mirror of
https://github.com/opentffoundation/opentf.git
synced 2025-12-19 09:48:32 -05:00
e74bf2d0a1
Previously the Go toolchain had no explicit support for "tools" and so we used the typical Go community workaround of adding "tools.go" files (two, for some reason) that existed only to trick the Go toolchain into considering the tools as dependencies we could track in go.mod. Go 1.24 introduced explicit support for tracking tools as part of go.mod, and the ability to run those using "go tool" instead of "go run", and so this commit switches us over to using that strategy for everything we were previously managing in tools.go. There are some intentional exceptions here: - The protobuf-compile script can't use "go tool" or "go run" because the tools in question are run only indirectly through protoc. However, we do still use the "tool" directive in go.mod to tell the Go toolchain that we depend on those tools, so that it'll track which versions we are currently using as part of go.mod. - Our golangci-lint Makefile target uses "go run" to run a specific version of golangci-lint. We _intentionally_ don't consider that tool to be a direct dependency of OpenTofu because it has a lot of indirect dependencies that would pollute our go.mod file. Therefore that continues to use "go run" after this commit. - Both of our tools.go files previously referred to github.com/nishanths/exhaustive , but nothing actually appears to be using that tool in the current OpenTofu tree, so it's no longer a dependency after this commit. All of the dependencies we have _only_ for tools are now classified as "indirect" in the go.mod file. This is the default behavior of the Go toolchain and appears to be motivated by making it clearer that these modules do not contribute anything to the runtime behavior of OpenTofu. This also corrected a historical oddity in our go.mod where for some reason the "indirect" dependencies had been split across two different "require" directives; they are now all grouped together in a single directive. Signed-off-by: Martin Atkins <mart@degeneration.co.uk>
222 lines
7.8 KiB
YAML
222 lines
7.8 KiB
YAML
# This workflow is a collection of "quick checks" that should be reasonable
|
|
# to run for any new commit to this repository in principle.
|
|
#
|
|
# The main purpose of this workflow is to represent checks that we want to
|
|
# run prior to reviewing and merging a pull request. We should therefore aim
|
|
# for these checks to complete in no more than a few minutes in the common
|
|
# case.
|
|
#
|
|
# The build.yml workflow includes some additional checks we run only for
|
|
# already-merged changes to release branches and tags, as a compromise to
|
|
# keep the PR feedback relatively fast. The intent is that checks.yml should
|
|
# catch most problems but that build.yml might occasionally be the one to catch
|
|
# more esoteric situations, such as architecture-specific or OS-specific
|
|
# misbehavior.
|
|
|
|
name: Quick Checks
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
- 'v[0-9]+.[0-9]+'
|
|
- checks-workflow-dev/*
|
|
tags:
|
|
- 'v[0-9]+.[0-9]+.[0-9]+*'
|
|
|
|
# This workflow runs for not-yet-reviewed external contributions and so it
|
|
# intentionally has no write access and only limited read access to the
|
|
# repository.
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
fileschanged:
|
|
name: List files changed for pull request
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- id: diff
|
|
run: |
|
|
git fetch --no-tags --prune --no-recurse-submodules --depth=1 origin ${{github.event.pull_request.base.ref}}
|
|
echo "go=$(git diff --name-only origin/${{github.event.pull_request.base.ref}} | grep -e '\.go' -e '\.github' -e 'go\.mod' -e 'go\.sum' -e '\.tf' -e '\.gitattributes' | wc -l)" | tee -a "$GITHUB_OUTPUT"
|
|
outputs:
|
|
go: ${{ steps.diff.outputs.go }}
|
|
|
|
unit-tests:
|
|
name: Unit tests for ${{ matrix.goos }}_${{ matrix.goarch }}
|
|
runs-on: ${{ matrix.runson }}
|
|
needs: fileschanged
|
|
if: ${{ needs.fileschanged.outputs.go != 0}}
|
|
env:
|
|
TF_APPEND_USER_AGENT: Integration-Test
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- { runson: ubuntu-24.04-arm, goos: linux, goarch: "arm64" }
|
|
- { runson: ubuntu-latest, goos: linux, goarch: "amd64" }
|
|
- { runson: ubuntu-latest, goos: linux, goarch: "386" }
|
|
- { runson: ubuntu-latest, goos: linux, goarch: "arm" }
|
|
- { runson: macos-latest, goos: darwin, goarch: "arm64" }
|
|
- { runson: windows-latest, goos: windows, goarch: "amd64" }
|
|
fail-fast: false
|
|
steps:
|
|
# 👇🏾 GH actions supports only "AMD64 arch", so we are using this action
|
|
# for testing on non amd64 envs like 386, arm64 etc...
|
|
- name: "Set up QEMU"
|
|
if: matrix.goos == 'linux' && matrix.goarch != 'amd64' && matrix.goarch != 'arm64'
|
|
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0
|
|
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Install Go toolchain
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: "Unit tests"
|
|
run: |
|
|
go test ./...
