wget source component for downloading scan results

.github/settings.yml

@@ -36,15 +36,15 @@ repository:
 
   # Either `true` to allow squash-merging pull requests, or `false` to prevent
   # squash-merging.
-  allow_squash_merge: true
+  allow_squash_merge: false
 
   # Either `true` to allow merging pull requests with a merge commit, or `false`
   # to prevent merging pull requests with merge commits.
   allow_merge_commit: false
 
   # Either `true` to allow rebase-merging pull requests, or `false` to prevent
   # rebase-merging.
-  allow_rebase_merge: false
+  allow_rebase_merge: true
 
   # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
   delete_branch_on_merge: true

.github/workflows/format.yml

@@ -13,9 +13,17 @@ jobs:
   build:
     name: Format
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+      cancel-in-progress: true
     steps:
-      - name: Check out code
-        uses: actions/checkout@v2
+    - name: Check out code
+      uses: actions/checkout@v4
 
-      - name: Format
-        run: ./pleasew fmt-all
+    - name: Setup Go 1.21.6
+      uses: actions/setup-go@v4
+      with:
+        go-version: 1.21.6
+
+    - name: Format
+      run: make install-lint-tools fmt && test $(git diff -p | wc -l) -eq 0

.github/workflows/lint.yml

@@ -5,10 +5,6 @@ on:
     branches:
     - main
 
-env:
-  PLZ_CONFIG_PROFILE: ci
-  SEGMENT_DOWNLOAD_TIMEOUT_MINS: "2"
-
 permissions:
   # Grant the ability to checkout the repository
   contents: read
@@ -25,17 +21,14 @@ jobs:
       cancel-in-progress: true
     steps:
     - name: Check out code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
-    - name: Cache plz
-      id: cache-plz
-      uses: actions/cache@v3
+    - name: Setup Go 1.21.6
+      uses: actions/setup-go@v4
       with:
-        path: .plz-cache
-        key: ${{ runner.os }}-plz
+        go-version: 1.21.6
 
     - name: Lint
       env:
         REVIEWDOG_GITHUB_API_TOKEN: "${{ github.token }}"
-        GOLANGCI_LINT_CACHE: "${{ github.workspace }}/.golangci-lint-cache"
-      run: "./pleasew -p -v=2 lint"
+      run: go install github.com/reviewdog/reviewdog/cmd/reviewdog@latest && make install-lint-tools lint

.github/workflows/publish.yml

@@ -5,39 +5,15 @@ on:
       - 'v*'
     branches:
       - main
-  # Trigger, but do nothing in PRs so we can check that the workflow is valid.
-  pull_request:
-    branches:
-      - main
-
-env:
-  PLZ_CONFIG_PROFILE: ci
 
 permissions:
   # Grant the ability to checkout the repository
   contents: read
 
 jobs:
-  pre-release:
-    name: Publish
-    if: github.event_name != 'pull_request' && github.ref_type == 'tag'
-    runs-on: ubuntu-latest
-    permissions:
-      # Grant the ability to create GitHub Releases.
-      contents: write
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v2
-
-      - name: Create pre-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: ./pleasew run //build/releases:pre-release
-
-  push-docker-images:
+  publish-docker-images:
     name: Push Docker images
     runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request'
     permissions:
       # Grant the ability to write to GitHub Packages (push Docker images to
       # GitHub Container Registry).
@@ -56,4 +32,4 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish Docker images
-        run: ./pleasew run //build/releases:publish-images
+        run: make publish-component-containers

