diff --git a/bearertoken/go.mod b/bearertoken/go.mod index fb678678..b95b7a8e 100644 --- a/bearertoken/go.mod +++ b/bearertoken/go.mod @@ -1,5 +1,5 @@ module github.com/palantir/pkg/bearertoken -require github.com/palantir/pkg v1.0.1 +require github.com/palantir/pkg v1.1.0 go 1.19 diff --git a/bearertoken/go.sum b/bearertoken/go.sum index a1aef2df..10a880b4 100644 --- a/bearertoken/go.sum +++ b/bearertoken/go.sum @@ -1,2 +1,2 @@ -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= diff --git a/bearertoken/vendor/github.com/palantir/pkg/.bulldozer.yml b/bearertoken/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/bearertoken/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/bearertoken/vendor/github.com/palantir/pkg/.policy.yml b/bearertoken/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/bearertoken/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/bearertoken/vendor/github.com/palantir/pkg/godelw b/bearertoken/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/bearertoken/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/bearertoken/vendor/modules.txt b/bearertoken/vendor/modules.txt index 323a2f67..e4201111 100644 --- a/bearertoken/vendor/modules.txt +++ b/bearertoken/vendor/modules.txt @@ -1,3 +1,3 @@ -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg diff --git a/binary/go.mod b/binary/go.mod index 42111571..64b8fee4 100644 --- a/binary/go.mod +++ b/binary/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/binary go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/binary/go.sum b/binary/go.sum index f3c0b4af..878c8d19 100644 --- a/binary/go.sum +++ b/binary/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/binary/vendor/github.com/palantir/pkg/.bulldozer.yml b/binary/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/binary/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/binary/vendor/github.com/palantir/pkg/.policy.yml b/binary/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/binary/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/binary/vendor/github.com/palantir/pkg/godelw b/binary/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/binary/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/binary/vendor/modules.txt b/binary/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/binary/vendor/modules.txt +++ b/binary/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/boolean/go.mod b/boolean/go.mod index 6344cfd8..8e25efc0 100644 --- a/boolean/go.mod +++ b/boolean/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/boolean go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/boolean/go.sum b/boolean/go.sum index f3c0b4af..878c8d19 100644 --- a/boolean/go.sum +++ b/boolean/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/boolean/vendor/github.com/palantir/pkg/.bulldozer.yml b/boolean/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/boolean/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/boolean/vendor/github.com/palantir/pkg/.policy.yml b/boolean/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/boolean/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/boolean/vendor/github.com/palantir/pkg/godelw b/boolean/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/boolean/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/boolean/vendor/modules.txt b/boolean/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/boolean/vendor/modules.txt +++ b/boolean/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/bytesbuffers/go.mod b/bytesbuffers/go.mod index ca183bcf..ed035645 100644 --- a/bytesbuffers/go.mod +++ b/bytesbuffers/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/bytesbuffers go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/bytesbuffers/go.sum b/bytesbuffers/go.sum index f3c0b4af..878c8d19 100644 --- a/bytesbuffers/go.sum +++ b/bytesbuffers/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/bytesbuffers/vendor/github.com/palantir/pkg/.bulldozer.yml b/bytesbuffers/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/bytesbuffers/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/bytesbuffers/vendor/github.com/palantir/pkg/.policy.yml b/bytesbuffers/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/bytesbuffers/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/bytesbuffers/vendor/github.com/palantir/pkg/godelw b/bytesbuffers/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/bytesbuffers/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/bytesbuffers/vendor/modules.txt b/bytesbuffers/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/bytesbuffers/vendor/modules.txt +++ b/bytesbuffers/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/cli/go.mod b/cli/go.mod index 7802e46b..7b928c37 100644 --- a/cli/go.mod +++ b/cli/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/mitchellh/go-wordwrap v1.0.0 - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/spf13/viper v1.13.0 github.com/stretchr/testify v1.8.0 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be diff --git a/cli/go.sum b/cli/go.sum index 6c492ccc..509d2184 100644 --- a/cli/go.sum +++ b/cli/go.sum @@ -137,8 +137,8 @@ github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.0.5 h1:ipoSadvV8oGUjnUbMub59IDPPwfxF694nG/jwbMiyQg= diff --git a/cli/vendor/github.com/palantir/pkg/.bulldozer.yml b/cli/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/cli/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/cli/vendor/github.com/palantir/pkg/.policy.yml b/cli/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/cli/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/cli/vendor/github.com/palantir/pkg/godelw b/cli/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/cli/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/cli/vendor/modules.txt b/cli/vendor/modules.txt index ce940f0f..ed71d5d5 100644 --- a/cli/vendor/modules.txt +++ b/cli/vendor/modules.txt @@ -25,8 +25,8 @@ github.com/mitchellh/go-wordwrap # github.com/mitchellh/mapstructure v1.5.0 ## explicit; go 1.14 github.com/mitchellh/mapstructure -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pelletier/go-toml