ci: improve ci and builds

.github/workflows/build.yml

@@ -1,6 +1,14 @@
 ---
 name: build
 
+permissions:
+  # Required: allow read access to the content for analysis.
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  pull-requests: read
+  # Optional: Allow write access to checks to allow the action to annotate code in the PR.
+  checks: write
+
 on:
   push:
     branches:
@@ -36,42 +44,58 @@ jobs:
   build:
     runs-on: ubuntu-22.04
     steps:
+
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/[email protected]
+
       - name: Install go
         uses: actions/[email protected]
         with:
           go-version-file: go.mod
+
       - name: Ensure go.mod is already tidied
         run: go mod tidy && git diff --no-patch --exit-code
+
       - name: Run linters
         uses: golangci/[email protected]
         with:
           # renovate: depName=golangci/golangci-lint datasource=github-releases
           version: v1.57.2
           args: --timeout=10m0s
           install-mode: goinstall
+
       - name: Build with Goreleaser
         if: ${{ always() }}
         uses: goreleaser/[email protected]
         with:
           # renovate: depName=goreleaser/goreleaser datasource=github-releases
           version: v1.25.1
           args: build --snapshot --clean --single-target
+
   test:
     runs-on: ubuntu-22.04
     steps:
+
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/[email protected]
+
       - name: Install go
         uses: actions/[email protected]
         with:
           go-version-file: go.mod
-      - name: Install richgo
-        # renovate: depName=kyoh86/richgo
-        run: go install github.com/kyoh86/[email protected]
-      - name: Install helm
-        run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+      - name: Set up gotestfmt
+        uses: gotesttools/[email protected]
+        with:
+          # Optional: pass GITHUB_TOKEN to avoid rate limiting.
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install Helm
+        uses: azure/[email protected]
+        with:
+          # renovate: depName=cilium/cilium-cli datasource=github-releases
+          version: v3.14.4
+
       - name: Install cilium-cli
         env:
           # renovate: depName=cilium/cilium-cli datasource=github-releases
@@ -88,15 +112,19 @@ jobs:
           # renovate: depName=kubernetes-sigs/kind datasource=github-releases
           version: v0.22.0
           config: test/kind-config.yaml
+
       - name: kind-1 - Create metallb-system namespace
         run: kubectl create namespace metallb-system --dry-run=client -oyaml | kubectl apply -f -
+
       - name: kind-1 - Install allow-all network policies on system namespaces
         run: |
           kubectl -n kube-system apply -f test/netpol-allow-all.yaml
           kubectl -n local-path-storage apply -f test/netpol-allow-all.yaml
           kubectl -n metallb-system apply -f test/netpol-allow-all.yaml
+
       - name: kind-1 - Install Cilium with default-deny policy
         run: cilium install --set policyEnforcementMode=always
+
       - name: kind-1 - Install MetalLB
         env:
           # renovate: depName=metallb datasource=helm registryUrl=https://charts.bitnami.com/bitnami
@@ -141,16 +169,19 @@ jobs:
           # renovate: depName=kubernetes-sigs/kind datasource=github-releases
           version: v0.22.0
           config: test/kind-config.yaml
+
       - name: kind-2 - Install allow-all network policies on system namespaces
         env:
           KUBECONFIG: /home/runner/.kube/kind-2.yaml
         run: |
           kubectl -n kube-system apply -f test/netpol-allow-all.yaml
           kubectl -n local-path-storage apply -f test/netpol-allow-all.yaml
+
       - name: kind-2 - Install Cilium with default-deny policy
         env:
           KUBECONFIG: /home/runner/.kube/kind-2.yaml
         run: cilium install --set policyEnforcementMode=always
+
       - name: kind-2 - Wait for all pods in the cluster to be ready
         env:
           KUBECONFIG: /home/runner/.kube/kind-2.yaml
@@ -163,10 +194,24 @@ jobs:
 
       - name: Run tests
         env:
-          RICHGO_FORCE_COLOR: "1"
           PVMIG_TEST_EXTRA_KUBECONFIG: /home/runner/.kube/kind-2.yaml
-        run: richgo test -tags integration -race -coverpkg=./... -coverprofile=coverage.txt -covermode=atomic -timeout 20m -v ./...
+        run: |
+          set -euo pipefail
+          go test -json -v -tags integration -race -coverpkg=./... \
+            -coverprofile=coverage.txt -covermode=atomic -timeout 20m -v ./... 2>&1 \
+            | tee /tmp/gotest.log \
+            | gotestfmt
+
       - name: Send coverage
         uses: codecov/[email protected]
         with:
           files: coverage.txt
+
+      # Upload the original test log to the artifacts
+      - name: Upload test log
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-log
+          path: /tmp/gotest.log
+          if-no-files-found: error

.github/workflows/release.yml

@@ -10,21 +10,25 @@ jobs:
   release:
     runs-on: ubuntu-22.04
     steps:
+
       - name: Checkout
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/[email protected].1
         with:
           # to be able to generate the full changelog:
           # https://github.com/goreleaser/goreleaser-action/issues/56#issuecomment-568718162
           fetch-depth: 0
+
       - name: Setup Go
         uses: actions/[email protected]
         with:
           go-version-file: go.mod
+
       - name: Login to DockerHub
         uses: docker/[email protected]
         with:
           username: utkuozdemir
           password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: GoReleaser
         uses: goreleaser/[email protected]
         with:
@@ -34,5 +38,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PRIVATE_ACCESS_TOKEN: ${{ secrets.PRIVATE_ACCESS_TOKEN }}
+
       - name: Update new version in krew-index
         uses: rajatjindal/[email protected]

.goreleaser.yml

@@ -30,7 +30,6 @@ builds:
 
 archives:
   - id: pv-migrate-archive
-    rlcp: true
     # default name template except we use .Tag instead of .Version to keep the "v" prefix
     name_template: >-
       {{ .ProjectName }}_
@@ -107,14 +106,14 @@ docker_manifests:
 #  disable: true
 
 brews:
-  - tap:
+  - repository:
       owner: utkuozdemir
       name: homebrew-pv-migrate
       token: "{{ .Env.PRIVATE_ACCESS_TOKEN }}"
     commit_author:
       name: Utku Ozdemir
       email: [email protected]
-    folder: Formula
+    directory: Formula
     goarm: "7"
     homepage: https://github.com/utkuozdemir/pv-migrate
     description: Persistent volume migration plugin for Kubernetes
@@ -128,7 +127,7 @@ brews:
       fish_completion.install "completions/pv-migrate.fish"
 
 scoops:
-  - bucket:
+  - repository:
       owner: utkuozdemir
       name: scoop-pv-migrate
       token: "{{ .Env.PRIVATE_ACCESS_TOKEN }}"

Taskfile.yml

@@ -1,6 +1,15 @@
 version: "3"
 
 tasks:
+  install-tools:
+    desc: install tools
+    cmds:
+      - go install mvdan.cc/gofumpt@latest
+      - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+      - go install github.com/goreleaser/goreleaser@latest
+      - go install github.com/daixiang0/gci@latest
+      - go install github.com/caarlos0/svu@latest
+
   fmt:
     desc: format code
     vars:
@@ -17,6 +26,7 @@ tasks:
     cmds:
       - golangci-lint run ./...
       - helm lint helm/pv-migrate
+      - goreleaser check
 
   clean:
     desc: clean