Merge branch 'main' into update-to-to-fixed-pkg

defenseunicorns · May 23, 2024 · 41c647f · 41c647f
2 parents fab85d2 + 5cf570f
commit 41c647f
Show file tree

Hide file tree

Showing 29 changed files with 337 additions and 69 deletions.
diff --git a/.github/actions/golang/action.yaml b/.github/actions/golang/action.yaml
@@ -4,6 +4,6 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
       with:
         go-version: 1.21.x
diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
@@ -6,7 +6,7 @@ runs:
   steps:
     - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
-    - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
+    - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash

diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml
@@ -4,12 +4,7 @@ description: "Save debug logs"
 runs:
   using: composite
   steps:
-    - name: Fix log permissions
-      run: |
-        sudo chown $USER /tmp/runner-*.log || echo ""
-      shell: bash
-
     - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
       with:
         name: debug-log
-        path: /tmp/runner-*.log
+        path: /tmp/maru-*.log
diff --git a/.github/actions/zarf/action.yaml b/.github/actions/zarf/action.yaml
@@ -7,4 +7,4 @@ runs:
     - uses: defenseunicorns/setup-zarf@main
       with:
         # renovate: datasource=github-tags depName=defenseunicorns/zarf
-        version: v0.32.5
+        version: v0.33.2
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
 
@@ -28,6 +28,7 @@ jobs:
 
       - name: Lint PR title
         env:
-          PR_TITLE: ${{ github.event.pull_request.title }}
+          pull_request_title: ${{ github.event.pull_request.title }}
         run: |
-          echo "$PR_TITLE" | npx commitlint
+          echo "module.exports = {extends: ['@commitlint/config-conventional']}" > commitlint.config.js
+          echo "$pull_request_title" | npx commitlint
diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Dependency Review
         uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -11,7 +11,7 @@ jobs:
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
 
@@ -38,7 +38,7 @@ jobs:
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
 
@@ -58,6 +58,10 @@ jobs:
         run: |
           chmod +x build/maru
 
+      - name: Run unit tests
+        run: |
+          make test-unit
+
       - name: Run e2e tests
         run: |
           make test-e2e
@@ -74,7 +78,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: 0
 
@@ -90,16 +94,25 @@ jobs:
           name: build-artifacts
           path: build/
 
+      - name: Skip brew latest for pre-release tags
+        run: |
+          if [[ $GITHUB_REF_NAME == *"rc"* ]]; then
+            echo "BREW_NAME=maru@latest-rc" >> $GITHUB_ENV
+          else
+            echo "BREW_NAME=maru" >> $GITHUB_ENV
+          fi
+
       - name: Get Brew tap repo token
         id: brew-tap-token
-        uses: peter-murray/workflow-application-token-action@dc0413987a085fa17d19df9e47d4677cf81ffef3 # v3.0.0
+        uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
         with:
-          application_id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
-          application_private_key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
-          organization: defenseunicorns
+          app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
+          private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}
+          owner: defenseunicorns
+          repositories: homebrew-tap
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+        uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
         with:
           distribution: goreleaser
           version: latest

diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -45,7 +45,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -54,6 +54,6 @@ jobs:
 
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scan-lint.yaml b/.github/workflows/scan-lint.yaml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup golang
         uses: ./.github/actions/golang

diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -22,12 +22,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -45,6 +45,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/test-e2e-pr.yaml b/.github/workflows/test-e2e-pr.yaml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup golang
         uses: ./.github/actions/golang

diff --git a/.github/workflows/test-schema.yaml b/.github/workflows/test-schema.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup golang
         uses: ./.github/actions/golang

diff --git a/.github/workflows/test-unit-pr.yaml b/.github/workflows/test-unit-pr.yaml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
 
       - name: Setup golang
         uses: ./.github/actions/golang

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -44,14 +44,22 @@ changelog:
   use: github-native
 
 brews:
-  - name: maru
+  - name: "{{ .Env.BREW_NAME }}"
     repository:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+
     commit_msg_template: "Brew formula update for {{ .ProjectName }} version {{ .Tag }}"
     homepage: "https://github.com/defenseunicorns/maru-runner"
-    description: "CLI for Unicorn Delivery Service"
+    description: "The Unicorn Task Runner"
 
