Merge pull request #4 from authzed/gha

add github workflows

.github/dependabot.yml

@@ -0,0 +1,15 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "area/dependencies"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    labels:
+      - "area/dependencies"

.github/workflows/build-test.yaml

@@ -0,0 +1,19 @@
+---
+name: "Build & Test"
+on: # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - "main"
+  pull_request:
+    branches:
+      - "*"
+jobs:
+  unit:
+    name: "Unit"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: "actions/setup-go@v3"
+        with:
+          go-version: "~1.19"
+      - uses: "authzed/actions/go-test@main"

.github/workflows/cla.yaml

@@ -0,0 +1,20 @@
+---
+name: "CLA"
+on:  # yamllint disable-line rule:truthy
+  issue_comment:
+    types:
+      - "created"
+  pull_request_target:
+    types:
+      - "opened"
+      - "closed"
+      - "synchronize"
+jobs:
+  cla:
+    name: "Check Signature"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: "authzed/actions/cla-check@main"
+        with:
+          github_token: "${{ secrets.GITHUB_TOKEN }}"
+          cla_assistant_token: "${{ secrets.CLA_ASSISTANT_ACCESS_TOKEN }}"

.github/workflows/lint.yaml

@@ -0,0 +1,45 @@
+---
+name: "Lint"
+on:  # yamllint disable-line rule:truthy
+  push:
+    branches:
+      - "!dependabot/*"
+      - "main"
+  pull_request:
+    branches: ["*"]
+jobs:
+  go-lint:
+    name: "Lint Go"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: "actions/setup-go@v3"
+        with:
+          go-version: "~1.19"
+      - uses: "authzed/actions/gofumpt@main"
+      - uses: "authzed/actions/go-generate@main"
+      - uses: "authzed/actions/golangci-lint@main"
+
+  extra-lint:
+    name: "Lint YAML & Markdown"
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: "actions/checkout@v3"
+      - uses: "authzed/actions/yaml-lint@main"
+      - uses: "authzed/actions/markdown-lint@main"
+
+# TODO: enable when public
+#  codeql:
+#    name: "Analyze with CodeQL"
+#    runs-on: "ubuntu-latest"
+#    permissions:
+#      actions: "read"
+#      contents: "read"
+#      security-events: "write"
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        language: ["go"]
+#    steps:
+#      - uses: "actions/checkout@v3"
+#      - uses: "authzed/actions/codeql@main"

.golangci.yaml

@@ -0,0 +1,38 @@
+---
+run:
+  timeout: "5m"
+output:
+  sort-results: true
+linters:
+  enable:
+    - "bidichk"
+    - "bodyclose"
+    - "deadcode"
+    - "errcheck"
+    - "errname"
+    - "errorlint"
+    - "gofumpt"
+    - "goimports"
+    - "goprintffuncname"
+    - "gosec"
+    - "gosimple"
+    - "govet"
+    - "ifshort"
+    - "importas"
+    - "ineffassign"
+    - "makezero"
+    - "prealloc"
+    - "predeclared"
+    - "promlinter"
+    - "revive"
+    - "rowserrcheck"
+    - "staticcheck"
+    - "structcheck"
+    - "stylecheck"
+    - "tenv"
+    - "typecheck"
+    - "unconvert"
+    - "unused"
+    - "varcheck"
+    - "wastedassign"
+    - "whitespace"

.markdownlint.yaml

@@ -0,0 +1,3 @@
+---
+line-length: false
+no-hard-tabs: false

.yamllint

@@ -0,0 +1,10 @@
+# vim: ft=yaml
+---
+yaml-files:
+  - "*.yaml"
+  - "*.yml"
+  - ".yamllint"
+extends: "default"
+rules:
+  quoted-strings: "enable"
+  line-length: "disable"