v1.9.5 ## explicit; go 1.12 diff --git a/cobracli/go.mod b/cobracli/go.mod index f99de417..d12ccc03 100644 --- a/cobracli/go.mod +++ b/cobracli/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/nmiyake/pkg/errorstringer v1.0.0 - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/pkg/errors v0.8.1 github.com/spf13/cobra v1.5.0 github.com/stretchr/testify v1.8.0 diff --git a/cobracli/go.sum b/cobracli/go.sum index 8f0160ba..ada16214 100644 --- a/cobracli/go.sum +++ b/cobracli/go.sum @@ -6,8 +6,8 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/nmiyake/pkg/errorstringer v1.0.0 h1:i8VFMHpy2orAs8Lsoi7wOdQ6ipxOUe9GRzimcNCEzBk= github.com/nmiyake/pkg/errorstringer v1.0.0/go.mod h1:M7rsuKy+fiW7j812cNTScqf7kixe7k/ETY/+cbaqzRw= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/cobracli/vendor/github.com/palantir/pkg/.bulldozer.yml b/cobracli/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/cobracli/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/cobracli/vendor/github.com/palantir/pkg/.policy.yml b/cobracli/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/cobracli/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/cobracli/vendor/github.com/palantir/pkg/godelw b/cobracli/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/cobracli/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/cobracli/vendor/modules.txt b/cobracli/vendor/modules.txt index f40ad9b5..9f6a4cad 100644 --- a/cobracli/vendor/modules.txt +++ b/cobracli/vendor/modules.txt @@ -7,8 +7,8 @@ github.com/inconshreveable/mousetrap # github.com/nmiyake/pkg/errorstringer v1.0.0 ## explicit; go 1.13 github.com/nmiyake/pkg/errorstringer -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pkg/errors v0.8.1 ## explicit diff --git a/datetime/go.mod b/datetime/go.mod index e348f287..18e68266 100644 --- a/datetime/go.mod +++ b/datetime/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/datetime go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/datetime/go.sum b/datetime/go.sum index f3c0b4af..878c8d19 100644 --- a/datetime/go.sum +++ b/datetime/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/datetime/vendor/github.com/palantir/pkg/.bulldozer.yml b/datetime/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/datetime/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/datetime/vendor/github.com/palantir/pkg/.policy.yml b/datetime/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/datetime/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/datetime/vendor/github.com/palantir/pkg/godelw b/datetime/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/datetime/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/datetime/vendor/modules.txt b/datetime/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/datetime/vendor/modules.txt +++ b/datetime/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/gittest/go.mod b/gittest/go.mod index 47f40878..253e86e5 100644 --- a/gittest/go.mod +++ b/gittest/go.mod @@ -2,4 +2,4 @@ module github.com/palantir/pkg/gittest go 1.19 -require github.com/palantir/pkg v1.0.1 +require github.com/palantir/pkg v1.1.0 diff --git a/gittest/go.sum b/gittest/go.sum index a1aef2df..10a880b4 100644 --- a/gittest/go.sum +++ b/gittest/go.sum @@ -1,2 +1,2 @@ -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= diff --git a/gittest/vendor/github.com/palantir/pkg/.bulldozer.yml b/gittest/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/gittest/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/gittest/vendor/github.com/palantir/pkg/.policy.yml b/gittest/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/gittest/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/gittest/vendor/github.com/palantir/pkg/godelw b/gittest/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/gittest/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/gittest/vendor/modules.txt b/gittest/vendor/modules.txt index 323a2f67..e4201111 100644 --- a/gittest/vendor/modules.txt +++ b/gittest/vendor/modules.txt @@ -1,3 +1,3 @@ -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg diff --git a/httpclient/go.mod b/httpclient/go.mod index fcfa922d..b1fedc5a 100644 --- a/httpclient/go.mod +++ b/httpclient/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/httpclient go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 golang.org/x/net v0.0.0-20191116160921-f9c825593386 ) diff --git a/httpclient/go.sum b/httpclient/go.sum index b341baa5..5b0b2f93 100644 --- a/httpclient/go.sum +++ b/httpclient/go.sum @@ -1,5 +1,5 @@ -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/net v0.0.0-20191116160921-f9c825593386 h1:ktbWvQrW08Txdxno1PiDpSxPXG6ndGsfnJjRRtkM0LQ= golang.org/x/net v0.0.0-20191116160921-f9c825593386/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= diff --git a/httpclient/vendor/github.com/palantir/pkg/.bulldozer.yml b/httpclient/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/httpclient/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/httpclient/vendor/github.com/palantir/pkg/.policy.yml b/httpclient/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/httpclient/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/httpclient/vendor/github.com/palantir/pkg/godelw b/httpclient/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/httpclient/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/httpclient/vendor/modules.txt b/httpclient/vendor/modules.txt index cb207c52..6ab680e5 100644 --- a/httpclient/vendor/modules.txt +++ b/httpclient/vendor/modules.txt @@ -1,5 +1,5 @@ -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # golang.org/x/net v0.0.0-20191116160921-f9c825593386 ## explicit; go 1.11 diff --git a/httpserver/go.mod b/httpserver/go.mod index 537257e6..30c99084 100644 --- a/httpserver/go.mod +++ b/httpserver/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/httpserver go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/httpserver/go.sum b/httpserver/go.sum index f3c0b4af..878c8d19 100644 --- a/httpserver/go.sum +++ b/httpserver/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/httpserver/vendor/github.com/palantir/pkg/.bulldozer.yml