From 78a3430606172478e3af330053d99e0b1e2ccc5f Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Fri, 29 Apr 2022 20:39:45 +0200 Subject: [PATCH 1/2] golangci-lint: support stricter checking in new code It is useful to check new code with a stricter configuration because we want it to be of higher quality. Code reviews also become easier when reviewers don't need to point out inefficient code manually. What exactly should be enabled is up for debate. The current config uses the golangci-lint defaults plus everything that is enabled explicitly by the normal golangci.yaml, just to be on the safe side. --- hack/golangci-strict.yaml | 38 ++++++++++++++++++++++++++++ hack/verify-golangci-lint.sh | 48 ++++++++++++++++++++++++++++++++---- 2 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 hack/golangci-strict.yaml diff --git a/hack/golangci-strict.yaml b/hack/golangci-strict.yaml new file mode 100644 index 00000000000..8c73016649e --- /dev/null +++ b/hack/golangci-strict.yaml @@ -0,0 +1,38 @@ +# This file configures checks that all new code for Kubernetes is meant to +# pass, in contrast to .golangci.yaml which defines checks that also the +# existing code passes. + +run: + timeout: 30m + skip-files: + - "^zz_generated.*" + +issues: + max-same-issues: 0 + # Excluding configuration per-path, per-linter, per-text and per-source + exclude-rules: + # exclude ineffassing linter for generated files for conversion + - path: conversion\.go + linters: + - ineffassign + +linters: + enable: # please keep this alphabetized + - gocritic + - govet + - ineffassign + - logcheck + - staticcheck + - unused + +linters-settings: # please keep this alphabetized + custom: + logcheck: + # Installed there by hack/verify-golangci-lint.sh. + path: ../_output/local/bin/logcheck.so + description: structured logging checker + original-url: k8s.io/logtools/logcheck + staticcheck: + checks: [ + "all", + ] diff --git a/hack/verify-golangci-lint.sh b/hack/verify-golangci-lint.sh index d2b785da1a3..01d8ca728c2 100755 --- a/hack/verify-golangci-lint.sh +++ b/hack/verify-golangci-lint.sh @@ -14,19 +14,24 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This script checks coding style for go language files in each -# Kubernetes package by golint. +# This script checks the coding style for the Go language files using +# golangci-lint. Which checks are enabled depends on command line flags. The +# default is a minimal set of checks that all existing code passes without +# issues. usage () { cat <&2 -Usage: $0 [-- ] [packages]" +Usage: $0 [-r |-a] [-s] [-c none|] [-- ] [packages]" + -r : only report issues in code added since that revision + -a: automatically select the common base of origin/master and HEAD + as revision + -s: select a strict configuration for new code -c : use the specified configuration or none instead of the default hack/golangci.yaml [packages]: check specific packages or directories instead of everything EOF exit 1 } - set -o errexit set -o nounset set -o pipefail @@ -50,8 +55,26 @@ invocation=(./hack/verify-golangci-lint.sh "$@") # _output/local/bin/golangci-lint cache clean golangci=(env LOGCHECK_CONFIG="${KUBE_ROOT}/hack/logcheck.conf" "${GOBIN}/golangci-lint" run) golangci_config="${KUBE_ROOT}/hack/golangci.yaml" -while getopts "c:" o; do +base= +strict= +githubactions= +while getopts "ar:sc:" o; do case "${o}" in + a) + base="$(git merge-base origin/master HEAD)" + ;; + r) + base="${OPTARG}" + if [ ! "$base" ]; then + echo "ERROR: -c needs a non-empty parameter" >&2 + echo >&2 + usage + fi + ;; + s) + golangci_config="${KUBE_ROOT}/hack/golangci-strict.yaml" + strict=1 + ;; c) if [ "${OPTARG}" = "none" ]; then golangci_config="" @@ -69,6 +92,16 @@ if [ "${golangci_config}" ]; then golangci+=(--config="${golangci_config}") fi +if [ "$base" ]; then + # Must be a something that git can resolve to a commit. + # "git rev-parse --verify" checks that and prints a detailed + # error. + base="$(git rev-parse --verify "$base")" + golangci+=(--new --new-from-rev="$base") +fi + +kube::golang::verify_go_version + # Filter out arguments that start with "-" and move them to the run flags. shift $((OPTIND-1)) targets=() @@ -122,6 +155,11 @@ else echo "Please review the above warnings. You can test via \"${invocation[*]}\"" echo 'If the above warnings do not make sense, you can exempt this warning with a comment' echo ' (if your reviewer is okay with it).' + if [ "$strict" ]; then + echo 'The more strict golangci-strict.yaml was used. If you feel that this warns about issues' + echo 'that should be ignored by default, then please discuss with your reviewer and propose' + echo 'a change for hack/golangci-strict.yaml as part of your PR.' + fi echo 'In general please prefer to fix the error, we have already disabled specific lints' echo ' that the project chooses to ignore.' echo 'See: https://golangci-lint.run/usage/false-positives/' From 04700e97d372bec715e9f911507db0a650a60d14 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Tue, 3 May 2022 13:18:23 +0200 Subject: [PATCH 2/2] hack: prepare for strict golangci-lint in pull-verify-kubernetes The long-term goal is that when "make verify" is invoked in pull job, it will also run golangci-lint with the strict configuration and write an $ARTIFACTS/golangci-lint-githubactions.log file with GitHub actions annotations. How to get those published for the GitHub PR is open. When "make verify" is invoked manually or in any other job, the stricter check will be skipped. That works because "PR_NUMBER" is only set for pre-merge jobs (https://github.com/kubernetes/test-infra/blob/master/prow/jobs.md#job-environment-variables). Because strict linting is still new and might not be useful without a better UI (= GitHub annotations), this PR does not fully enable the integration into "make verify". Instead, the new verify-golangci-lint-pr.sh is excluded from it and needs to be run in a separate job. --- hack/make-rules/verify.sh | 1 + hack/verify-golangci-lint-pr.sh | 37 +++++++++++++++++++++++++++++++++ hack/verify-golangci-lint.sh | 33 ++++++++++++++++++++++------- 3 files changed, 63 insertions(+), 8 deletions(-) create mode 100755 hack/verify-golangci-lint-pr.sh diff --git a/hack/make-rules/verify.sh b/hack/make-rules/verify.sh index 41ab4adcb7f..1d5556ac8a2 100755 --- a/hack/make-rules/verify.sh +++ b/hack/make-rules/verify.sh @@ -33,6 +33,7 @@ source "${KUBE_ROOT}/third_party/forked/shell2junit/sh2ju.sh" EXCLUDED_PATTERNS=( "verify-all.sh" # this script calls the make rule and would cause a loop "verify-*-dockerized.sh" # Don't run any scripts that intended to be run dockerized + "verify-golangci-lint-pr.sh" # Don't run this as part of the block pull-kubernetes-verify yet. TODO(pohly): try this in a non-blocking job and then reconsider this. "verify-licenses.sh" # runs in a separate job to monitor availability of the dependencies periodically ) diff --git a/hack/verify-golangci-lint-pr.sh b/hack/verify-golangci-lint-pr.sh new file mode 100755 index 00000000000..a3491585c28 --- /dev/null +++ b/hack/verify-golangci-lint-pr.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script checks a PR for the coding style for the Go language files using +# golangci-lint. It does nothing when invoked as part of a normal "make +# verify". + +set -o errexit +set -o nounset +set -o pipefail + +if [ ! "${PULL_NUMBER:-}" ]; then + echo 'Not testing anything because this is not a pull request.' + exit 0 +fi + +KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. + +# TODO (https://github.com/kubernetes/test-infra/issues/17056): +# take this additional artifact and convert it to GitHub annotations +# to make it easier to see these problems during a PR review. +# +# -g "${ARTIFACTS}/golangci-lint-githubactions.log" +"${KUBE_ROOT}/hack/verify-golangci-lint.sh" -r "${PULL_BASE_SHA}" -s diff --git a/hack/verify-golangci-lint.sh b/hack/verify-golangci-lint.sh index 01d8ca728c2..5d4925ea899 100755 --- a/hack/verify-golangci-lint.sh +++ b/hack/verify-golangci-lint.sh @@ -26,6 +26,8 @@ Usage: $0 [-r |-a] [-s] [-c none|] [-- : also write results with --out-format=github-actions + to a separate file -c : use the specified configuration or none instead of the default hack/golangci.yaml [packages]: check specific packages or directories instead of everything EOF @@ -58,7 +60,7 @@ golangci_config="${KUBE_ROOT}/hack/golangci.yaml" base= strict= githubactions= -while getopts "ar:sc:" o; do +while getopts "ar:sg:c:" o; do case "${o}" in a) base="$(git merge-base origin/master HEAD)" @@ -75,6 +77,9 @@ while getopts "ar:sc:" o; do golangci_config="${KUBE_ROOT}/hack/golangci-strict.yaml" strict=1 ;; + g) + githubactions="${OPTARG}" + ;; c) if [ "${OPTARG}" = "none" ]; then golangci_config="" @@ -131,19 +136,31 @@ popd >/dev/null cd "${KUBE_ROOT}" res=0 -if [[ "${#targets[@]}" -gt 0 ]]; then +run () { + if [[ "${#targets[@]}" -gt 0 ]]; then echo "running ${golangci[*]} ${targets[*]}" >&2 "${golangci[@]}" "${targets[@]}" >&2 || res=$? -else + else echo "running ${golangci[*]} ./..." >&2 "${golangci[@]}" ./... >&2 || res=$? for d in staging/src/k8s.io/*; do - MODPATH="staging/src/k8s.io/$(basename "${d}")" - echo "running ( cd ${KUBE_ROOT}/${MODPATH}; ${golangci[*]} --path-prefix ${MODPATH} ./... )" - pushd "${KUBE_ROOT}/${MODPATH}" >/dev/null - "${golangci[@]}" --path-prefix "${MODPATH}" ./... >&2 || res=$? - popd >/dev/null + MODPATH="staging/src/k8s.io/$(basename "${d}")" + echo "running ( cd ${KUBE_ROOT}/${MODPATH}; ${golangci[*]} --path-prefix ${MODPATH} ./... )" + pushd "${KUBE_ROOT}/${MODPATH}" >/dev/null + "${golangci[@]}" --path-prefix "${MODPATH}" ./... >&2 || res=$? + popd >/dev/null done + fi +} +# First run with normal output. +run "${targets[@]}" + +# Then optionally do it again with github-actions as format. +# Because golangci-lint caches results, this is faster than the +# initial invocation. +if [ "$githubactions" ]; then + golangci+=(--out-format=github-actions) + run "$${targets[@]}" >"$githubactions" 2>&1 fi # print a message based on the result