-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathTaskfile.yaml
More file actions
116 lines (98 loc) · 3.29 KB
/
Copy pathTaskfile.yaml
File metadata and controls
116 lines (98 loc) · 3.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: "3"
set: [errexit, nounset, pipefail]
shopt: [globstar]
# The .taskfiles/ segmentation is intentional, even where a namespace holds
# only thin Dagger wrappers — do not flatten it into this file.
includes:
dagger: ./.taskfiles/dagger/Taskfile.yaml
dev: ./.taskfiles/dev/Taskfile.yaml
fmt: ./.taskfiles/fmt/Taskfile.yaml
gh: ./.taskfiles/gh/Taskfile.yaml
git: ./.taskfiles/git/Taskfile.yaml
go: ./.taskfiles/go/Taskfile.yaml
release: ./.taskfiles/release/Taskfile.yaml
security: ./.taskfiles/security/Taskfile.yaml
tasks:
default:
cmd: task -l
format:
desc: Runs all format and generate targets
cmds:
- task: go:tidy
- task: go:generate
- task: go:format
- task: fmt:format
lint:
desc: Runs all lint targets
deps: [go:lint, go:tidy:check, fmt:lint]
test:
desc: Runs all test targets
deps: [go:test]
# check is the fast local gate: lint and test invoke their tools straight off
# the devbox PATH, so it needs no Dagger engine. check:ci adds the gates whose
# tools (Trivy, zizmor, goreleaser) are not on the devbox PATH and so run
# through Dagger. check:all is the union -- the full set CI runs, mirrored by
# the validate.yaml matrix.
check:
desc: Runs the local checks using devbox
deps: [lint, test]
check:ci:
desc: Runs the Dagger-backed checks
deps: [security:scan, gh:lint, release:check]
check:all:
desc: Runs every check, local and Dagger-backed
deps: [check, check:ci]
check:toolchains:
desc: Runs the ci toolchain's integration tests via Dagger
cmds:
- dagger check -m ci/tests
scan:
desc: Scans source dependencies for vulnerabilities
cmds:
- task: security:scan
pre-commit:
desc: Runs all pre-commit targets
cmds:
- task: format
- task: lint
- task: test
build:
desc: Cross-compiles all targets without publishing (writes to ./dist)
cmds:
- task: release:snapshot
release:
desc: Releases kat for the given tag via Dagger
summary: |
Runs the full release pipeline (GoReleaser binaries/archives/checksums/
SBOMs/notarize/brew/nix plus the Dagger-native multi-arch image publish
and cosign keyless signing) for the given tag. Intended for CI; running it
locally requires registry, OIDC, and macOS-notary credentials.
Args:
TAG: Version tag to release (required, e.g. v1.2.3)
requires:
vars: [TAG]
cmds:
- dagger call ci release --tag={{.TAG}} dist --output=./dist
install:
desc: Builds and installs the kat binary for the host platform
cmds:
- dagger call ci binary export --path=./kat
e2e:
desc: Runs all end-to-end tests (vhs-driven, local)
summary: |
Builds kat, records every e2e/tapes/*.tape with vhs, then asserts the
golden output under e2e/golden is unchanged. Runs locally because it needs
vhs and a terminal; it is not part of the Dagger gate.
vars:
TESTS:
sh: cd e2e/tapes && ls *.tape | sed 's/\.tape//'
cmds:
- go build -o kat cmd/kat/main.go
- defer: rm -f kat
- for: { var: TESTS }
cmd: vhs e2e/tapes/{{.ITEM}}.tape -q
- git diff --exit-code e2e/golden
clean:
desc: Removes build artifacts and caches
cmds:
- rm -rf dist/ .test/ .task/ .tmp/ kat