b/httpserver/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/httpserver/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/httpserver/vendor/github.com/palantir/pkg/.policy.yml b/httpserver/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/httpserver/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/httpserver/vendor/github.com/palantir/pkg/godelw b/httpserver/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/httpserver/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/httpserver/vendor/modules.txt b/httpserver/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/httpserver/vendor/modules.txt +++ b/httpserver/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/matcher/go.mod b/matcher/go.mod index a2f50642..d4706df7 100644 --- a/matcher/go.mod +++ b/matcher/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/matcher go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/matcher/go.sum b/matcher/go.sum index 45ee19e2..8236d60a 100644 --- a/matcher/go.sum +++ b/matcher/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/matcher/vendor/github.com/palantir/pkg/.bulldozer.yml b/matcher/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/matcher/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/matcher/vendor/github.com/palantir/pkg/.policy.yml b/matcher/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/matcher/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/matcher/vendor/github.com/palantir/pkg/godelw b/matcher/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/matcher/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/matcher/vendor/modules.txt b/matcher/vendor/modules.txt index 737bd2b8..7d5880bc 100644 --- a/matcher/vendor/modules.txt +++ b/matcher/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/merge/go.mod b/merge/go.mod index 048fdce1..22a94b85 100644 --- a/merge/go.mod +++ b/merge/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/merge go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/merge/go.sum b/merge/go.sum index f3c0b4af..878c8d19 100644 --- a/merge/go.sum +++ b/merge/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/merge/vendor/github.com/palantir/pkg/.bulldozer.yml b/merge/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/merge/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/merge/vendor/github.com/palantir/pkg/.policy.yml b/merge/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/merge/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/merge/vendor/github.com/palantir/pkg/godelw b/merge/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/merge/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/merge/vendor/modules.txt b/merge/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/merge/vendor/modules.txt +++ b/merge/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/metrics/go.mod b/metrics/go.mod index 1a561ace..b838ae19 100644 --- a/metrics/go.mod +++ b/metrics/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/palantir/go-metrics v1.1.1 - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/palantir/pkg/objmatcher v1.0.1 github.com/pkg/errors v0.8.1 github.com/stretchr/testify v1.8.0 diff --git a/metrics/go.sum b/metrics/go.sum index adbe6d91..696de7db 100644 --- a/metrics/go.sum +++ b/metrics/go.sum @@ -3,8 +3,9 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/palantir/go-metrics v1.1.1 h1:YL/UmptBjrC6iSCTVr7vfuIcjL0M359Da3/gBGNny10= github.com/palantir/go-metrics v1.1.1/go.mod h1:fRkuipBnsI4nD8Vd9UNcrUJvD8Y0wOJMSbicygcBrGs= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/palantir/pkg/objmatcher v1.0.1 h1:rzKVO2LXVR2ND7t9Hi3Q+sfFh1RZ5Liq/zmsz0vlgdw= github.com/palantir/pkg/objmatcher v1.0.1/go.mod h1:rTHUAN1LduHN+5fMTPkO5w+JHTidSmn5AsK885x2mvs= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= diff --git a/metrics/vendor/github.com/palantir/pkg/.bulldozer.yml b/metrics/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/metrics/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/metrics/vendor/github.com/palantir/pkg/.policy.yml b/metrics/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/metrics/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/metrics/vendor/github.com/palantir/pkg/godelw b/metrics/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/metrics/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/metrics/vendor/modules.txt b/metrics/vendor/modules.txt index f0acfcd4..0ab918ba 100644 --- a/metrics/vendor/modules.txt +++ b/metrics/vendor/modules.txt @@ -4,8 +4,8 @@ github.com/davecgh/go-spew/spew # github.com/palantir/go-metrics v1.1.1 ## explicit; go 1.13 github.com/palantir/go-metrics -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/palantir/pkg/objmatcher v1.0.1 ## explicit; go 1.13 diff --git a/objmatcher/go.mod b/objmatcher/go.mod index e78b590d..a53eb658 100644 --- a/objmatcher/go.mod +++ b/objmatcher/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/objmatcher go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/objmatcher/go.sum b/objmatcher/go.sum index f3c0b4af..878c8d19 100644 --- a/objmatcher/go.sum +++ b/objmatcher/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/objmatcher/vendor/github.com/palantir/pkg/.bulldozer.yml b/objmatcher/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/objmatcher/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/objmatcher/vendor/github.com/palantir/pkg/.policy.yml b/objmatcher/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/objmatcher/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/objmatcher/vendor/github.com/palantir/pkg/godelw b/objmatcher/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/objmatcher/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/objmatcher/vendor/modules.txt b/objmatcher/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/objmatcher/vendor/modules.txt +++ b/objmatcher/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/pkgpath/go.mod b/pkgpath/go.mod index 92fe2b6a..efa5d4bf 100644 --- a/pkgpath/go.mod +++ b/pkgpath/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/pkgpath