   # NOTE: We are using .Version instead of .Tag because homebrew has weird semver parsing rules and won't be able to
   #       install versioned releases that has a `v` character before the version number.
@@ -60,9 +68,17 @@ brews:
       owner: defenseunicorns
       name: homebrew-tap
       token: "{{ .Env.HOMEBREW_TAP_GITHUB_TOKEN }}"
+      branch: "{{ .ProjectName }}-{{ .Tag }}"
+      pull_request:
+        enabled: true
+        base:
+          branch: main
+          owner: defenseunicorns
+          name: homebrew-tap
+
     commit_msg_template: "Brew formula update for {{ .ProjectName }} versioned release {{ .Tag }}"
     homepage: "https://github.com/defenseunicorns/maru-runner"
-    description: "unicorn-flavored build tool"
+    description: "The Unicorn Task Runner"
 
 # Generate a GitHub release and publish the release for the tag
 release:

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -8,16 +8,13 @@ Fundamentally, software engineering is a communication problem; we write code fo
 
 - **Write tests that give confidence**: Unless there is a technical blocker, every new feature and bug fix should be tested in the project's automated test suite. Although many of our tests are E2E, unit and integration-style tests are also welcomed. Note that unit tests can live in a `*_test.go` file alongside the source code, and E2E tests live in `src/test/e2e`
 
+- **Prefer readability over being clever**: We have a strong preference for code readability in Maru. Specifically, this means things like: naming variables appropriately, keeping functions to a reasonable size and avoiding complicated solutions when simple ones exist.
 
-- **Prefer readability over being clever**: We have a strong preference for code readabilty in Maru. Specifically, this means things like: naming variables appropriately, keeping functions to a reasonable size and avoiding complicated solutions when simple ones exist.
-
-
-- **User experience is paramount**: Maru doesn't have a pretty UI (yet), but the core user-centered design principles that apply when building a frontend also apply to this CLI tool. First and foremost, features in run-run-run should enhance workflows and make life easier for end users; if a feature doesn't accomplish this, it will be dropped.  
+- **User experience is paramount**: Maru doesn't have a pretty UI (yet), but the core user-centered design principles that apply when building a frontend also apply to this CLI tool. First and foremost, features in Maru should enhance workflows and make life easier for end users; if a feature doesn't accomplish this, it will be dropped.
 
 ### Pre-Commit Hooks and Linting
 In this repo you can optionally use [pre-commit](https://pre-commit.com/) hooks for automated validation and linting, but if not CI will run these checks for you.
 
-
 ## Continuous Delivery
 Continuous Delivery is core to our development philosophy. Check out [https://minimumcd.org](https://minimumcd.org/) for a good baseline agreement on what that means.
 

diff --git a/README.md b/README.md
@@ -186,7 +186,7 @@ Command blocks can have several other properties including:
       ```
 
     - `maxRetries`: number of times to retry the command
-    - `maxTotalSeconds`: max number of seconds the command can run until it is killed; takes precendence
+    - `maxTotalSeconds`: max number of seconds the command can run until it is killed; takes precedence
       over `maxRetries`
 
 ### Variables
@@ -219,7 +219,7 @@ Variables can be defined in several ways:
          - cmd: echo ${FOO}
    ```
 
-1. As an environment variable prefixed with `RUN_`. In the example above, if you create an env var `RUN_FOO=bar`, then the`FOO` variable would be set to `bar`.
+1. As an environment variable prefixed with `MARU_`. In the example above, if you create an env var `MARU_FOO=bar`, then the`FOO` variable would be set to `bar`.
 
 1. Using the `--set` flag in the CLI : `run foo --set FOO=bar`
 
@@ -229,7 +229,7 @@ Note that variables also have the following attributes when setting them with YA
 
 - `sensitive`: boolean value indicating if a variable should be visible in output
 - `default`: default value of a variable
-    - In the example above, if `FOO` did not have a default, and you have an environment variable `RUN_FOO=bar`, the default would get set to `bar`.
+    - In the example above, if `FOO` did not have a default, and you have an environment variable `MARU_FOO=bar`, the default would get set to `bar`.
 
