-ci/build-definitions/ta-generator

go 1.22.3

require (
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.19.1
github.com/tektoncd/pipeline v0.60.1
github.com/zregvart/tkn-fmt v0.0.0-20240613172239-ba04662da674
k8s.io/api v0.30.1
mvdan.cc/sh/v3 v3.8.0
sigs.k8s.io/yaml v1.4.0
)

require (
contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect
contrib.go.opencensus.io/exporter/prometheus v0.4.2 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blendle/zapdriver v1.3.1 // indirect
github.com/braydonk/yaml v0.7.0 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/cli v24.0.7+incompatible // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/docker v26.0.0+incompatible // indirect
github.com/docker/docker-credential-helpers v0.7.0 // indirect
github.com/emicklei/go-restful/v3 v3.12.1 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/cel-go v0.20.1 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.16.6 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.54.0 // indirect
github.com/prometheus/procfs v0.15.1 // indirect
github.com/prometheus/statsd_exporter v0.26.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/stoewer/go-strcase v1.3.0 // indirect
github.com/vbatts/tar-split v0.11.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect
golang.org/x/net v0.26.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sync v0.7.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/term v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/api v0.183.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/grpc v1.64.0 // indirect
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apimachinery v0.30.1 // indirect
k8s.io/client-go v0.30.1 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect
k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect
knative.dev/pkg v0.0.0-20240604134003-58135c2c0694 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)
Loading

0 comments on commit c8b6d29

Please sign in to comment.