go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/palantir/pkg/matcher v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/pkgpath/go.sum b/pkgpath/go.sum index b0a97950..54a484f3 100644 --- a/pkgpath/go.sum +++ b/pkgpath/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/palantir/pkg/matcher v1.1.0 h1:q3hULSpxVeaMEkvmQlbDwid6Oix8xZKWNTEgxxW1luw= github.com/palantir/pkg/matcher v1.1.0/go.mod h1:mgJvzZAFodSSAmwfSJJb4K+rxA38vIGh1Px8snk7eE0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/pkgpath/vendor/github.com/palantir/pkg/.bulldozer.yml b/pkgpath/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/pkgpath/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/pkgpath/vendor/github.com/palantir/pkg/.policy.yml b/pkgpath/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/pkgpath/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/pkgpath/vendor/github.com/palantir/pkg/godelw b/pkgpath/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/pkgpath/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/pkgpath/vendor/modules.txt b/pkgpath/vendor/modules.txt index f7fb5321..2cfaba6a 100644 --- a/pkgpath/vendor/modules.txt +++ b/pkgpath/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/palantir/pkg/matcher v1.1.0 ## explicit; go 1.18 diff --git a/refreshable/go.mod b/refreshable/go.mod index 419e9c0e..abf67884 100644 --- a/refreshable/go.mod +++ b/refreshable/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/refreshable go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/refreshable/go.sum b/refreshable/go.sum index f3c0b4af..878c8d19 100644 --- a/refreshable/go.sum +++ b/refreshable/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/refreshable/vendor/github.com/palantir/pkg/.bulldozer.yml b/refreshable/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/refreshable/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/refreshable/vendor/github.com/palantir/pkg/.policy.yml b/refreshable/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/refreshable/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/refreshable/vendor/github.com/palantir/pkg/godelw b/refreshable/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/refreshable/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/refreshable/vendor/modules.txt b/refreshable/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/refreshable/vendor/modules.txt +++ b/refreshable/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/retry/go.mod b/retry/go.mod index 9ed6a30d..84bc40e9 100644 --- a/retry/go.mod +++ b/retry/go.mod @@ -2,4 +2,4 @@ module github.com/palantir/pkg/retry go 1.19 -require github.com/palantir/pkg v1.0.1 +require github.com/palantir/pkg v1.1.0 diff --git a/retry/go.sum b/retry/go.sum index a1aef2df..10a880b4 100644 --- a/retry/go.sum +++ b/retry/go.sum @@ -1,2 +1,2 @@ -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= diff --git a/retry/vendor/github.com/palantir/pkg/.bulldozer.yml b/retry/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/retry/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/retry/vendor/github.com/palantir/pkg/.policy.yml b/retry/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/retry/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/retry/vendor/github.com/palantir/pkg/godelw b/retry/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/retry/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/retry/vendor/modules.txt b/retry/vendor/modules.txt index 323a2f67..e4201111 100644 --- a/retry/vendor/modules.txt +++ b/retry/vendor/modules.txt @@ -1,3 +1,3 @@ -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg diff --git a/rid/go.mod b/rid/go.mod index 92cf4d92..89f6773f 100644 --- a/rid/go.mod +++ b/rid/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/rid go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/rid/go.sum b/rid/go.sum index f3c0b4af..878c8d19 100644 --- a/rid/go.sum +++ b/rid/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/rid/vendor/github.com/palantir/pkg/.bulldozer.yml b/rid/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/rid/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/rid/vendor/github.com/palantir/pkg/.policy.yml b/rid/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/rid/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/rid/vendor/github.com/palantir/pkg/godelw b/rid/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/rid/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/rid/vendor/modules.txt b/rid/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/rid/vendor/modules.txt +++ b/rid/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/safehttp/go.mod b/safehttp/go.mod index a54c22fb..be44ad23 100644 --- a/safehttp/go.mod +++ b/safehttp/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/safehttp go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/safehttp/go.sum b/safehttp/go.sum index f3c0b4af..878c8d19 100644 --- a/safehttp/go.sum +++ b/safehttp/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/safehttp/vendor/github.com/palantir/pkg/.bulldozer.yml b/safehttp/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/safehttp/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/safehttp/vendor/github.com/palantir/pkg/.policy.yml b/safehttp/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/safehttp/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/safehttp/vendor/github.com/palantir/pkg/godelw b/safehttp/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/safehttp/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/safehttp/vendor/modules.txt b/safehttp/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/safehttp/vendor/modules.txt +++ b/safehttp/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/safejson/go.mod b/safejson/go.mod index e7f31ce0..a04b21f2 100644 --- a/safejson/go.mod +++ b/safejson/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/safejson go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/safejson/go.sum b/safejson/go.sum index 45ee19e2..8236d60a 100644 --- a/safejson/go.sum +++ b/safejson/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/safejson/vendor/github.com/palantir/pkg/.bulldozer.yml b/safejson/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/safejson/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/safejson/vendor/github.com/palantir/pkg/.policy.yml b/safejson/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/safejson/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/safejson/vendor/github.com/palantir/pkg/godelw b/safejson/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/safejson/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/safejson/vendor/modules.txt b/safejson/vendor/modules.txt index 737bd2b8..7d5880bc 100644 --- a/safejson/vendor/modules.txt +++ b/safejson/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/safelong/go.mod b/safelong/go.mod index dd3d270b..8e78f401 100644 --- a/safelong/go.mod +++ b/safelong/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/safelong go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/safelong/go.sum b/safelong/go.sum index f3c0b4af..878c8d19 100644 --- a/safelong/go.sum +++ b/safelong/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/safelong/vendor/github.com/palantir/pkg/.bulldozer.yml b/safelong/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/safelong/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/safelong/vendor/github.com/palantir/pkg/.policy.yml b/safelong/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/safelong/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/safelong/vendor/github.com/palantir/pkg/godelw b/safelong/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/safelong/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/safelong/vendor/modules.txt b/safelong/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/safelong/vendor/modules.txt +++ b/safelong/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/safeyaml/go.mod b/safeyaml/go.mod index 499b3f59..1ae80ce0 100644 --- a/safeyaml/go.mod +++ b/safeyaml/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/safeyaml go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/palantir/pkg/transform v1.0.1 github.com/stretchr/testify v1.8.0 gopkg.in/yaml.v2 v2.2.2 diff --git a/safeyaml/go.sum b/safeyaml/go.sum index abb8d48c..60017905 100644 --- a/safeyaml/go.sum +++ b/safeyaml/go.sum @@ -1,8 +1,9 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/palantir/pkg/transform v1.0.1 h1:+b0wtPsC/tcFOSoAzxsurXnbUnZIb4TDj/tfMLIMX3w= github.com/palantir/pkg/transform v1.0.1/go.mod h1:Kn0ST9vBxM16s08/1uYPSWgAOussLidNmukkvqcIocE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/safeyaml/vendor/github.com/palantir/pkg/.bulldozer.yml b/safeyaml/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/safeyaml/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/safeyaml/vendor/github.com/palantir/pkg/.policy.yml b/safeyaml/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/safeyaml/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/safeyaml/vendor/github.com/palantir/pkg/godelw b/safeyaml/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/safeyaml/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/safeyaml/vendor/modules.txt b/safeyaml/vendor/modules.txt index 1f7ecb0a..b1e3dece 100644 --- a/safeyaml/vendor/modules.txt +++ b/safeyaml/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/palantir/pkg/transform v1.0.1 ## explicit; go 1.13 diff --git a/signals/go.mod b/signals/go.mod index c06b226c..91cabdff 100644 --- a/signals/go.mod +++ b/signals/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/signals go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/signals/go.sum b/signals/go.sum index f3c0b4af..878c8d19 100644 --- a/signals/go.sum +++ b/signals/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/signals/vendor/github.com/palantir/pkg/.bulldozer.yml b/signals/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/signals/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/signals/vendor/github.com/palantir/pkg/.policy.yml b/signals/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/signals/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/signals/vendor/github.com/palantir/pkg/godelw b/signals/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/signals/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/signals/vendor/modules.txt b/signals/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/signals/vendor/modules.txt +++ b/signals/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/specdir/go.mod b/specdir/go.mod index 82a0e60d..fe462279 100644 --- a/specdir/go.mod +++ b/specdir/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/specdir go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/specdir/go.sum b/specdir/go.sum index f3c0b4af..878c8d19 100644 --- a/specdir/go.sum +++ b/specdir/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/specdir/vendor/github.com/palantir/pkg/.bulldozer.yml b/specdir/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/specdir/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/specdir/vendor/github.com/palantir/pkg/.policy.yml b/specdir/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/specdir/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/specdir/vendor/github.com/palantir/pkg/godelw b/specdir/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/specdir/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/specdir/vendor/modules.txt b/specdir/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/specdir/vendor/modules.txt +++ b/specdir/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/tableprinter/go.mod b/tableprinter/go.mod index 708d9099..4634ee59 100644 --- a/tableprinter/go.mod +++ b/tableprinter/go.mod @@ -2,4 +2,4 @@ module github.com/palantir/pkg/tableprinter go 1.19 -require github.com/palantir/pkg v1.0.1 +require github.com/palantir/pkg v1.1.0 diff --git a/tableprinter/go.sum b/tableprinter/go.sum index a1aef2df..10a880b4 100644 --- a/tableprinter/go.sum +++ b/tableprinter/go.sum @@ -1,2 +1,2 @@ -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= diff --git a/tableprinter/vendor/github.com/palantir/pkg/.bulldozer.yml b/tableprinter/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/tableprinter/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/tableprinter/vendor/github.com/palantir/pkg/.policy.yml b/tableprinter/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/tableprinter/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/tableprinter/vendor/github.com/palantir/pkg/godelw b/tableprinter/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/tableprinter/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/tableprinter/vendor/modules.txt b/tableprinter/vendor/modules.txt index 323a2f67..e4201111 100644 --- a/tableprinter/vendor/modules.txt +++ b/tableprinter/vendor/modules.txt @@ -1,3 +1,3 @@ -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg diff --git a/tlsconfig/go.mod b/tlsconfig/go.mod index dcc244e4..7160e83c 100644 --- a/tlsconfig/go.mod +++ b/tlsconfig/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/tlsconfig go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/tlsconfig/go.sum b/tlsconfig/go.sum index f3c0b4af..878c8d19 100644 --- a/tlsconfig/go.sum +++ b/tlsconfig/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/tlsconfig/vendor/github.com/palantir/pkg/.bulldozer.yml b/tlsconfig/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/tlsconfig/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/tlsconfig/vendor/github.com/palantir/pkg/.policy.yml b/tlsconfig/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/tlsconfig/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/tlsconfig/vendor/github.com/palantir/pkg/godelw b/tlsconfig/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/tlsconfig/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/tlsconfig/vendor/modules.txt b/tlsconfig/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/tlsconfig/vendor/modules.txt +++ b/tlsconfig/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/transform/go.mod b/transform/go.mod index 47887e35..35575f01 100644 --- a/transform/go.mod +++ b/transform/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/transform go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/transform/go.sum b/transform/go.sum index f3c0b4af..878c8d19 100644 --- a/transform/go.sum +++ b/transform/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/transform/vendor/github.com/palantir/pkg/.bulldozer.yml b/transform/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/transform/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/transform/vendor/github.com/palantir/pkg/.policy.yml b/transform/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/transform/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/transform/vendor/github.com/palantir/pkg/godelw b/transform/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/transform/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/transform/vendor/modules.txt b/transform/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/transform/vendor/modules.txt +++ b/transform/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/typenames/go.mod b/typenames/go.mod index 2b5bf3a1..e02ff4a1 100644 --- a/typenames/go.mod +++ b/typenames/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/typenames go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/typenames/go.sum b/typenames/go.sum index f3c0b4af..878c8d19 100644 --- a/typenames/go.sum +++ b/typenames/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/typenames/vendor/github.com/palantir/pkg/.bulldozer.yml b/typenames/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/typenames/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/typenames/vendor/github.com/palantir/pkg/.policy.yml b/typenames/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/typenames/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/typenames/vendor/github.com/palantir/pkg/godelw b/typenames/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/typenames/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/typenames/vendor/modules.txt b/typenames/vendor/modules.txt index 614a3c45..3cdb3851 100644 --- a/typenames/vendor/modules.txt +++ b/typenames/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/uuid/go.mod b/uuid/go.mod index aea09e36..3f71ee22 100644 --- a/uuid/go.mod +++ b/uuid/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/uuid go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/stretchr/testify v1.8.0 ) diff --git a/uuid/go.sum b/uuid/go.sum index f3c0b4af..878c8d19 100644 --- a/uuid/go.sum +++ b/uuid/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= diff --git a/uuid/vendor/github.com/palantir/pkg/.bulldozer.yml b/uuid/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/uuid/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/uuid/vendor/github.com/palantir/pkg/.policy.yml b/uuid/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/uuid/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/uuid/vendor/github.com/palantir/pkg/godelw b/uuid/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/uuid/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/uuid/vendor/modules.txt b/uuid/vendor/modules.txt index b8e6c35b..19640335 100644 --- a/uuid/vendor/modules.txt +++ b/uuid/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pmezard/go-difflib v1.0.0 ## explicit diff --git a/yamlpatch/go.mod b/yamlpatch/go.mod index 04d7ae58..55839882 100644 --- a/yamlpatch/go.mod +++ b/yamlpatch/go.mod @@ -3,7 +3,7 @@ module github.com/palantir/pkg/yamlpatch go 1.19 require ( - github.com/palantir/pkg v1.0.1 + github.com/palantir/pkg v1.1.0 github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.8.0 gopkg.in/yaml.v3 v3.0.1 diff --git a/yamlpatch/go.sum b/yamlpatch/go.sum index 749bb9c4..e564a759 100644 --- a/yamlpatch/go.sum +++ b/yamlpatch/go.sum @@ -1,8 +1,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/palantir/pkg v1.0.1 h1:ZbGUcc14N7xcZSY9cehQoiHHTm/BAZO5RJdlsNEtSbk= -github.com/palantir/pkg v1.0.1/go.mod h1:Eo6Jl0UXfT+65sLXJOcU9duu0WPvKsWFXCb0dE5VWZs= +github.com/palantir/pkg