CONTRIBUTING.md

@@ -85,3 +85,17 @@ go get github.com/org/newdependency@version
 ```
 
 Continuous integration enforces that `go mod tidy` has been run.
+
+### Codegen and Linting
+
+To run all code generators:
+
+```sh
+go generate ./... 
+```
+
+To run all tooling, including linters:
+
+```sh
+go generate -tags tools ./...
+```

README.md

@@ -41,7 +41,7 @@ Looking to contribute? See [CONTRIBUTING.md].
 [Discord]: https://authzed.com/discord
 [CONTRIBUTING.md]: https://github.com/authzed/spicedb/blob/main/CONTRIBUTING.md
 
-## Overview 
+## Overview
 
 ### Handlers
 
@@ -70,7 +70,7 @@ func mainControlLoop(ctx context.Context) {
 ```
 
 The `handler` package contains utilities for building, composing, and decorating handlers, and for building large state machines with them.
-See the [docs]() for more details.
+See the [docs](https://pkg.go.dev/github.com/authzed/controller-idioms/handler) for more details.
 
 Handlers take some inspiration from [statecharts](https://statecharts.dev/) to deal with the complexity of writing and maintaining controllers, while staying close to golang idioms.
 
@@ -96,6 +96,7 @@ func (h *UseHandler) Handle(ctx context.Context) {
 `Handlers` are typically chained in a way that preserves the context between handlers, but not always.
 
