Skip to content

Commit d69cccb

Browse files
authored
chore: Image build improvements and dependency updates (#625)
* use different runners for different architectures * upload to ghcr * require tests * update dependencies * fix some build issues * use any alias * update golang ci lint * fix golang ci lint config * fix build issues * bump lint image * golang ci lint --fix * fix other issues * bump go version * fix lint issues * fix lint issues * pre-allocate versions slice * pre-allocate versions slice * fix test
1 parent de22c5a commit d69cccb

61 files changed

Lines changed: 715 additions & 415 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/ci.yaml

Lines changed: 105 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -6,48 +6,79 @@ on:
66
pull_request:
77
branches:
88
- main
9+
env:
10+
GOPATH: /home/runner/go/
11+
GOPROXY: "https://proxy.golang.org"
12+
REGISTRY_IMAGE: ghcr.io/pluralsh/plural-cli
913
jobs:
10-
contract-validation:
11-
name: Validate PR Contracts
14+
15+
test:
16+
name: Unit test
1217
runs-on: ubuntu-latest
1318
steps:
1419
- uses: actions/checkout@v4
15-
name: checkout repo
20+
- uses: actions/setup-go@v5
21+
with:
22+
go-version-file: go.mod
23+
- run: make test
1624

25+
lint:
26+
name: Lint
27+
runs-on: ubuntu-latest
28+
steps:
29+
- uses: actions/checkout@v4
1730
- uses: actions/setup-go@v5
1831
with:
1932
go-version-file: go.mod
33+
- name: golangci-lint
34+
uses: golangci/golangci-lint-action@v7
35+
with:
36+
version: v2.1.5
37+
skip-cache: true
2038

39+
contract-validation:
40+
name: Validate PR Contracts
41+
runs-on: ubuntu-latest
42+
steps:
43+
- uses: actions/checkout@v4
44+
- uses: actions/setup-go@v5
45+
with:
46+
go-version-file: go.mod
2147
- run: make install-cli
22-
2348
- name: Run Plural PR Contracts Validation
24-
run: |
25-
plural pr contracts --file test/contracts.yaml --validate || { echo "❌ Contract validation failed! Blocking merge."; exit 1; }
49+
run: plural pr contracts --file test/contracts.yaml --validate
2650