 #### Environment Variable Files
 
@@ -240,22 +240,48 @@ tasks:
   - name: env
     actions:
       - cmd: echo $FOO
-      - cmd: echo $RUN_ARCH
+      - cmd: echo $MARU_ARCH
       - task: echo-env
   - name: echo-env
     envPath: ./path/to/.env
     actions:
       - cmd: echo different task $FOO
 ```
 
+#### Automatic Environment Variables
+The following Environment Variables are set automatically by maru-runner and are available to any action being performed:
+- `MARU` - Set to 'true' to indicate the action was executed by maru-runner.
+- `MARU_ARCH` - Set to the current architecture. e.g. 'amd64'
+
+Example:
+
+- tasks.yaml
+  ```yaml
+    - name: print-common-env
+      actions:
+        - cmd: echo MARU_ARCH=[$MARU_ARCH]
+        - cmd: echo MARU=[$MARU]
+  ```
+- `maru run print-common-env` output:
+  ```
+      MARU_ARCH=[amd64]
+    ✔  Completed "echo MARU_ARCH=[$MARU_ARCH]"
+      MARU=[true]
+    ✔  Completed "echo MARU=[$MARU]"
+  ```
 
 #### Variable Precedence
 Variable precedence is as follows, from least to most specific:
 - Variable defaults set in YAML
-- Environment variables prefixed with `RUN_`
+- Environment variables prefixed with `MARU_`
 - Variables set with the `--set` flag in the CLI
 
-That is to say, variables set via the `--set` flag take precedence over all other variables. The exception to this precedence order is when a variable is modified using `setVariable`, which will change the value of the variable during runtime.
+That is to say, variables set via the `--set` flag take precedence over all other variables.
+
+There are a couple of exceptions to this precedence order:
+- When a variable is modified using `setVariable`, which will change the value of the variable during runtime.
+- When another application is vendoring in maru, it can use config.AddExtraEnv to add extra environment variables. Any variables set by an application in this way take precedence over everything else.
+
 
 ### Wait
 

diff --git a/commitlint.config.js b/commitlint.config.js
diff --git a/renovate.json b/renovate.json
@@ -30,5 +30,19 @@
       ],
       "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver{{/if}}"
     }
+  ],
+  "packageRules": [
+    {
+      "groupName": "Maru Support Dependencies",
+      "labels": ["support-deps"],
+      "commitMessageTopic": "support-deps",
+      "packagePatterns": ["*"]
+    },
+    {
+      "groupName": "Maru Code Dependencies",
+      "labels": ["code-deps"],
+      "commitMessageTopic": "code-deps",
+      "matchDatasources": ["go"]
+    }
   ]
 }
diff --git a/src/cmd/internal.go b/src/cmd/internal.go
@@ -26,7 +26,7 @@ var configTasksSchemaCmd = &cobra.Command{
 	Use:     "config-tasks-schema",
 	Aliases: []string{"c"},
 	Short:   lang.CmdInternalConfigSchemaShort,
-	PersistentPreRun: func(cmd *cobra.Command, _ []string) {
+	PersistentPreRun: func(_ *cobra.Command, _ []string) {
 		skipLogFile = true
 	},
 	Run: func(_ *cobra.Command, _ []string) {

diff --git a/src/cmd/root.go b/src/cmd/root.go
@@ -58,7 +58,6 @@ func init() {
 	v.SetDefault(V_ARCHITECTURE, "")
 	v.SetDefault(V_NO_LOG_FILE, false)
 	v.SetDefault(V_TMP_DIR, "")
-	v.SetDefault(V_ENV_PREFIX, "RUN")
 
 	rootCmd.PersistentFlags().StringVarP(&logLevelString, "log-level", "l", v.GetString(V_LOG_LEVEL), lang.RootCmdFlagLogLevel)
 	rootCmd.PersistentFlags().StringVarP(&config.CLIArch, "architecture", "a", v.GetString(V_ARCHITECTURE), lang.RootCmdFlagArch)