 For example:
+
 ```go
 var CtxExpensiveObject = typedctx.NewKey[ExpensiveComputation]()
 
@@ -147,7 +148,7 @@ secrets, err := secretIndexer.ByIndex("my-index-name", "my-index-value")
 
 ### Controllers and Managers
 
-The `manager` package provides an optional lightweight controller `Manager` abstraction (similar to kubernetes controller manager, or the manager from controller runtime). It also provides a simple `Controller` abstraction and some basic implementations. 
+The `manager` package provides an optional lightweight controller `Manager` abstraction (similar to kubernetes controller manager, or the manager from controller runtime). It also provides a simple `Controller` abstraction and some basic implementations.
 
 The rest of `controller-idioms` can be used without using these if you are already using another solution.
 
@@ -190,7 +191,6 @@ The queue operations are:
 
 If calling these controls from a handler, it's important to `return` immediately so that the handler does not continue processing a key that the queue thinks has stopped.
 
-
 ### Middleware
 
 Middleware can be injected between handlers with the `middleware` package.

adopt/adopt_test.go

@@ -300,7 +300,7 @@ func TestSecretAdopterHandler(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctrls := &fake.FakeOperations{}
+			ctrls := &fake.FakeInterface{}
 			indexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{IndexName: OwnerKeysFromMeta(OwnerAnnotationPrefix)})
 			IndexAddUnstructured(t, indexer, tt.secretsInIndex)
 
@@ -377,7 +377,6 @@ func NewSecretAdoptionHandler(recorder record.EventRecorder, getFromCache func(c
 }
 
 func ExampleAdoptionHandler_Handle() {
-
 }
 
 func ExpectEvents(t *testing.T, recorder *record.FakeRecorder, expected []string) {

bootstrap/crds_test.go

@@ -10,6 +10,6 @@ import (
 var crdFS embed.FS
 
 func ExampleCRD() {
-	CRD(&rest.Config{}, crdFS, "example")
+	_ = CRD(&rest.Config{}, crdFS, "example")
 	// Output:
 }

bootstrap/example.yaml

@@ -1,8 +1,9 @@
-apiVersion: v1
-kind: Secret
+---
+apiVersion: "v1"
+kind: "Secret"
 metadata:
-  namespace: test
-  name: example
-type: Opaque
+  namespace: "test"
+  name: "example"
+type: "Opaque"
 data:
-  required: data
+  required: "data"

bootstrap/example/crd.yaml

@@ -1,16 +1,17 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
+---
+apiVersion: "apiextensions.k8s.io/v1"
+kind: "CustomResourceDefinition"
 metadata:
-  name: mytype.example.com
+  name: "mytype.example.com"
 spec:
-  group: example.com
+  group: "example.com"
   names:
-    kind: MyType
-    listKind: MyTypeList
-    plural: mytypes
-    singular: mytype
-  scope: Namespaced
+    kind: "MyType"
+    listKind: "MyTypeList"
+    plural: "mytypes"
+    singular: "mytype"
+  scope: "Namespaced"
   versions:
-    - name: v1
+    - name: "v1"
       served: true
       storage: true

bootstrap/resource_test.go

@@ -21,13 +21,18 @@ func ExampleResourceFromFile() {
 
 	secretGVR := corev1.SchemeGroupVersion.WithResource("secrets")
 	scheme := runtime.NewScheme()
-	corev1.AddToScheme(scheme)
+	if err := corev1.AddToScheme(scheme); err != nil {
+		panic(err)
+	}
 	scheme.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Secret{})
 	client := secretApplyPatchHandlingFakeClient(scheme)
 
 	// create the object from the file
 	// the example is a secret, but it could be any built-in or CRD-defined type
-	ResourceFromFile[*corev1.Secret](ctx, "bootstrapped-secret", secretGVR, client, "./example.yaml", 0)
+	_, err := ResourceFromFile[*corev1.Secret](ctx, "bootstrapped-secret", secretGVR, client, "./example.yaml", 0)
+	if err != nil {
+		panic(err)
+	}
 
 	for {
 		secret, err := client.Resource(secretGVR).Namespace("test").Get(ctx, "example", metav1.GetOptions{})

client/rest.go

@@ -0,0 +1,8 @@
+package client
+
+import "k8s.io/client-go/rest"
+
+func DisableClientSideRateLimiting(restConfig *rest.Config) {
+	restConfig.Burst = 2000
+	restConfig.QPS = -1
+}

component/ensure_component_test.go

@@ -79,20 +79,23 @@ func TestEnsureServiceHandler(t *testing.T) {
 					},
 					Annotations: map[string]string{
 						hashKey: "n5d8h56h6dhc7h96h8h545h96q",
-					}}},
+					},
+				}},
 			},
 		},
 		{
 			name: "deletes extra services if a matching service exists",
-			existingServices: []runtime.Object{&corev1.Service{ObjectMeta: metav1.ObjectMeta{
-				Name:      "test",
-				Namespace: "test",
-				Labels: map[string]string{
-					"example.com/component": "the-main-service-component",
+			existingServices: []runtime.Object{&corev1.Service{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test",
+					Namespace: "test",
+					Labels: map[string]string{
+						"example.com/component": "the-main-service-component",
+					},
+					Annotations: map[string]string{
+						hashKey: "n5d8h56h6dhc7h96h8h545h96q",
+					},
 				},
-				Annotations: map[string]string{
-					hashKey: "n5d8h56h6dhc7h96h8h545h96q",
-				}},
 			}, &corev1.Service{ObjectMeta: metav1.ObjectMeta{
 				Name:      "extra",
 				Namespace: "test",
@@ -108,7 +111,7 @@ func TestEnsureServiceHandler(t *testing.T) {
 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
 
-			ctrls := &fake.FakeOperations{}
+			ctrls := &fake.FakeInterface{}
 			applyCalled := false
 			deleteCalled := false
 

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/cespare/xxhash/v2 v2.1.2
 	github.com/davecgh/go-spew v1.1.1
 	github.com/fsnotify/fsnotify v1.5.4
+	github.com/maxbrunsfeld/counterfeiter/v6 v6.5.0
 	github.com/prometheus/client_golang v1.13.0
 	github.com/stretchr/testify v1.8.0
 	golang.org/x/exp v0.0.0-20220823124025-807a23277127
@@ -19,6 +20,7 @@ require (
 	k8s.io/controller-manager v0.25.0
 	k8s.io/klog/v2 v2.70.1
 	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73
+	mvdan.cc/gofumpt v0.3.1
 	sigs.k8s.io/controller-runtime v0.12.3
 )
 
@@ -80,12 +82,14 @@ require (
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
 	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
 	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
 	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	golang.org/x/tools v0.1.12 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 // indirect
 	google.golang.org/grpc v1.47.0 // indirect