27-
image:
51+
build-image:
2852
name: Build image
29-
runs-on: ubuntu-latest
53+
needs: [test]
3054
permissions:
3155
contents: 'read'
3256
id-token: 'write'
3357
packages: 'write'
3458
security-events: write
3559
actions: read
60+
strategy:
61+
fail-fast: false
62+
matrix:
63+
platforms:
64+
- platform: linux/amd64
65+
runner: ubuntu-24.04
66+
- platform: linux/arm64
67+
runner: ubuntu-24.04-arm
68+
runs-on: ${{ matrix.platforms.runner }}
69+
3670
steps:
3771
- name: Checkout
3872
uses: actions/checkout@v4
73+
- name: Prepare
74+
run: |
75+
platform=${{ matrix.platforms.platform }}
76+
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
3977
- name: Docker meta
4078
id: meta
41-
uses: docker/metadata-action@v4
79+
uses: docker/metadata-action@v5
4280
with:
43-
# list of Docker images to use as base name for tags
44-
images: |
45-
ghcr.io/pluralsh/plural-cli
46-
# generate Docker tags based on the following events/attributes
47-
tags: |
48-
type=sha
49-
type=ref,event=pr
50-
type=ref,event=branch
81+
images: ${{ env.REGISTRY_IMAGE }}
5182
- name: Set up QEMU
5283
uses: docker/setup-qemu-action@v3
5384
- name: Set up Docker Buildx
@@ -61,20 +92,68 @@ jobs:
6192
- name: Get current date
6293
id: date
6394
run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%S%z')" >> $GITHUB_OUTPUT
64-
- uses: docker/build-push-action@v6
95+
- name: Build and push by digest
96+
id: build
97+
uses: docker/build-push-action@v6
6598
with:
66-
context: .
67-
file: ./Dockerfile
68-
push: true
69-
tags: ${{ steps.meta.outputs.tags }}
99+
context: "."
100+
file: "./Dockerfile"
101+
tags: ${{ env.REGISTRY_IMAGE }}
70102
labels: ${{ steps.meta.outputs.labels }}
71-
platforms: linux/amd64,linux/arm64
72-
# cache-from: type=gha
73-
# cache-to: type=gha,mode=max
103+
platforms: ${{ matrix.platforms.platform }}
104+
outputs: type=image,push-by-digest=true,name-canonical=true,push=true
105+
cache-from: type=gha
106+
cache-to: type=gha,mode=max
74107
build-args: |
75108
APP_VSN=dev
76109
APP_COMMIT=${{ github.sha }}
77110
APP_DATE=${{ steps.date.outputs.date }}
111+
- name: Export digest
112+
run: |
113+
mkdir -p ${{ runner.temp }}/digests
114+
digest="${{ steps.build.outputs.digest }}"
115+
touch "${{ runner.temp }}/digests/${digest#sha256:}"
116+
- name: Upload digest
117+
uses: actions/upload-artifact@v4
118+
with:
119+
name: digests-${{ env.PLATFORM_PAIR }}
120+
path: ${{ runner.temp }}/digests/*
121+
if-no-files-found: error
122+
retention-days: 1
123+
124+
publish-image:
125+
name: Publish image
126+
needs: [build-image]
127+
runs-on: ubuntu-latest
128+
steps:
129+
- name: Download digests
130+
uses: actions/download-artifact@v4
131+
with:
132+
path: ${{ runner.temp }}/digests
133+
pattern: digests-*
134+
merge-multiple: true
135+
- name: Login to GHCR
136+
uses: docker/login-action@v3
137+
with:
138+
registry: ghcr.io
139+
username: ${{ github.repository_owner }}
140+
password: ${{ secrets.GITHUB_TOKEN }}
141+
- name: Set up Docker Buildx
142+
uses: docker/setup-buildx-action@v3
143+
- name: Docker meta
144+
id: meta
145+
uses: docker/metadata-action@v5
146+
with:
147+
images: ghcr.io/pluralsh/plural-cli
148+
tags: |
149+
type=sha
150+
type=ref,event=pr
151+
type=ref,event=branch
152+
- name: Create manifest list and push
153+
working-directory: ${{ runner.temp }}/digests
154+
run: |
155+
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
156+
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
78157
- name: Run Trivy vulnerability scanner on cli image
79158
uses: aquasecurity/trivy-action@master
80159
with:
@@ -85,24 +164,11 @@ jobs:
85164
output: 'trivy-results.sarif'
86165
scanners: 'vuln'
87166
ignore-unfixed: true
88-
#severity: 'CRITICAL,HIGH'
89167
- name: Upload Trivy scan results to GitHub Security tab
90168
uses: github/codeql-action/upload-sarif@v2
91169
with:
92170
sarif_file: 'trivy-results.sarif'
93-
# - name: Configure AWS Credentials
94-
# uses: aws-actions/configure-aws-credentials@v4
95-
# if: always()
96-
# with:
97-
# aws-region: us-east-2
98-
# role-to-assume: arn:aws:iam::312272277431:role/github-actions/buildx-deployments
99-
# role-session-name: PluralCLI
100-
# - name: Manually cleanup buildx
101-
# if: always()
102-
# run: |
103-
# docker buildx stop ${{ steps.builder.outputs.name }}
104-
# sleep 10
105-
# docker buildx rm ${{ steps.builder.outputs.name }}
171+
106172
# cloud:
107173
# name: Build cloud image
108174
# runs-on: ubuntu-latest
@@ -261,28 +327,6 @@ jobs:
261327
uses: github/codeql-action/upload-sarif@v2
262328
with:
263329
sarif_file: 'trivy-results.sarif'
264-
test:
265-
name: Unit test
266-
runs-on: ubuntu-latest
267-
steps:
268-
- uses: actions/checkout@v4
269-
- uses: actions/setup-go@v5
270-
with:
271-
go-version-file: go.mod
272-
- run: make test
273-
lint:
274-
name: Lint
275-
runs-on: ubuntu-latest
276-
steps:
277-
- uses: actions/checkout@v4
278-
- uses: actions/setup-go@v5
279-
with:
280-
go-version-file: go.mod
281-
- name: golangci-lint
282-
uses: golangci/golangci-lint-action@v4
283-
with:
284-
version: v1.62.2
285-
skip-cache: true
286330
build:
287331
name: GoReleaser build
288332
runs-on: ubuntu-latest