|
|
|
|
race-tests:
|
|
name: "Race Tests"
|
|
runs-on: ubuntu-latest
|
|
needs: fileschanged
|
|
if: ${{ needs.fileschanged.outputs.go != 0}}
|
|
|
|
steps:
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Install Go toolchain
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
# The race detector add significant time to the unit tests, so only run
|
|
# it for select packages.
|
|
- name: "Race detector"
|
|
run: |
|
|
go test -race ./internal/tofu ./internal/command ./internal/states
|
|
|
|
e2e-tests:
|
|
# This is an intentionally-limited form of our E2E test run which only
|
|
# covers OpenTofu running on Linux. The build.yml workflow runs these
|
|
# tests across various other platforms in order to catch the rare exception
|
|
# that might leak through this.
|
|
name: "End-to-end Tests"
|
|
runs-on: ubuntu-latest
|
|
needs: fileschanged
|
|
if: ${{ needs.fileschanged.outputs.go != 0}}
|
|
|
|
steps:
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Install Go toolchain
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: "End-to-end tests"
|
|
run: |
|
|
TF_ACC=1 go test -v ./internal/command/e2etest
|
|
|
|
consistency-checks:
|
|
name: "Code Consistency Checks"
|
|
runs-on: ubuntu-latest
|
|
needs: fileschanged
|
|
if: ${{ needs.fileschanged.outputs.go != 0}}
|
|
|
|
steps:
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0 # We need to do comparisons against the main branch.
|
|
|
|
- name: Install Go toolchain
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: "go.mod and go.sum consistency check"
|
|
run: |
|
|
go mod tidy
|
|
if [[ -n "$(git status --porcelain go.mod go.sum)" ]]; then
|
|
echo >&2 "ERROR: go.mod/go.sum are not up-to-date. Run 'go mod tidy' and then commit the updated files."
|
|
exit 1
|
|
fi
|
|
|
|
- name: Cache protobuf tools
|
|
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
|
|
with:
|
|
path: "tools/protobuf-compile/.workdir"
|
|
key: protobuf-tools-${{ hashFiles('tools/protobuf-compile/protobuf-compile.go') }}
|
|
restore-keys: |
|
|
protobuf-tools-
|
|
|
|
- name: "Code consistency checks"
|
|
run: |
|
|
make generate protobuf
|
|
if [[ -n "$(git status --porcelain)" ]]; then
|
|
echo >&2 "ERROR: Generated files are inconsistent. Run 'make generate' and 'make protobuf' locally and then commit the updated files."
|
|
git >&2 status --porcelain
|
|
exit 1
|
|
fi
|
|
- name: "Code linting"
|
|
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
|
|
with:
|
|
version: v2.4.0
|
|
|
|
- name: "Copyright headers"
|
|
run: |
|
|
go tool github.com/hashicorp/copywrite headers --plan
|
|
if [[ $? != 0 ]]; then
|
|
echo >&2 "ERROR: some files are missing required copyright headers. Run `scripts/add-copyright-headers.sh` locally and then commit the updated files."
|
|
exit 1
|
|
fi
|
|
|
|
license-checks:
|
|
name: "License Checks"
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: "Fetch source code"
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- name: Install licensei
|
|
run: |
|
|
make deps
|
|
|
|
- name: Restore cache license information of dependencies
|
|
uses: actions/cache/restore@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
|
|
with:
|
|
path: ".licensei.cache"
|
|
key: licensei-cache-${{ hashFiles('go.sum') }}
|
|
restore-keys: |
|
|
licensei-cache-
|
|
|
|
- name: Install Go toolchain
|
|
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: Run licensei
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
make license-check
|
|
if: env.LICENSE_CHECK != 'false'
|
|
|
|
- name: Save cache license information of dependencies
|
|
uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
|
|
if: always()
|
|
with:
|
|
path: ".licensei.cache"
|
|
key: licensei-cache-${{ hashFiles('go.sum') }}
|