diff --git a/.github/workflows/migrations.yaml b/.github/workflows/migrations.yaml index e6712c0b8..9e9adaeb6 100644 --- a/.github/workflows/migrations.yaml +++ b/.github/workflows/migrations.yaml @@ -183,7 +183,7 @@ jobs: fi - name: Check version run: | - ./migrate.sh $svc desired + ./migrate.sh "$svc" desired if [ "$current" -ge "$(./migrate.sh $svc desired)" ]; then echo "Migrations must be newer than the version of staging! You probably lack behind, merge or rebase onto main first!" exit 1 @@ -192,11 +192,11 @@ jobs: current: ${{ steps.collect-version.outputs.VERSION }} - name: Run UP migrations (1/2) - run: ./migrate.sh $svc up + run: ./migrate.sh "$svc" up - name: Generate schema.sql run: | /usr/lib/postgresql/15/bin/pg_dump \ - postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB \ + postgres://"$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" \ --schema-only -O > ./services/${{ matrix.service }}/schema.sql sed 's/\(-- Dumped from database version [0-9]\+\.[0-9]\+\).*/\1/' -i ./services/${{ matrix.service }}/schema.sql @@ -207,13 +207,13 @@ jobs: run: git diff --exit-code -- services/${{ matrix.service }} || (echo "You forgot to run ./models.sh before checking in" && exit 1) - name: Run DOWN migrations (1/2) run: | - [ "$VERSION" -eq 0 ] && yes | ./migrate.sh $svc down || ./migrate.sh $svc goto $VERSION + [ "$VERSION" -eq 0 ] && yes | ./migrate.sh "$svc" down || ./migrate.sh "$svc" goto "$VERSION" env: VERSION: ${{ steps.collect-version.outputs.VERSION }} - name: Run UP migrations (2/2) - run: ./migrate.sh $svc up + run: ./migrate.sh "$svc" up - name: Run DOWN migrations (2/2) run: | - [ "$VERSION" -eq 0 ] && yes | ./migrate.sh $svc down || ./migrate.sh $svc goto $VERSION + [ "$VERSION" -eq 0 ] && yes | ./migrate.sh "$svc" down || ./migrate.sh "$svc" goto "$VERSION" env: VERSION: ${{ steps.collect-version.outputs.VERSION }} diff --git a/.github/workflows/publish-bufs.yaml b/.github/workflows/publish-bufs.yaml index 2b76fda09..8cfe09170 100644 --- a/.github/workflows/publish-bufs.yaml +++ b/.github/workflows/publish-bufs.yaml @@ -44,22 +44,22 @@ jobs: id: breaking # We previously checked if any illegal breakage occurred, now check if we have breakage _at all_ # If so, we publish this as a _major_ release - run: buf breaking --against '.git#ref=HEAD^' && echo "breaking=false" >> $GITHUB_OUTPUT || echo "breaking=true" >> $GITHUB_OUTPUT + run: buf breaking --against '.git#ref=HEAD^' && echo "breaking=false" >> "$GITHUB_OUTPUT" || echo "breaking=true" >> "$GITHUB_OUTPUT" - name: Has new package? id: new-package run: | last_tree=$(git ls-tree -d -r --name-only HEAD^ proto | sort) # directory tree of proto in old commit current_tree=$(find proto -type d | sort) # directory tree of proto right now new_dirs=$(comm -13 <(echo "$last_tree") <(echo "$current_tree")) # filter out lines, which are "-3": common (i.e. unchanged) or "-1": only in the last tree (i.e. removed) - echo $new_dirs + echo "$new_dirs" if [ -z "$new_dirs" ]; then - echo "new-package=false" >> $GITHUB_OUTPUT + echo "new-package=false" >> "$GITHUB_OUTPUT" else - echo "new-package=true" >> $GITHUB_OUTPUT + echo "new-package=true" >> "$GITHUB_OUTPUT" fi - name: Get SHA id: commit - run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + run: echo "sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - name: Get Bump id: bump run: | @@ -72,7 +72,7 @@ jobs: else BUMP="patch" fi - echo "bump=$BUMP" >> $GITHUB_OUTPUT + echo "bump=$BUMP" >> "$GITHUB_OUTPUT" env: BREAKING: ${{ steps.breaking.outputs.breaking }} NEW_PKG: ${{ steps.new-package.outputs.new-package }} @@ -91,10 +91,10 @@ jobs: registry-url: 'https://registry.npmjs.org' - name: Fetch latest version from registry working-directory: gen/ts - run: npm version $(npm view . version) + run: npm version "$(npm view . version)" - name: Bump version working-directory: gen/ts - run: npm version pre$BUMP --preid $SHA + run: npm version "pre$BUMP" --preid "$SHA" env: BUMP: ${{ needs.check-preconditions.outputs.bump }} SHA: ${{ needs.check-preconditions.outputs.commit }} @@ -137,9 +137,9 @@ jobs: BUMP: ${{ needs.check-preconditions.outputs.bump }} SHA: ${{ needs.check-preconditions.outputs.commit }} run: | - VERSION=$(curl https://pub.dev/api/packages/helpwave_proto_dart -H "Accept: application/vnd.pub.v2+json" | jq ".latest.version" -r) - NEW_VERSION=$(semver bump $BUMP $VERSION) - NEW_VERSION=$(semver bump prerel $SHA $NEW_VERSION) + VERSION=$(curl "https://pub.dev/api/packages/helpwave_proto_dart" -H "Accept: application/vnd.pub.v2+json" | jq ".latest.version" -r) + NEW_VERSION=$(semver bump "$BUMP" "$VERSION") + NEW_VERSION=$(semver bump prerel "$SHA" "$NEW_VERSION") sed "s/version:.*/version: $NEW_VERSION/" pubspec.yaml -i - name: Publish to pub.dev working-directory: gen/dart diff --git a/.github/workflows/spicedb.yaml b/.github/workflows/spicedb.yaml index 4c9b17205..f5759ce6c 100644 --- a/.github/workflows/spicedb.yaml +++ b/.github/workflows/spicedb.yaml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@v4 - name: Get zed run: | - wget https://github.com/authzed/zed/releases/download/v${ZED_VERSION}/zed_${ZED_VERSION}_linux_amd64.deb -O zed.deb + wget "https://github.com/authzed/zed/releases/download/v${ZED_VERSION}/zed_${ZED_VERSION}_linux_amd64.deb" -O zed.deb sudo apt install -y ./zed.deb - run: | go run cmd/spice/spice.go test diff --git a/.golangci.yaml b/.golangci.yaml index 254a75c74..12b05b4fc 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -8,11 +8,9 @@ linters: - depguard # no need - ireturn # no need - funlen # we tend to have long funlens, who cares? - - execinquery # deprecated - goimports # unused - gochecknoglobals # we currently make use of globals - godot # petty linter - - gomnd # deprecated - gomoddirectives # not needed - gofumpt # false positives - mnd # too many false-positives diff --git a/images/dev-go/Dockerfile b/images/dev-go/Dockerfile index 0e97450dd..1c3344d6e 100644 --- a/images/dev-go/Dockerfile +++ b/images/dev-go/Dockerfile @@ -14,7 +14,7 @@ ENV PATH="$PATH:$GOROOT/bin" # update debian package list and packages, also install some RUN apt update \ && apt upgrade -y \ - && apt install sudo vim nano jq dnsutils postgresql-client lsb-release gpg redis-tools \ + && apt install sudo vim nano jq dnsutils postgresql-client lsb-release gpg redis-tools shellcheck \ apt-transport-https ca-certificates curl gnupg2 software-properties-common \ -y \ && apt-get clean autoclean -y && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*