.github/workflows/test.yml

@@ -8,42 +8,11 @@ on:
     branches:
     - main
 
-env:
-  PLZ_CONFIG_PROFILE: ci
-  SEGMENT_DOWNLOAD_TIMEOUT_MINS: "2"
-
 permissions:
   # Grant the ability to checkout the repository
   contents: read
 
 jobs:
-  build:
-    name: Build
-    runs-on: ubuntu-latest
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-build
-      cancel-in-progress: true
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v3
-
-      - name: Cache plz
-        id: cache-plz
-        uses: actions/cache@v3
-        with:
-          path: .plz-cache
-          key: ${{ runner.os }}-plz
-
-      - name: Build
-        env:
-          # This uses a public read-only PAT tied to VJftw, please don't abuse! :pray:
-          # See: https://github.com/actions/setup-node/issues/49 for reasons.
-          GITHUB_TOKEN: ${{ secrets.VJFTW_GITHUB_TOKEN }}
-          CONSUMER_JIRA_API_TOKEN: ${{secrets.CONSUMER_JIRA_API_TOKEN}}
-          CONSUMER_JIRA_USER: ${{secrets.CONSUMER_JIRA_USER}}
-          CONSUMER_JIRA_URL: ${{secrets.CONSUMER_JIRA_URL}}
-        run: ./pleasew build -p -v 2 //...
-
   test:
     name: Test
     runs-on: ubuntu-latest
@@ -52,7 +21,12 @@ jobs:
       cancel-in-progress: true
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup Go 1.21.6
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.21.6
 
       - name: Test
-        run: ./pleasew test //...
+        run: make test

.gitignore

@@ -1,10 +1,6 @@
 /dist/
-/vendor/
 __pycache__
 *.pyc
 **/node_modules/
-.plz_clean*
-
-# Entries below this point are managed by Please (DO NOT EDIT)
-plz-out
-.plzconfig.local
+bin
+.custom_image

.reviewdog.yml

@@ -1,42 +1,45 @@
 ---
 runner:
+  go/vet:
+    cmd: go vet $(go list ./... | grep -v /vendor/)
+    format: govet
+
   go/staticcheck:
-    cmd: |
-      ./pleasew run //third_party/binary/dominikh/go-tools:staticcheck -- $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
-    errorformat:
-      - '%E%f:%l:%c: %m'
+    cmd: staticcheck $(go list ./... | grep -v /vendor/)
+    format: staticcheck
 
   go/revive:
-    cmd: |
-      ./pleasew run //third_party/binary/mgechev/revive:revive -- $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
+    cmd: revive -exclude ./vendor/... -config revive.toml ./...
     errorformat:
-      - '%E%f:%l:%c: %m'
-
-  go/vet:
-    cmd: |
-      ./pleasew run "//third_party/go:toolchain|go" -- vet $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
+      - '%f:%l:%c: %m'
+
+  go/containedctx:
+    cmd: go vet -vettool=$(which containedctx) $(go list ./... | grep -v /vendor/)
     errorformat:
-      - '%E%f:%l:%c: %m'
+      - '%f:%l:%c: %m'
 
-  go/gosec:
-    cmd: |
-      ./pleasew run //third_party/binary/securego/gosec:gosec -- -fmt golint $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
+  go/ineffassign:
+    cmd: ineffassign $(go list ./... | grep -v /vendor/)
     errorformat:
-      - '%E%f:%l:%c: %m'
+      - '%f:%l:%c: %m'
 
-  go/fmt:
-    cmd: |
-      ./pleasew run //third_party/go/mvdan.cc/gofumpt:gofumpt -- -d $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
-    format: diff
-    level: error
+  go/errorlint:
+    cmd: go-errorlint -errorf-multi -errorf -test $(go list ./... | grep -v /vendor/)
+    errorformat:
+      - '%f:%l:%c: %m'
 
-  buf_lint:
-    cmd: ./pleasew run "//third_party/binary/bufbuild/buf:buf|buf" -- lint --path api/
-    level: error
+  go/errcheck:
+    cmd: errcheck -asserts -blank $(go list ./... | grep -v /vendor/)
     errorformat:
       - '%f:%l:%c:%m'
 
-  buf_format:
-    cmd: ./pleasew run "//third_party/binary/bufbuild/buf:buf|buf" -- format --diff --path api/
-    format: diff
+  # TODO: figure out how to set errorformat to parse the error output
+  # actionlint:
+  #   cmd: actionlint
+  #   errorformat:
+  #     - 
+
+  buf_lint:
+    cmd: buf lint . --path ./api/
     level: error
+    format: buf