The pkg-imports validation prevents reusable library packages from
depending on the whole daemon, accidentally or intentionally. The
allowlist is overly restrictive as it also prevents us from reusing code
in both pkg/ and daemon/ unless that code is also made into a reusable
library package under pkg/. Allow pkg/ packages to import internal/
packages which do not transitively depend on disallowed packages.
Signed-off-by: Cory Snider <csnider@mirantis.com>
see https://github.com/koalaman/shellcheck/wiki/SC2155
Looking at how these were used, I don't think we even need to
export them, so removing that.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
pkg/urlutil (despite its poorly chosen name) is not really intended as a generic
utility to handle URLs, and should only be used by the builder to handle (remote)
build contexts.
- IsURL() only does a very rudimentary check for http(s):// prefixes, without any
other validation, but due to its name may give incorrect expectations.
- IsGitURL() is written specifically with docker build remote git contexts in
mind, and has handling for backward-compatibility, where strings that are
not URLs, but start with "github.com/" are accepted.
Because of the above, this patch:
- moves the package inside builder/remotecontext, close to where it's intended
to be used (ideally this would be part of build/remotecontext itself, but this
package imports many other dependencies, which would introduce those as extra
dependencies in the CLI).
- deprecates pkg/urlutil, but adds aliases as there are some external consumers.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The golang-ci-lint takes longest to run, so do the other
checks first; this also makes the output a bit more readable.
While at it, fix some consistency issues in the output of the
other checks.
Before this change:
TEST_FORCE_VALIDATE=1 hack/validate/default
Congratulations! All commits are properly signed with the DCO!
Congratulations! Seccomp profile generation is done correctly.
INFO [config_reader] Used config file hack/validate/golangci-lint.yml
INFO [lintersdb] Active 15 linters: [deadcode gofmt goimports golint gosec gosimple govet ineffassign misspell staticcheck structcheck typecheck unconvert unused varcheck]
...
INFO Execution took 2m12.4287302s
Congratulations! "./pkg/..." is safely isolated from internal code.
The swagger spec at "api/swagger.yaml" is valid against swagger specification 2.0
Congratulations! All api changes are done the right way.
Congratulations! All toml source files changed here have valid syntax.
Congratulations! Changelog CHANGELOG.md is well-formed.
Congratulations! Changelog CHANGELOG.md dates are in descending order.
After this change:
TEST_FORCE_VALIDATE=1 hack/validate/default
Congratulations! All commits are properly signed with the DCO!
Congratulations! Seccomp profile generation is done correctly.
Congratulations! Packages in "./pkg/..." are safely isolated from internal code.
Congratulations! The swagger spec at "api/swagger.yaml" is valid against swagger specification 2.0
Congratulations! All API changes are done the right way.
Congratulations! All TOML source files changed here have valid syntax.
Congratulations! Changelog CHANGELOG.md is well-formed.
Congratulations! Changelog CHANGELOG.md dates are in descending order.
Congratulations! No new tests were added to integration-cli.
INFO Start validation with golang-ci-lint
INFO [config_reader] Used config file hack/validate/golangci-lint.yml
INFO [lintersdb] Active 15 linters: [deadcode gofmt goimports golint gosec gosimple govet ineffassign misspell staticcheck structcheck typecheck unconvert unused varcheck]
...
INFO Execution took 2m12.4287302s
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These scripts explicitly use Bash, so we should be able to use
`[[` instead of `[` (which seems to be recommended).
Also added curly brackets to some bare variables, and quoted some paths.
This makes my IDE a bit more silent :-)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This is especially important for distributions like NixOS where `/bin/bash` doesn't exist, or for MacOS users who've installed a newer version of Bash than the one that comes with their OS.
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Allow each script to run directly without the hack/make.sh wrapper. These
scripts do not produce artifacts and do not benefit from the "bundles"
framework.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
