From b41d216aaa5d61142386d9e37e4b320d5c40c559 Mon Sep 17 00:00:00 2001 From: Djordje Lukic Date: Tue, 18 Aug 2020 16:10:34 +0200 Subject: [PATCH] Add import restrictions check Signed-off-by: Djordje Lukic --- .github/workflows/ci.yml | 5 ++++- Dockerfile | 8 ++++++++ Makefile | 4 ++++ builder.Makefile | 3 +++ import-restrictions.yaml | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 import-restrictions.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 90dfa8389..372f66dd7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,6 +21,9 @@ jobs: - name: Validate go-mod is up-to-date and license headers run: make validate + - name: Validate imports + run: make import-restrictions + - name: Run golangci-lint run: | curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b . v1.30.0 @@ -57,4 +60,4 @@ jobs: run: make -f builder.Makefile cli - name: E2E Test - run: make e2e-local \ No newline at end of file + run: make e2e-local diff --git a/Dockerfile b/Dockerfile index 1b938f86f..f890a1d32 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION} AS base WORKDIR /api ENV GO111MODULE=on RUN apk add --no-cache \ + git \ docker \ make \ protoc \ @@ -45,6 +46,13 @@ RUN --mount=target=. \ GIT_TAG=${GIT_TAG} \ make -f builder.Makefile lint +FROM base AS import-restrictions-base +RUN go get github.com/docker/import-restrictions + +FROM import-restrictions-base AS import-restrictions +RUN --mount=target=. \ + make -f builder.Makefile import-restrictions + FROM base AS make-cli ENV CGO_ENABLED=0 ARG TARGETOS diff --git a/Makefile b/Makefile index 85d1196fb..30d54ff84 100644 --- a/Makefile +++ b/Makefile @@ -72,6 +72,10 @@ lint: ## run linter(s) --build-arg GIT_TAG=$(GIT_TAG) \ --target lint +import-restrictions: ## run import-restrictions script + @docker build . \ + --target import-restrictions + serve: cli ## start server @./bin/docker serve --address unix:///tmp/backend.sock diff --git a/builder.Makefile b/builder.Makefile index d281f6b67..24d869968 100644 --- a/builder.Makefile +++ b/builder.Makefile @@ -56,6 +56,9 @@ test: lint: golangci-lint run --timeout 10m0s ./... +import-restrictions: + import-restrictions --configuration import-restrictions.yaml + check-license-headers: ./scripts/validate/fileheader diff --git a/import-restrictions.yaml b/import-restrictions.yaml new file mode 100644 index 000000000..d71febe23 --- /dev/null +++ b/import-restrictions.yaml @@ -0,0 +1,33 @@ +# Backends shouldn't depend on other backends or the cli +- path: ./aci + forbiddenImports: + - github.com/docker/api/cli + - github.com/docker/api/ecs + - github.com/docker/api/example + - github.com/docker/api/local + - github.com/docker/api/metrics + - github.com/docker/api/server +- path: ./ecs + forbiddenImports: + - github.com/docker/api/aci + - github.com/docker/api/cli + - github.com/docker/api/example + - github.com/docker/api/local + - github.com/docker/api/metrics + - github.com/docker/api/server +- path: ./example + forbiddenImports: + - github.com/docker/api/aci + - github.com/docker/api/cli + - github.com/docker/api/ecs + - github.com/docker/api/local + - github.com/docker/api/metrics + - github.com/docker/api/server +- path: ./local + forbiddenImports: + - github.com/docker/api/aci + - github.com/docker/api/cli + - github.com/docker/api/ecs + - github.com/docker/api/example + - github.com/docker/api/metrics + - github.com/docker/api/server