diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4d24e30..f86c5d6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,4 +1,4 @@ -# WARNING: This file is autogenerated - changes will be overwritten if not made via https://github.com/pulumi/ci-mgmt +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt name: lint @@ -7,15 +7,6 @@ on: inputs: {} env: - PROVIDER: docker-build - PULUMI_LOCAL_NUGET: ${{ github.workspace }}/nuget - TRAVIS_OS_NAME: linux - PULUMI_GO_DEP_ROOT: ${{ github.workspace }}/.. - GOVERSION: "1.21.x" - NODEVERSION: "20.x" - PYTHONVERSION: "3.11.8" - DOTNETVERSION: "8.0.x" - JAVAVERSION: "11" ARM_CLIENT_ID: 30e520fa-12b4-4e21-b473-9426c5ac2e1e ARM_SUBSCRIPTION_ID: 0282681f-7a9e-424b-80b2-96babd57a8a1 ARM_TENANT_ID: 706143bc-e1d4-4593-aee2-c9dc60ab9be7 @@ -29,29 +20,50 @@ env: GOOGLE_REGION: us-central1 GOOGLE_ZONE: us-central1-a PULUMI_API: https://api.pulumi-staging.io + PULUMI_PULUMI_ENABLE_JOURNALING: "true" jobs: lint: + name: lint runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + id-token: write # For ESC secrets. steps: - name: Checkout Repo uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - name: Setup Tools - uses: ./.github/actions/setup-tools + persist-credentials: false + - env: + ESC_ACTION_ENVIRONMENT: github-secrets/${{ github.repository_owner }}-${{ github.event.repository.name }} + ESC_ACTION_EXPORT_ENVIRONMENT_VARIABLES: "false" + ESC_ACTION_OIDC_AUTH: "true" + ESC_ACTION_OIDC_ORGANIZATION: pulumi + ESC_ACTION_OIDC_REQUESTED_TOKEN_TYPE: urn:pulumi:token-type:access_token:organization + id: esc-secrets + name: Fetch secrets from ESC + uses: pulumi/esc-action@9eb774255b1a4afb7855678ae8d4a77359da0d9b + - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + id: app-auth with: + app-id: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_APP_ID }} + private-key: ${{ steps.esc-secrets.outputs.PULUMI_PROVIDER_AUTOMATION_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + - name: Setup mise + uses: blampe/mise-action@blampe/plugins + env: + MISE_FETCH_REMOTE_VERSIONS_TIMEOUT: 30s + with: + version: 2026.1.1 github_token: ${{ steps.app-auth.outputs.token }} - - name: Disarm go:embed directives to enable linters that compile source code - run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i - 's/go:embed/ goembed/g' - - name: golangci-lint provider pkg - uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 - with: - install-mode: none # Handled by mise. - working-directory: . - name: lint - if: github.event_name == 'repository_dispatch' || - github.event.pull_request.head.repo.full_name == github.repository + plugin_install: https://github.com/pulumi/vfox-pulumi + cache_save: false # A different job handles caching our tools. + - name: prepare workspace + continue-on-error: true + run: make prepare_local_workspace + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: lint + run: make lint diff --git a/.github/workflows/run-acceptance-tests.yml b/.github/workflows/run-acceptance-tests.yml index 1958cb9..12a5cb5 100644 --- a/.github/workflows/run-acceptance-tests.yml +++ b/.github/workflows/run-acceptance-tests.yml @@ -536,26 +536,8 @@ jobs: - prerequisites - lint lint: - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - lfs: true - persist-credentials: false - ref: ${{ env.PR_COMMIT_SHA }} - - name: Setup Tools - uses: ./.github/actions/setup-tools - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - - name: Disarm go:embed directives to enable linters that compile source code - run: git grep -l 'go:embed' -- provider | xargs --no-run-if-empty sed -i - 's/go:embed/ goembed/g' - - name: golangci-lint provider pkg - uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 - with: - install-mode: none # Handled by mise. - working-directory: . - name: lint if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository + name: lint + uses: ./.github/workflows/lint.yml + secrets: inherit diff --git a/.golangci.yml b/.golangci.yml index cf67750..4235632 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,39 +1,32 @@ -run: - timeout: 10m +# WARNING: This file is autogenerated - changes will be overwritten when regenerated by https://github.com/pulumi/ci-mgmt linters: - enable-all: false enable: - - depguard - - errcheck - - exhaustive - - copyloopvar - - gci - - gocritic - - gofumpt - - goheader - - gosec - - govet - - importas - - ineffassign - - lll - - misspell - - nakedret - - nolintlint - - paralleltest - - perfsprint - - prealloc - - revive - - unconvert - - unused - + - errcheck + - gci + - goconst + - gofmt + - gosec + - govet + - ineffassign + - lll + - gosimple + - staticcheck + - misspell + - nakedret + - revive + - unconvert + - unused + enable-all: false +issues: + exclude-dirs: + - pkg/vendored + exclude-files: + - schema.go + - pulumiManifest.go +run: + timeout: 20m linters-settings: - depguard: - rules: - protobuf: - deny: - - pkg: "github.com/golang/protobuf" - desc: Use google.golang.org/protobuf instead gci: sections: - standard # Standard section: captures all standard library packages. @@ -42,63 +35,3 @@ linters-settings: - prefix(github.com/pulumi/) # Custom section: groups all imports with the github.com/pulumi/ prefix. - prefix(github.com/pulumi/pulumi-docker-build) # Custom section: local imports custom-order: true - gocritic: - enable-all: true - disabled-checks: - - hugeParam - - importShadow - goheader: - template: |- - Copyright 2024, Pulumi Corporation. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - govet: - enable: - - nilness - # Reject comparisons of reflect.Value with DeepEqual or '=='. - - reflectvaluecompare - # Reject sort.Slice calls with a non-slice argument. - - sortslice - # Detect write to struct/arrays by-value that aren't read again. - - unusedwrite - nakedret: - # Make an issue if func has more lines of code than this setting, and it has naked returns. - # Default: 30 - max-func-lines: 60 - nolintlint: - # Some linter exclusions are added to generated or templated files - # pre-emptively. - # Don't complain about these. - allow-unused: true - -issues: - exclude-use-default: false - exclude-rules: - # Don't warn on unused parameters. - # Parameter names are useful; replacing them with '_' is undesirable. - - linters: [revive] - text: 'unused-parameter: parameter \S+ seems to be unused, consider removing or renaming it as _' - - # staticcheck already has smarter checks for empty blocks. - # revive's empty-block linter has false positives. - # For example, as of writing this, the following is not allowed. - # for foo() { } - - linters: [revive] - text: "empty-block: this block is empty, you can remove it" - - # We *frequently* use the term 'new' in the context of properties - # (new and old properties), - # and we rarely use the 'new' built-in function. - # It's fine to ignore these cases. - - linters: [revive] - text: "redefines-builtin-id: redefinition of the built-in function new"