Release 0.20.0

.github/workflows/container-analysis.yml

@@ -2,42 +2,43 @@ name: Container analysis
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   schedule:
-    - cron: '44 10 * * 6'
-
+    - cron: "44 10 * * 6"
 
 jobs:
   trivy:
     runs-on: ubuntu-latest
     steps:
-    - name: Run Trivy
-      uses: aquasecurity/trivy-action@0105373003c89c494a3f436bd5efc57f3ac1ca20
-      with:
-        image-ref: 'ghcr.io/helmwave/helmwave:latest'
-        format: 'template'
-        template: '@/contrib/sarif.tpl'
-        output: 'trivy-results.sarif'
-        severity: 'CRITICAL,HIGH'
+      - name: Run Trivy
+        uses: aquasecurity/trivy-action@503d3abc15463af68b817d685982721f134256a5
+        with:
+          image-ref: "ghcr.io/${{ github.repository }}:latest"
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
 
-    - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: 'trivy-results.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: "trivy-results.sarif"
 
   snyk:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
-    - name: Run Snyk
-      continue-on-error: true
-      uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-      with:
-        image: ghcr.io/helmwave/helmwave:latest
-        args: --file=Dockerfile
-    - name: Upload Snyk result to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: snyk.sarif
+      - uses: actions/checkout@v3
+
+      - name: Run Snyk
+        continue-on-error: true
+        uses: snyk/actions/docker@ff5c02a0e3adc5c52e2c9e7558edf2b46d69ac1f
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: ghcr.io/${{ github.repository }}:latest
+          args: --file=Dockerfile
+
+      - name: Upload Snyk result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif

.github/workflows/go-lint.yml

@@ -9,16 +9,15 @@ on:
 
 jobs:
   lint:
-    strategy:
-      fail-fast: false
-      matrix:
-        go-version:
-          - 1.18.x
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
       - uses: actions/checkout@v3
 
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.45.0
+          version: v1.47.2

.github/workflows/goreleaser.yml

@@ -9,15 +9,12 @@ on:
   push:
     tags: ["v*"]
 
-permissions:
-  contents: write
-  packages: write
-  issues: write
-
 jobs:
   tagger:
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request'
+    permissions:
+      contents: write
     steps:
       - name: Create tag
         id: tag
@@ -68,6 +65,9 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     if: always()
+    permissions:
+      contents: read
+      packages: write
     needs:
       - get-tag
     steps:
@@ -77,14 +77,14 @@ jobs:
           ref: ${{ needs.get-tag.outputs.tag }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USER }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -102,12 +102,32 @@ jobs:
             ${{ runner.os }}-go-
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v3
         with:
           version: latest
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.CR_PAT }}
-          # IDK
-          ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH: go1.18
+
+  trigger-notify:
+    runs-on: ubuntu-latest
+    if: always()
+    permissions:
+      actions: write
+    needs:
+      - get-tag
+    steps:
+      - name: Trigger helmwave/docs workflow
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.PAT }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              workflow_id: "notify.yml",
+              ref: process.env.GITHUB_TAG,
+            })
+        env:
+          GITHUB_TAG: ${{ needs.get-tag.outputs.tag }}

.golangci.yml

@@ -11,15 +11,19 @@ output:
 linters:
   enable-all: true
   disable:
-    - gochecknoglobals # TODO: get rid of globals
+    - exhaustivestruct # deprecated
+    - exhaustruct # it requires to initialize billions of fields, I ain't monkey to fix these
+    - gochecknoinits # we want to use `init()` functions
     - gocyclo # we use cyclop
     - godox # TODO: get rid of TODOs
     - goerr113 # need to create wrapped static errors
     - goimports # we already lint with gofumpt
     - golint # deprecated
     - gomnd # we want to keep magic numbers
     - interfacer # deprecated
+    - ireturn # sometimes we need to return interfaces
     - maligned # deprecated
+    - nonamedreturns # we do want some named returns
     - scopelint # deprecated
     - varnamelen # I don't think short names are bad
     - wsl # lots of style checks
@@ -72,15 +76,6 @@ linters-settings:
     # switch
     default-signifies-exhaustive: true
 
-  exhaustivestruct:
-    # Struct Patterns is list of expressions to match struct packages and names
-    # The struct packages have the form example.com/package.ExampleStruct
-    # The matching patterns can use matching syntax from https://pkg.go.dev/path#Match
-    # If this list is empty, all structs are tested.
-    struct-patterns:
-      - "*.Test"
-      - "example.com/package.ExampleStruct"
-
   forbidigo:
     # Forbid the following identifiers (identifiers are written using regexp):
     forbid:
@@ -121,6 +116,16 @@ linters-settings:
       - whyNoLint
       - yodaStyleExpr
 
+      # these checks fail on generics
+      # https://github.com/go-critic/go-critic/issues/1219
+      # https://github.com/go-critic/go-critic/issues/1223
+      # https://github.com/go-critic/go-critic/issues/1224
+      # https://github.com/go-critic/go-critic/issues/1242
+      - rangeValCopy
+      - typeDefFirst
+      - hugeParam
+      - paramTypeCombine
+
     settings:
       captLocal: # must be valid enabled check name
         # whether to restrict checker to params only (default true)
@@ -436,9 +441,13 @@ issues:
     - path: _test\.go
       linters:
         - dupl
+        - forcetypeassert
+        - gochecknoglobals
         - goconst
+        - godot
+        - lll
+        - revive
         - wrapcheck
-        - forcetypeassert
 
   # Independently from option `exclude` we use default exclude patterns,
   # it can be disabled by this option. To list all

.vscode/settings.json

@@ -1,3 +1,6 @@
 {
-    "go.buildTags": "integration"
+    "go.buildTags": "integration",
+    "yaml.schemas": {
+        "https://json.schemastore.org/github-workflow.json": ".github/workflows/*.yml"
+    }
 }

cmd/helmwave/completion.go

@@ -67,6 +67,7 @@ var (
 	ErrNotChose = errors.New("you did not specify a shell")
 )
 
+//nolint:forbidigo // we need to use fmt.Print
 func completion() *cli.Command {
 	return &cli.Command{
 		Name:  "completion",
@@ -82,11 +83,11 @@ func completion() *cli.Command {
 
 			switch c.Args().First() {
 			case "bash":
-				fmt.Print(bash) // nolint:forbidigo
+				fmt.Print(bash)
 
 				return nil
 			case "zsh":
-				fmt.Print(zsh) // nolint:forbidigo
+				fmt.Print(zsh)
 
 				return nil
 			default:

cmd/helmwave/main.go

@@ -11,6 +11,7 @@ import (
 	"github.com/urfave/cli/v2"
 )
 
+//nolint:gochecknoglobals // we need global list of commands
 var commands = []*cli.Command{
 	new(action.Build).Cmd(),
 	new(action.Diff).Cmd(),
@@ -91,7 +92,7 @@ func version() *cli.Command {
 		Aliases: []string{"ver"},
 		Usage:   "Show shorts version",
 		Action: func(c *cli.Context) error {
-			fmt.Println(helmwave.Version) // nolint:forbidigo
+			fmt.Println(helmwave.Version) //nolint:forbidigo // we need to use fmt.Println here
 
 			return nil
 		},