v1.1.0 h1:0EhrSUP8oeeh3MUvk7V/UU7WmsN1UiJNTvNj0sN9Cpo= +github.com/palantir/pkg v1.1.0/go.mod h1:KC9srP/9ssWRxBxFCIqhUGC4Jt7OJkWRz0Iqehup1/c= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/yamlpatch/vendor/github.com/palantir/pkg/.bulldozer.yml b/yamlpatch/vendor/github.com/palantir/pkg/.bulldozer.yml new file mode 100644 index 00000000..b62e82ba --- /dev/null +++ b/yamlpatch/vendor/github.com/palantir/pkg/.bulldozer.yml @@ -0,0 +1,17 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +version: 1 +merge: + trigger: + labels: ["merge when ready"] + ignore: + labels: ["do not merge"] + method: squash + options: + squash: + body: pull_request_body + message_delimiter: ==COMMIT_MSG== + delete_after_merge: true +update: + trigger: + labels: ["update me"] diff --git a/yamlpatch/vendor/github.com/palantir/pkg/.policy.yml b/yamlpatch/vendor/github.com/palantir/pkg/.policy.yml new file mode 100644 index 00000000..a436f8b9 --- /dev/null +++ b/yamlpatch/vendor/github.com/palantir/pkg/.policy.yml @@ -0,0 +1,113 @@ +# Excavator auto-updates this file. Please contribute improvements to the central template. + +policy: + approval: + - or: + - one admin has approved (PR contributors not allowed) + - two admins have approved + - changelog only and contributor approval + - fixing excavator + - excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + - excavator only touched config files + - bots updated package.json and lock files + disapproval: + requires: + organizations: [ "palantir" ] + +approval_rules: + - name: one admin has approved (PR contributors not allowed) + options: + allow_contributor: false + requires: + count: 1 + admins: true + + - name: two admins have approved + options: + allow_contributor: true + requires: + count: 2 + admins: true + + - name: changelog only and contributor approval + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + only_changed_files: + paths: + - "changelog/@unreleased/.*\\.yml" + + - name: fixing excavator + options: + allow_contributor: true + requires: + count: 1 + admins: true + if: + has_author_in: + users: [ "svc-excavator-bot" ] + + - name: excavator only touched baseline, circle, gradle files, godel files, generated code, go dependencies, docker-compose-rule config or versions.props + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + # product-dependencies.lock should never go here, to force review of all product (SLS) dependency changes + # this way excavator cannot change the deployability of a service or product via auto-merge + paths: + - "changelog/@unreleased/.*\\.yml" + - "^\\.baseline/.*$" + - "^\\.circleci/.*$" + - "^\\.docker-compose-rule\\.yml$" + - "^.*gradle$" + - "^\\.palantir/go-version$" + - "^gradle/wrapper/.*" + - "^gradlew$" + - "^gradlew.bat$" + - "^gradle.properties$" + - "^settings.gradle$" + - "^.*go.mod$" + - "^.*go.sum$" + - "^.*godelw$" + - "^.*godel/config/godel.properties$" + - "^.*godel/config/godel.yml$" + - "^.*vendor/.*$" + - "^versions.props$" + - "^versions.lock$" + - "^internal/generated/.*" + - "^internal/generated_src/.*" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: excavator only touched config files + requires: + count: 0 + if: + has_author_in: + users: [ "svc-excavator-bot" ] + only_changed_files: + paths: + - "^\\..*.yml$" + - "^\\.github/.*$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] + + - name: bots updated package.json and lock files + requires: + count: 0 + if: + has_author_in: + users: + - "svc-excavator-bot" + - "dependabot[bot]" + only_changed_files: + paths: + - "^.*yarn.lock$" + - "^.*package.json$" + has_valid_signatures_by_keys: + key_ids: ["C9AF124A484882E0"] diff --git a/yamlpatch/vendor/github.com/palantir/pkg/godelw b/yamlpatch/vendor/github.com/palantir/pkg/godelw deleted file mode 100644 index 22d9f7f2..00000000 --- a/yamlpatch/vendor/github.com/palantir/pkg/godelw +++ /dev/null @@ -1,230 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -# Version and checksums for godel. Values are populated by the godel "dist" task. -VERSION=2.17.0 -DARWIN_CHECKSUM=d6294049b7edc3795d1d5517583f20c087422a8b8b52e8cbcc39ce2b575427ff -LINUX_CHECKSUM=23bca1ce55bd321686e06e0b6959ad8160ef1dfa9fe0a68a515e65d19401094d - -# Downloads file at URL to destination path using wget or curl. Prints an error and exits if wget or curl is not present. -function download { - local url=$1 - local dst=$2 - - # determine whether wget, curl or both are present - set +e - command -v wget >/dev/null 2>&1 - local wget_exists=$? - command -v curl >/dev/null 2>&1 - local curl_exists=$? - set -e - - # if one of wget or curl is not present, exit with error - if [ "$wget_exists" -ne 0 -a "$curl_exists" -ne 0 ]; then - echo "wget or curl must be present to download distribution. Install one of these programs and try again or install the distribution manually." - exit 1 - fi - - if [ "$wget_exists" -eq 0 ]; then - # attempt download using wget - echo "Downloading $url to $dst..." - local progress_opt="" - if wget --help | grep -q '\--show-progress'; then - progress_opt="-q --show-progress" - fi - set +e - wget -O "$dst" $progress_opt "$url" - rv=$? - set -e - if [ "$rv" -eq 0 ]; then - # success - return - fi - - echo "Download failed using command: wget -O $dst $progress_opt $url" - - # curl does not exist, so nothing more to try: exit - if [ "$curl_exists" -ne 0 ]; then - echo "Download failed using wget and curl was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - exit 1 - fi - # curl exists, notify that download will be attempted using curl - echo "Attempting download using curl..." - fi - - # attempt download using curl - echo "Downloading $url to $dst..." - set +e - curl -f -L -o "$dst" "$url" - rv=$? - set -e - if [ "$rv" -ne 0 ]; then - echo "Download failed using command: curl -f -L -o $dst $url" - if [ "$wget_exists" -eq 0 ]; then - echo "Download failed using wget and curl. Verify that the distribution URL is correct and try again or install the distribution manually." - else - echo "Download failed using curl and wget was not found. Verify that the distribution URL is correct and try again or install the distribution manually." - fi - exit 1 - fi -} - -# verifies that the provided checksum matches the computed SHA-256 checksum of the specified file. If not, echoes an -# error and exits. -function verify_checksum { - local file=$1 - local expected_checksum=$2 - local computed_checksum=$(compute_sha256 $file) - if [ "$expected_checksum" != "$computed_checksum" ]; then - echo "SHA-256 checksum for $file did not match expected value." - echo "Expected: $expected_checksum" - echo "Actual: $computed_checksum" - exit 1 - fi -} - -# computes the SHA-256 hash of the provided file. Uses openssl, shasum or sha1sum program. -function compute_sha256 { - local file=$1 - if command -v openssl >/dev/null 2>&1; then - # print SHA-256 hash using openssl - openssl dgst -sha256 "$file" | sed -E 's/SHA256\(.