.golangci.yml

Lines changed: 42 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,45 @@
1+
version: "2"
12
run:
2-
timeout: 10m
3-
issues-exit-code: 1
4-
tests: true
3+
modules-download-mode: readonly
4+
allow-parallel-runners: true
55
linters:
6-
disable-all: true
6+
default: none
77
enable:
8-
# default linters
9-
- errcheck
10-
- gosimple
11-
- govet
12-
- ineffassign
13-
- staticcheck
14-
- typecheck
15-
- unused
16-
17-
# additional linters
18-
- errorlint
19-
- errname
20-
- gocyclo
21-
- goimports
22-
- misspell
23-
- gofmt
24-
- importas
25-
- goconst
26-
- gocritic
27-
- misspell
8+
- copyloopvar
9+
- errcheck
10+
- errname
11+
- errorlint
12+
- goconst
13+
- gocritic
14+
- gocyclo
15+
- govet
16+
- importas
17+
- ineffassign
18+
- misspell
19+
- prealloc
20+
- staticcheck
21+
- unused
22+
- usestdlibvars
23+
- wastedassign
24+
- whitespace
25+
exclusions:
26+
generated: lax
27+
presets:
28+
- comments
29+
- common-false-positives
30+
- legacy
31+
- std-error-handling
32+
paths:
33+
- third_party$
34+
- builtin$
35+
- examples$
36+
formatters:
37+
enable:
38+
- gofmt
39+
- goimports
40+
exclusions:
41+
generated: lax
42+
paths:
43+
- third_party$
44+
- builtin$
45+
- examples$

Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ FROM ubuntu:22.10 AS user
33
# Create a nonroot user for final image
44
RUN useradd -u 10001 nonroot
55

6-
FROM golang:1.23-alpine3.19 AS builder
6+
FROM golang:1.24-alpine3.21 AS builder
77

88
WORKDIR /workspace
99

@@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} \
3131
-X "github.com/pluralsh/plural-cli/pkg/common.Date=${APP_DATE}"' \
3232
-o plural ./cmd/plural
3333

34-
FROM golang:1.23.4-alpine3.20 AS final
34+
FROM golang:1.24.2-alpine3.21 AS final
3535

3636
WORKDIR /
3737

Makefile

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -178,17 +178,17 @@ e2e: --ensure-venom
178178
TF_VAR_deletion_protection=false \
179179
venom run -vv --html-report --format=json --output-dir testout test/plural
180180

181-
.PHONY: format
182-
format: ## formats all go code to prep for linting
183-
docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run --fix
184-
185181
.PHONY: genmock
186182
genmock: ## generates mocks before running tests
187183
hack/gen-client-mocks.sh
188184

189185
.PHONY: lint
190186
lint:
191-
docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:v1.62.2 golangci-lint run
187+
golangci-lint run ./...
188+
189+
.PHONY: format
190+
format: ## formats all go code to prep for linting
191+
golangci-lint run --fix ./...
192192

193193
.PHONY: delete-tag
194194
delete-tag:

cmd/command/ai/ai.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ func (p *Plural) aiHelp(c *cli.Context) error {
5050
s.Prefix = "Thinking "
5151
s.Start()
5252

53-
msg, err := p.Client.Chat(chat)
53+
msg, err := p.Chat(chat)
5454
if err != nil {
5555
return err
5656
}

cmd/command/auth/auth.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ func (p *Plural) trustCommands() []cli.Command {
8585

8686
func (p *Plural) handleListTrusts(c *cli.Context) error {
8787
p.InitPluralClient()
88-
me, err := p.Client.Me()
88+
me, err := p.Me()
8989
if err != nil {
9090
return err
9191
}
@@ -107,13 +107,13 @@ func (p *Plural) handleCreateTrust(c *cli.Context) error {
107107
issuer = val
108108
}
109109

110-
return p.Client.CreateTrust(issuer, trust)
110+
return p.CreateTrust(issuer, trust)
111111
}
112112

113113
func (p *Plural) handleDeleteTrust(c *cli.Context) error {
114114
p.InitPluralClient()
115115
id := c.Args().Get(0)
116-
return p.Client.DeleteTrust(id)
116+
return p.DeleteTrust(id)
117117
}
118118

119119
func (p *Plural) handleOidcToken(c *cli.Context) error {
@@ -122,10 +122,10 @@ func (p *Plural) handleOidcToken(c *cli.Context) error {
122122
token, email := c.String("token"), c.String("email")
123123
provider := gqlclient.ExternalOidcProvider(strings.ToUpper(prov))
124124
if !provider.IsValid() {
125-
return fmt.Errorf("Invalid oidc provider %s", prov)
125+
return fmt.Errorf("invalid OIDC provider %s", prov)
126126
}
127127

128-
token, err := p.Client.OidcToken(provider, token, email)
128+
token, err := p.OidcToken(provider, token, email)
129129
if err != nil {
130130
return err
131131
}

0 commit comments

Comments
 (0)