-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTaskfile.yaml
More file actions
101 lines (84 loc) · 2.58 KB
/
Copy pathTaskfile.yaml
File metadata and controls
101 lines (84 loc) · 2.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
version: "3"
set: [errexit, nounset, pipefail]
shopt: [globstar]
# The .taskfiles/ segmentation is intentional, even where a namespace holds
# only thin Dagger wrappers -- do not flatten it into this file.
includes:
dagger: ./.taskfiles/dagger/Taskfile.yaml
dev: ./.taskfiles/dev/Taskfile.yaml
fmt: ./.taskfiles/fmt/Taskfile.yaml
gh: ./.taskfiles/gh/Taskfile.yaml
git: ./.taskfiles/git/Taskfile.yaml
go: ./.taskfiles/go/Taskfile.yaml
release: ./.taskfiles/release/Taskfile.yaml
security: ./.taskfiles/security/Taskfile.yaml
tasks:
default:
cmd: task -l
format:
desc: Runs all format and generate targets
cmds:
- task: go:tidy
- task: go:generate
- task: go:format
- task: fmt:format
lint:
desc: Runs all lint targets
deps: [go:lint, go:tidy:check, fmt:lint]
test:
desc: Runs all test targets
deps: [go:test]
docs:
desc: Runs all docs targets
deps: [go:docs]
# check is the fast local gate: lint and test invoke their tools straight off
# the devbox PATH, so it needs no Dagger engine. check:ci adds the gates whose
# tools (Trivy, zizmor, renovate-config-validator, goreleaser) are not on the
# devbox PATH and so run through Dagger. check:all is the union -- the full set
# CI runs, mirrored by the validate.yaml matrix.
check:
desc: Runs the local checks using devbox
deps: [lint, test]
check:ci:
desc: Runs the Dagger-backed checks
deps: [security:scan, gh:lint, release:check]
check:all:
desc: Runs every check, local and Dagger-backed
deps: [check, check:ci]
scan:
desc: Scans source dependencies for vulnerabilities
cmds:
- task: security:scan
build:
desc: Builds binaries via Dagger
cmds:
- dagger call ci build --output=./dist
release:
desc: Runs full release via Dagger
requires:
vars: [GITHUB_TOKEN, TAG, REGISTRY_USERNAME, REGISTRY_PASSWORD]
cmds:
- >-
dagger call ci release
--github-token=env://GITHUB_TOKEN
--registry-username={{.REGISTRY_USERNAME}}
--registry-password=env://REGISTRY_PASSWORD
--tag={{.TAG}}
--output=./dist
pre-commit:
desc: Runs all pre-commit targets
cmds:
- task: format
- task: lint
- task: test
install:
desc: Runs all install targets
deps: [dev:install, git:hooks:install, install:go_template]
install:go_template:
desc: Builds and installs the go_template binary
cmds:
- go install ./cmd/go_template
clean:
desc: Removes build artifacts and caches
cmds:
- rm -rf dist/ .test/ .task/ .tmp/