*\)= //' - elif command -v shasum >/dev/null 2>&1; then - # Darwin systems ship with "shasum" utility - shasum -a 256 "$file" | sed -E 's/[[:space:]]+.+//' - elif command -v sha256sum >/dev/null 2>&1; then - # Most Linux systems ship with sha256sum utility - sha256sum "$file" | sed -E 's/[[:space:]]+.+//' - else - echo "Could not find program to calculate SHA-256 checksum for file" - exit 1 - fi -} - -# Verifies that the tgz file at the provided path contains the paths/files that would be expected in a valid gödel -# distribution with the provided version. -function verify_dist_tgz_valid { - local tgz_path=$1 - local version=$2 - - local expected_paths=("godel-$version/" "godel-$version/bin/darwin-amd64/godel" "godel-$version/bin/linux-amd64/godel" "godel-$version/wrapper/godelw" "godel-$version/wrapper/godel/config/") - local files=($(tar -tf "$tgz_path")) - - # this is a double-for loop, but fine since $expected_paths is small and bash doesn't have good primitives for set/map/list manipulation - for curr_line in "${files[@]}"; do - # if all expected paths have been found, terminate - if [[ ${#expected_paths[*]} == 0 ]]; then - break - fi - - # check for expected path and splice out if match is found - idx=0 - for curr_expected in "${expected_paths[@]}"; do - if [ "$curr_expected" = "$curr_line" ]; then - expected_paths=(${expected_paths[@]:0:idx} ${expected_paths[@]:$(($idx + 1))}) - break - fi - idx=$idx+1 - done - done - - # if any expected paths still remain, raise error and exit - if [[ ${#expected_paths[*]} > 0 ]]; then - echo "Required paths were not present in $tgz_path: ${expected_paths[@]}" - exit 1 - fi -} - -# Verifies that the gödel binary in the distribution reports the expected version when called with the "version" -# argument. Assumes that a valid gödel distribution directory for the given version exists in the provided directory. -function verify_godel_version { - local base_dir=$1 - local version=$2 - local os=$3 - - local expected_output="godel version $version" - local version_output=$($base_dir/godel-$version/bin/$os-amd64/godel version) - - if [ "$expected_output" != "$version_output" ]; then - echo "Version reported by godel executable did not match expected version: expected \"$expected_output\", was \"$version_output\"" - exit 1 - fi -} - -# directory of godelw script -SCRIPT_HOME=$(cd "$(dirname "$0")" && pwd) - -# use $GODEL_HOME or default value -GODEL_BASE_DIR=${GODEL_HOME:-$HOME/.godel} - -# determine OS -OS="" -EXPECTED_CHECKSUM="" -case "$(uname)" in - Darwin*) - OS=darwin - EXPECTED_CHECKSUM=$DARWIN_CHECKSUM - ;; - Linux*) - OS=linux - EXPECTED_CHECKSUM=$LINUX_CHECKSUM - ;; - *) - echo "Unsupported operating system: $(uname)" - exit 1 - ;; -esac - -# path to godel binary -CMD=$GODEL_BASE_DIR/dists/godel-$VERSION/bin/$OS-amd64/godel - -# godel binary is not present -- download distribution -if [ ! -f "$CMD" ]; then - # get download URL - PROPERTIES_FILE=$SCRIPT_HOME/godel/config/godel.properties - if [ ! -f "$PROPERTIES_FILE" ]; then - echo "Properties file must exist at $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_URL=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionURL=//p") - if [ -z "$DOWNLOAD_URL" ]; then - echo "Value for property \"distributionURL\" was empty in $PROPERTIES_FILE" - exit 1 - fi - DOWNLOAD_CHECKSUM=$(cat "$PROPERTIES_FILE" | sed -E -n "s/^distributionSHA256=//p") - - # create downloads directory if it does not already exist - mkdir -p "$GODEL_BASE_DIR/downloads" - - # download tgz and verify its contents - DOWNLOAD_DST=$GODEL_BASE_DIR/downloads/godel-$VERSION.tgz - download "$DOWNLOAD_URL" "$DOWNLOAD_DST" - if [ -n "$DOWNLOAD_CHECKSUM" ]; then - verify_checksum "$DOWNLOAD_DST" "$DOWNLOAD_CHECKSUM" - fi - verify_dist_tgz_valid "$DOWNLOAD_DST" "$VERSION" - - # create temporary directory for unarchiving, unarchive downloaded file and verify directory - TMP_DIST_DIR=$(mktemp -d "$GODEL_BASE_DIR/tmp_XXXXXX" 2>/dev/null || mktemp -d -t "$GODEL_BASE_DIR/tmp_XXXXXX") - trap 'rm -rf "$TMP_DIST_DIR"' EXIT - tar zxvf "$DOWNLOAD_DST" -C "$TMP_DIST_DIR" >/dev/null 2>&1 - verify_godel_version "$TMP_DIST_DIR" "$VERSION" "$OS" - - # if destination directory for distribution already exists, remove it - if [ -d "$GODEL_BASE_DIR/dists/godel-$VERSION" ]; then - rm -rf "$GODEL_BASE_DIR/dists/godel-$VERSION" - fi - - # ensure that parent directory of destination exists - mkdir -p "$GODEL_BASE_DIR/dists" - - # move expanded distribution directory to destination location. The location of the unarchived directory is known to - # be in the same directory tree as the destination, so "mv" should always work. - mv "$TMP_DIST_DIR/godel-$VERSION" "$GODEL_BASE_DIR/dists/godel-$VERSION" -fi - -verify_checksum "$CMD" "$EXPECTED_CHECKSUM" - -# execute command -$CMD --wrapper "$SCRIPT_HOME/$(basename "$0")" "$@" diff --git a/yamlpatch/vendor/modules.txt b/yamlpatch/vendor/modules.txt index 2b20ba47..7aea3ab0 100644 --- a/yamlpatch/vendor/modules.txt +++ b/yamlpatch/vendor/modules.txt @@ -1,8 +1,8 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/palantir/pkg v1.0.1 -## explicit; go 1.13 +# github.com/palantir/pkg v1.1.0 +## explicit; go 1.19 github.com/palantir/pkg # github.com/pkg/errors v0.9.1 ## explicit