From cb6e0359d3120aa3814a52fe060a8178157c2423 Mon Sep 17 00:00:00 2001 From: Oleksandr Redko Date: Mon, 23 Mar 2026 14:05:49 +0200 Subject: [PATCH] chore: Use golangci-lint-action; remove newreposecretwithlibsodium --- .github/workflows/linter.yml | 13 +- example/newreposecretwithlibsodium/go.mod | 13 -- example/newreposecretwithlibsodium/go.sum | 7 - example/newreposecretwithlibsodium/main.go | 158 --------------------- script/lint.sh | 4 +- script/test.sh | 1 - 6 files changed, 9 insertions(+), 187 deletions(-) delete mode 100644 example/newreposecretwithlibsodium/go.mod delete mode 100644 example/newreposecretwithlibsodium/go.sum delete mode 100644 example/newreposecretwithlibsodium/main.go diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 2a69022a367..2ddd18ae278 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -13,13 +13,14 @@ jobs: with: go-version: stable cache-dependency-path: "**/go.sum" - - uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4 + - name: Check generated code + run: ./script/generate.sh --check + - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: - path: | - bin/golangci-lint - bin/custom-gcl - key: ${{ runner.os }}-${{ runner.arch }}-tools-${{ hashFiles('.custom-gcl.yml', 'tools/**/go.mod', 'tools/**/go.sum', 'tools/**/*.go') }} - - run: script/lint.sh + version: v2.10.1 # sync with version in .custom-gcl.yml + experimental: "automatic-module-directories" + - name: Check OpenAPI + run: ./script/metadata.sh update-openapi --validate env: CHECK_GITHUB_OPENAPI: 1 GITHUB_TOKEN: ${{ github.token }} diff --git a/example/newreposecretwithlibsodium/go.mod b/example/newreposecretwithlibsodium/go.mod deleted file mode 100644 index d0fb85a4005..00000000000 --- a/example/newreposecretwithlibsodium/go.mod +++ /dev/null @@ -1,13 +0,0 @@ -module newreposecretwithlibsodium - -go 1.25.0 - -require ( - github.com/GoKillers/libsodium-go v0.0.0-20171022220152-dd733721c3cb - github.com/google/go-github/v84 v84.0.0 -) - -require github.com/google/go-querystring v1.2.0 // indirect - -// Use version at HEAD, not the latest published. -replace github.com/google/go-github/v84 => ../.. diff --git a/example/newreposecretwithlibsodium/go.sum b/example/newreposecretwithlibsodium/go.sum deleted file mode 100644 index 89b3b3f0790..00000000000 --- a/example/newreposecretwithlibsodium/go.sum +++ /dev/null @@ -1,7 +0,0 @@ -github.com/GoKillers/libsodium-go v0.0.0-20171022220152-dd733721c3cb h1:ilqSFSbR1fq6x88heeHrvAqlg+ES+tZk2ZcaCmiH1gI= -github.com/GoKillers/libsodium-go v0.0.0-20171022220152-dd733721c3cb/go.mod h1:72TQeEkiDH9QMXZa5nJJvZre0UjqqO67X2QEIoOwCRU= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= -github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= -github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= -github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= diff --git a/example/newreposecretwithlibsodium/main.go b/example/newreposecretwithlibsodium/main.go deleted file mode 100644 index f323ff232c7..00000000000 --- a/example/newreposecretwithlibsodium/main.go +++ /dev/null @@ -1,158 +0,0 @@ -// Copyright 2020 The go-github AUTHORS. All rights reserved. -// -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// newreposecretwithlibsodium creates a new secret in GitHub for a given owner/repo. -// newreposecretwithlibsodium depends on sodium being installed. Installation instructions for Sodium can be found at this url: -// https://github.com/jedisct1/libsodium -// -// nnewreposecretwithlibsodium has two required flags for owner and repo, and takes in one argument for the name of the secret to add. -// The secret value is pulled from an environment variable based on the secret name. -// To authenticate with GitHub, provide your token via an environment variable GITHUB_AUTH_TOKEN. -// -// To verify the new secret, navigate to GitHub Repository > Settings > left side options bar > Secrets. -// -// Usage: -// -// export GITHUB_AUTH_TOKEN= -// export SECRET_VARIABLE= -// go run main.go -owner -repo SECRET_VARIABLE -// -// Example: -// -// export GITHUB_AUTH_TOKEN=0000000000000000 -// export SECRET_VARIABLE="my-secret" -// go run main.go -owner google -repo go-github SECRET_VARIABLE -package main - -import ( - "context" - "encoding/base64" - "errors" - "flag" - "fmt" - "log" - "os" - - sodium "github.com/GoKillers/libsodium-go/cryptobox" - "github.com/google/go-github/v84/github" -) - -var ( - repo = flag.String("repo", "", "The repo that the secret should be added to, ex. go-github") - owner = flag.String("owner", "", "The owner of there repo this should be added to, ex. google") -) - -func main() { - flag.Parse() - - token := os.Getenv("GITHUB_AUTH_TOKEN") - if token == "" { - log.Fatal("please provide a GitHub API token via env variable GITHUB_AUTH_TOKEN") - } - - if *repo == "" { - log.Fatal("please provide required flag --repo to specify GitHub repository ") - } - - if *owner == "" { - log.Fatal("please provide required flag --owner to specify GitHub user/org owner") - } - - secretName, err := getSecretName() - if err != nil { - log.Fatal(err) - } - - secretValue, err := getSecretValue(secretName) - if err != nil { - log.Fatal(err) - } - - ctx := context.Background() - client := github.NewClient(nil).WithAuthToken(token) - - if err := addRepoSecret(ctx, client, *owner, *repo, secretName, secretValue); err != nil { - log.Fatal(err) - } - - fmt.Printf("Added secret %q to the repo %v/%v\n", secretName, *owner, *repo) -} - -func getSecretName() (string, error) { - secretName := flag.Arg(0) - if secretName == "" { - return "", fmt.Errorf("missing argument secret name") - } - return secretName, nil -} - -func getSecretValue(secretName string) (string, error) { - secretValue := os.Getenv(secretName) - if secretValue == "" { - return "", fmt.Errorf("secret value not found under env variable %q", secretName) - } - return secretValue, nil -} - -// addRepoSecret will add a secret to a GitHub repo for use in GitHub Actions. -// -// Finally, the secretName and secretValue will determine the name of the secret added and it's corresponding value. -// -// The actual transmission of the secret value to GitHub using the api requires that the secret value is encrypted -// using the public key of the target repo. This encryption is done using sodium. -// -// First, the public key of the repo is retrieved. The public key comes base64 -// encoded, so it must be decoded prior to use in sodiumlib. -// -// Second, the secret value is converted into a slice of bytes. -// -// Third, the secret is encrypted with sodium.CryptoBoxSeal using the repo's decoded public key. -// -// Fourth, the encrypted secret is encoded as a base64 string to be used in a github.EncodedSecret type. -// -// Fifth, The other two properties of the github.EncodedSecret type are determined. The name of the secret to be added -// (string not base64), and the KeyID of the public key used to encrypt the secret. -// This can be retrieved via the public key's GetKeyID method. -// -// Finally, the github.EncodedSecret is passed into the GitHub client.Actions.CreateOrUpdateRepoSecret method to -// populate the secret in the GitHub repo. -func addRepoSecret(ctx context.Context, client *github.Client, owner, repo, secretName, secretValue string) error { - publicKey, _, err := client.Actions.GetRepoPublicKey(ctx, owner, repo) - if err != nil { - return err - } - - encryptedSecret, err := encryptSecretWithPublicKey(publicKey, secretName, secretValue) - if err != nil { - return err - } - - if _, err := client.Actions.CreateOrUpdateRepoSecret(ctx, owner, repo, encryptedSecret); err != nil { - return fmt.Errorf("client.Actions.CreateOrUpdateRepoSecret returned error: %v", err) - } - - return nil -} - -func encryptSecretWithPublicKey(publicKey *github.PublicKey, secretName, secretValue string) (*github.EncryptedSecret, error) { - decodedPublicKey, err := base64.StdEncoding.DecodeString(publicKey.GetKey()) - if err != nil { - return nil, fmt.Errorf("base64.StdEncoding.DecodeString was unable to decode public key: %v", err) - } - - encryptedBytes, exit := sodium.CryptoBoxSeal([]byte(secretValue), decodedPublicKey) - if exit != 0 { - return nil, errors.New("sodium.CryptoBoxSeal exited with non zero exit code") - } - - encryptedString := base64.StdEncoding.EncodeToString(encryptedBytes) - keyID := publicKey.GetKeyID() - encryptedSecret := &github.EncryptedSecret{ - Name: secretName, - KeyID: keyID, - EncryptedValue: encryptedString, - } - return encryptedSecret, nil -} diff --git a/script/lint.sh b/script/lint.sh index dc507123cf2..ca4000647a8 100755 --- a/script/lint.sh +++ b/script/lint.sh @@ -28,7 +28,7 @@ MOD_DIRS="$(git ls-files '*go.mod' | xargs dirname | sort -u)" # Override with LINT_JOBS, otherwise use detected CPU count. : "${LINT_JOBS:=$(getconf _NPROCESSORS_ONLN 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null || echo 4)}" -LINT_DIRS="$(printf '%s\n' "$MOD_DIRS" | grep -v '^example/newreposecretwithlibsodium$')" +LINT_DIRS="$(printf '%s\n' "$MOD_DIRS")" FAILED_COUNT=0 LINT_FAILED=0 @@ -51,7 +51,7 @@ wait_pids() { # Identify the directory for this PID dir=$(echo "$DIRS_IN_FLIGHT" | awk -v i="$i" '{print $i}') log_file="$LOG_DIR/$(echo "$dir" | tr '/' '_').log" - + if wait "$pid"; then printf "${GREEN}✔ %-40s [ PASS ]${NC}\n" "$dir" else diff --git a/script/test.sh b/script/test.sh index dedd832ecad..e195888bbb8 100755 --- a/script/test.sh +++ b/script/test.sh @@ -19,7 +19,6 @@ fi MOD_DIRS="$(git ls-files '*go.mod' | xargs dirname | sort)" for dir in $MOD_DIRS; do - [ "$dir" = "example/newreposecretwithlibsodium" ] && continue echo "testing $dir" ( cd "$dir"