Skip to content

Commit d54862e

Browse files
authored
chore: Add linters/formatters for GH actions (#726)
- **chore(Makefile): Add/Configure yaml and action linters/formatters** - **chore(*.yml): Format yaml files** - **chore(.github/workflows): Add Ratchet to make sure everything is pinned** - **chore(.github/workflows): Add actionlint and fix the discovered issues** `(AI Assisted)` **Tools that are used:** https://github.com/sethvargo/ratchet https://github.com/rhysd/actionlint https://github.com/google/yamlfmt --------- Signed-off-by: Kemal Akkoyun <kemal.akkoyun@datadoghq.com>
1 parent 69c6ada commit d54862e

File tree

15 files changed

+170
-124
lines changed

15 files changed

+170
-124
lines changed

.github/actionlint.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# actionlint configuration
2+
# https://github.com/rhysd/actionlint/blob/main/docs/config.md
3+
4+
# Custom self-hosted runner labels
5+
self-hosted-runner:
6+
labels:
7+
- arm-8core-linux

.github/actions/codecov-cli/action.yml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@ outputs:
44
codecov:
55
description: Path to the codecov CLI
66
value: ${{ steps.install.outputs.codecov }}
7-
87
runs:
98
using: composite
109
steps:
@@ -13,10 +12,8 @@ runs:
1312
with:
1413
python-version: '3.12'
1514
cache-dependency-path: ${{ github.action_path }}/requirements-dev.txt
16-
1715
- name: Setup Rust
18-
uses: actions-rust-lang/setup-rust-toolchain@v1
19-
16+
uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # ratchet:actions-rust-lang/setup-rust-toolchain@v1
2017
- name: Install codecov-cli
2118
id: install
2219
shell: bash

.github/actions/codecov-upload/action.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ inputs:
1313
token:
1414
description: CodeCov token to use
1515
required: true
16-
1716
runs:
1817
using: composite
1918
steps:

.github/dependabot.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
version: 2
2-
32
updates:
43
- package-ecosystem: github-actions
54
directory: /
@@ -12,7 +11,6 @@ updates:
1211
dependency-type: production
1312
labels:
1413
- dependencies
15-
1614
- package-ecosystem: pip
1715
directory: /.github/actions/codecov-cli
1816
schedule:

.github/workflows/deps-update.yml

Lines changed: 2 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,9 @@
11
name: Dependency Updates
2-
32
on:
43
schedule:
54
- cron: '42 5 * * 1' # Mondays at 5:42 AM
65
workflow_dispatch: {} # Manual runs
7-
86
permissions: read-all
9-
107
jobs:
118
update-go:
129
name: Update Go Dependencies
@@ -16,7 +13,6 @@ jobs:
1613
steps:
1714
- name: Checkout repository
1815
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4
19-
2016
- name: Set up Go
2117
id: setup-go
2218
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v5
@@ -25,58 +21,51 @@ jobs:
2521
# will bail out if it encounters a "candidate" that requires a newer release.
2622
go-version: stable
2723
cache-dependency-path: '**/go.mod'
28-
2924
- name: Determine latest github.com/DataDog/dd-trace-go/v2 version
3025
id: dd-trace-go
3126
run: |-
3227
set -euo pipefail
3328
version=$(go list -f '{{range .Versions}}{{.}}{{"\n"}}{{end}}' -m -versions github.com/DataDog/dd-trace-go/v2 | grep -v '-' | tail -n 1)
3429
echo "version=${version}" >> "${GITHUB_OUTPUT}"
35-
3630
# Passing "go@<version>" to "go get -u" ensures no dependencies get upgraded to a release that
3731
# does not support that specific go release. We do `go get -u` everywhere first, and then
3832
# `go mod tidy`, so that the later accounts for the complete updated module graph (otherwise
3933
# we'd need to run these in dependency order to ensure stable output).
4034
- name: Update dependencies
4135
run: |-
42-
for gomod in $(find . -iname go.mod -not -path './_docs/themes/**'); do
36+
find . -iname go.mod -not -path './_docs/themes/**' -print0 | while IFS= read -r -d '' gomod; do
4337
dir="$(dirname "${gomod}")"
4438
go -C="${dir}" get -t -u "go@$(go -C="${dir}" mod edit -json | jq -r .Go)" "github.com/DataDog/dd-trace-go/v2@${{ steps.dd-trace-go.outputs.version }}" ./...
4539
done
4640
- name: Run go mod tidy
4741
run: |-
48-
for gomod in $(find . -iname go.mod -not -path './_docs/themes/**'); do
42+
find . -iname go.mod -not -path './_docs/themes/**' -print0 | while IFS= read -r -d '' gomod; do
4943
dir="$(dirname "${gomod}")"
5044
go -C="${dir}" mod tidy -go="$(go -C="${dir}" mod edit -json | jq -r .Go)"
5145
go -C="${dir}" mod edit -toolchain=none
5246
done
53-
5447
- id: is-tree-dirty
5548
name: Check for updates
5649
run: |-
5750
git add .
5851
git diff --staged --patch --exit-code || echo "result=true" >> "${GITHUB_OUTPUT}"
59-
6052
- name: Update LICENSE-3rdparty.csv
6153
if: steps.is-tree-dirty.outputs.result == 'true'
6254
run: ./_tools/make-licenses.sh
6355
env:
6456
TMPDIR: ${{ runner.temp }}
65-
6657
- name: Build diff
6758
if: steps.is-tree-dirty.outputs.result == 'true'
6859
run: |-
6960
git add .
7061
git diff --staged --patch > "${{ runner.temp }}/go.diff.patch"
71-
7262
- name: Upload Artifact
7363
if: steps.is-tree-dirty.outputs.result == 'true'
7464
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
7565
with:
7666
name: Patches
7767
path: ${{ runner.temp }}/go.diff.patch
7868
if-no-files-found: error
79-
8069
create-pr:
8170
name: Create Pull Request
8271
runs-on: ubuntu-latest
@@ -88,16 +77,13 @@ jobs:
8877
steps:
8978
- name: Checkout repository
9079
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4
91-
9280
- name: Download patches
9381
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v4
9482
with:
9583
name: Patches
9684
path: ${{ runner.temp }}/patches
97-
9885
- name: Apply patches
9986
run: find "${{ runner.temp }}/patches" -type f -name '*.patch' -exec git apply {} \;
100-
10187
# We use ghcommit to create signed commits directly using the GitHub API
10288
- name: Create branch # The branch needs to exist before we can add commits to it
10389
id: create-branch
@@ -106,14 +92,12 @@ jobs:
10692
git push origin "${{ github.sha }}":"refs/heads/${branch}"
10793
echo "branch=${branch}" >> "${GITHUB_OUTPUT}"
10894
git fetch origin "${branch}"
109-
11095
- name: Generate a GitHub token
11196
id: generate-token
11297
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
11398
with:
11499
app-id: ${{ vars.DD_K9_LIBRARY_GO_APP_ID }}
115100
private-key: ${{ secrets.DD_K9_LIBRARY_GO_APP_PRIVATE_KEY }}
116-
117101
- name: Create Commit # Adds a commit to the branch we created above
118102
uses: planetscale/ghcommit-action@322be9669498a4be9ce66efc1169f8f43f6bd883 # v0.2.17
119103
with:
@@ -122,7 +106,6 @@ jobs:
122106
branch: ${{ steps.create-branch.outputs.branch }}
123107
env:
124108
GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
125-
126109
- name: Create PR
127110
run: |-
128111
git fetch origin "${{ steps.create-branch.outputs.branch }}"

.github/workflows/docsite.yml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,10 @@ on:
77
branches: [main]
88
push:
99
branches: [main]
10-
1110
permissions: read-all
12-
1311
concurrency:
1412
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.event.pull_request.number || github.ref }}
1513
cancel-in-progress: true
16-
1714
jobs:
1815
build:
1916
runs-on: ubuntu-latest
@@ -40,7 +37,6 @@ jobs:
4037
name: site
4138
path: _docs/public/
4239
if-no-files-found: error
43-
4440
publish:
4541
runs-on: ubuntu-latest
4642
needs: [build]

.github/workflows/ossf-scorecard.yml

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,8 @@ on:
66
schedule:
77
- cron: '27 23 * * 2'
88
push:
9-
branches: [ "main" ]
10-
9+
branches: ["main"]
1110
permissions: read-all
12-
1311
jobs:
1412
analysis:
1513
name: Scorecard analysis
@@ -19,28 +17,24 @@ jobs:
1917
security-events: write
2018
# Needed to publish results and get a badge (see publish_results below).
2119
id-token: write
22-
2320
steps:
2421
- name: "Checkout code"
2522
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4
2623
with:
2724
persist-credentials: false
28-
2925
- name: "Run analysis"
3026
uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
3127
with:
3228
results_file: results.sarif
3329
results_format: sarif
3430
publish_results: true
35-
3631
# Upload the results as artifacts.
3732
- name: "Upload artifact"
3833
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
3934
with:
4035
name: SARIF file
4136
path: results.sarif
4237
retention-days: 5
43-
4438
# Upload the results to GitHub's code scanning dashboard.
4539
- name: "Upload to code-scanning"
4640
uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3

.github/workflows/pr-labeler.yml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,7 @@ name: PR Labeler
22
on:
33
pull_request:
44
types: [opened, edited, reopened]
5-
65
permissions: read-all
7-
86
jobs:
97
update-labels:
108
name: Update PR labels
@@ -19,9 +17,7 @@ jobs:
1917
with:
2018
go-version: oldstable
2119
cache-dependency-path: '**/go.mod'
22-
2320
- name: Assign Labels
2421
run: go -C _tools run ./conventionalcommit
2522
env:
2623
GITHUB_TOKEN: ${{ github.token }}
27-

.github/workflows/release.yml

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,9 +7,7 @@ on:
77
paths: [internal/version/version.go]
88
release:
99
types: [published]
10-
1110
permissions: read-all
12-
1311
jobs:
1412
validate:
1513
if: github.event_name != 'release'
@@ -25,7 +23,6 @@ jobs:
2523
with:
2624
go-version: stable
2725
cache-dependency-path: '**/go.mod'
28-
2926
# Obtains the current configured version tag from source, and verifies it is a valid tag name.
3027
# Also checks whether the tag already exists.
3128
- name: Determine version
@@ -43,7 +40,6 @@ jobs:
4340
fi
4441
env:
4542
GH_TOKEN: ${{ github.token }}
46-
4743
# If this is a pull request, and the release does not yet exist, the PR title must be "release: <tag>"
4844
- name: 'Pull Request title must be "release: ${{ steps.version.outputs.tag }}"'
4945
if: "github.event_name == 'pull_request' && !fromJSON(steps.version.outputs.exists) && format('release: {0}', steps.version.outputs.tag) != github.event.pull_request.title"
@@ -52,14 +48,12 @@ jobs:
5248
exit 1
5349
env:
5450
EVENT_PR_TITLE: ${{ toJSON(github.event.pull_request.title) }}
55-
5651
# Release must not already exist (if the PR title suggests this is intended to be a release)
5752
- name: Release ${{ steps.version.outputs.tag }} already exists
5853
if: github.event_name == 'pull_request' && fromJSON(steps.version.outputs.exists) && startsWith(github.event.pull_request.title, 'release:')
5954
run: |-
6055
echo 'A release already exists for tag ${{ steps.version.outputs.tag }}. Please update to another version.'
6156
exit 1
62-
6357
# If the release does not yet exist, create a draft release targeting this commit.
6458
- name: Create draft release
6559
if: github.event_name == 'push' && steps.version.outputs.exists == 'false'
@@ -84,7 +78,6 @@ jobs:
8478
${{ contains(steps.version.outputs.tag, '-') && '--prerelease' || '' }}
8579
env:
8680
GH_TOKEN: ${{ github.token }}
87-
8881
release:
8982
if: github.event_name == 'release'
9083
name: Tag Release
@@ -112,7 +105,7 @@ jobs:
112105
env:
113106
EVENT_TAG: ${{ github.event.release.tag_name }}
114107
run: |-
115-
for gomod in $(find . -iname go.mod -not -path '*/_*'); do
108+
find . -iname go.mod -not -path '*/_*' -print0 | while IFS= read -r -d '' gomod; do
116109
dir=$(dirname "${gomod}")
117110
mod=$(go -C "${dir}" list -m)
118111
case "${mod}" in

.github/workflows/sast.yml

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
name: CodeQL
2-
32
on:
43
push:
54
branches: [main]
@@ -9,9 +8,7 @@ on:
98
branches: [main]
109
schedule:
1110
- cron: '45 23 * * 6'
12-
1311
permissions: read-all
14-
1512
jobs:
1613
analyze:
1714
name: Analyze (go)
@@ -27,18 +24,15 @@ jobs:
2724
security-events: write
2825
# required to fetch internal or private CodeQL packs
2926
packages: read
30-
3127
steps:
3228
- name: Checkout repository
3329
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4
34-
3530
# Initializes the CodeQL tools for scanning.
3631
- name: Initialize CodeQL
3732
uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3
3833
with:
3934
languages: go
4035
build-mode: autobuild
41-
4236
- name: Perform CodeQL Analysis
4337
uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3
4438
with:

0 commit comments

Comments
 (0)