ci: format Go code by autofix.ci

[suzuki-shunsuke]

what

Format Go code using gofumpt and go mod tidy by autofix.ci.

why

Test

To test autofix.ci, I pushed changes to be fixed. e7b4ab1
Then files were fixed automatically via autofix.ci successfully. 284cdcc

references

• Closes Fix pull requests automatically by autofix.ci #986
• Closes style: format code by gofumpt #982

Note

I can't see the branch protection rule (branch ruleset) of this repository, but the job autofix should be added to required checks if it's configured.

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Introduced an automated workflow for Go code formatting and dependency management.
  • Added Aqua CLI version manager configuration.
  • Implemented checksum verification for enhanced security.

• Chores

  • Removed tidy job from test workflow.
  • Added gofumpt package for code formatting.

• Infrastructure

  • Created new GitHub Actions workflow for autofix and code quality.
  • Introduced checksum management for Go tools.
  • Added a new checksum file for integrity verification of Go tools.

[mergify]

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

[suzuki-shunsuke]

I can't see the branch protection rule (branch ruleset) of this repository, but the job autofix should be added to required checks if it's configured.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces an automated workflow for Go code maintenance using GitHub Actions and the autofix.ci tool. The changes include creating a new autofix.yml workflow that automatically formats Go files using gofumpt, tidies Go modules, and applies additional fixes. The configuration leverages Aqua for package management and integrates with the autofix.ci GitHub App to securely apply changes to pull requests.

Changes

File	Change Summary
.github/workflows/autofix.yml	New workflow file added to automate Go code formatting and dependency management
.github/workflows/test.yml	Removed tidy job for Go module management
aqua/aqua.yaml	New Aqua configuration file with checksum verification and registry settings
aqua/imports/gofumpt.yaml	Added mvdan/[email protected] package configuration
aqua/aqua-checksums.json	New file containing checksums for gofumpt tool releases

Assessment against linked issues

Objective	Addressed	Explanation
Install GitHub App autofix.ci	✅
Add GitHub Actions Workflow	✅
Format Go code with gofumpt	✅
Tidy Go modules	❌	The workflow does not include a step to run go mod tidy directly, relying on the new autofix.ci workflow instead.

Possibly related PRs

• Add Windows & macOS Acceptance Tests #875: Relates to Go module management in CI workflows

Suggested Labels

patch, minor

Suggested Reviewers

• osterman
• aknysh

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or @auto-summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @auto-title anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

.github/workflows/autofix.yml (1)

25-37: Consider error handling for the file change detection.

While the implementation is solid, we could enhance error handling for the file detection step.

Consider adding error checking:

       - run: |
+          if [ -z "$ALL_CHANGED_FILES" ]; then
+            echo "No files were detected. This might indicate an issue with the changed-files action."
+            exit 1
+          fi
           # shellcheck disable=SC2086
           gofumpt -l -w $ALL_CHANGED_FILES

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 75d6c46 and 284cdcc.

📒 Files selected for processing (4)

• .github/workflows/autofix.yml (1 hunks)
• .github/workflows/test.yml (0 hunks)
• aqua/aqua.yaml (1 hunks)
• aqua/imports/gofumpt.yaml (1 hunks)

💤 Files with no reviewable changes (1)

• .github/workflows/test.yml

✅ Files skipped from review due to trivial changes (1)

• aqua/imports/gofumpt.yaml

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Build (windows-latest, windows)
• GitHub Check: Summary

🔇 Additional comments (5)

aqua/aqua.yaml (2)

13-14: LGTM! Modular configuration approach.

Using imports/*.yaml is a clean way to organize package configurations. This makes maintenance easier and allows for better organization of different tool configurations.

---

10-12: Verify registry version compatibility.

The standard registry is pinned to v4.302.1, which is good for stability. However, let's verify this version's compatibility with the Aqua version (v2.43.0) specified in the workflow.

✅ Verification successful

Registry version v4.302.1 is compatible with Aqua v2.43.0 💪

The standard registry version is stable and maintains backward compatibility. The combination of Aqua v2.43.0 and registry v4.302.1 is safe to use.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check compatibility between Aqua and registry versions

# Fetch registry releases to verify version existence
curl -s "https://api.github.com/repos/aquaproj/aqua-registry/releases" | \
  jq -r '.[] | select(.tag_name=="v4.302.1") | .tag_name'

# Check if this registry version is mentioned in Aqua's compatibility docs
curl -s "https://raw.githubusercontent.com/aquaproj/aqua/v2.43.0/docs/reference/registry-versions.md" | \
  grep -A 5 -B 5 "v4.302.1"

Length of output: 265

---

Script:

#!/bin/bash
# Check Aqua's release notes and documentation for compatibility information
echo "=== Checking Aqua v2.43.0 release notes ==="
curl -s "https://api.github.com/repos/aquaproj/aqua/releases/tags/v2.43.0" | jq -r '.body'

echo -e "\n=== Checking main documentation for version compatibility ==="
curl -s "https://raw.githubusercontent.com/aquaproj/aqua/v2.43.0/README.md" | grep -A 5 -B 5 "registry.*version"

echo -e "\n=== Checking docs directory for version information ==="
curl -s "https://api.github.com/repos/aquaproj/aqua/contents/docs?ref=v2.43.0" | jq -r '.[].name' | grep -i version

Length of output: 2501

---

Script:

#!/bin/bash
# Check registry documentation for version requirements
echo "=== Checking Registry Documentation ==="
curl -s "https://raw.githubusercontent.com/aquaproj/aqua-registry/v4.302.1/README.md" | grep -A 5 -B 5 "version"

echo -e "\n=== Checking Registry Release Notes ==="
curl -s "https://api.github.com/repos/aquaproj/aqua-registry/releases/tags/v4.302.1" | jq -r '.body'

Length of output: 979

.github/workflows/autofix.yml (3)

2-4: LGTM! Correct workflow name and secure permissions.

The workflow name "autofix.ci" is correct as required by autofix.ci. Empty permissions object is a good security practice, following the principle of least privilege.

---

11-13: LGTM! Secure checkout configuration.

Using persist-credentials: false is a good security practice as it prevents any potential token exposure in subsequent steps.

---

33-34: Verify shellcheck disable necessity.

The shellcheck disable comment suggests word splitting is intended. Let's verify if this is necessary or if we can handle the files list more safely.

✅ Verification successful

Shellcheck disable is correctly used here

The SC2086 disable is necessary and appropriate in this case. The word splitting is intentionally needed to pass the space-separated list of files from the GitHub Action output as individual arguments to gofumpt. This is the most efficient way to handle multiple file formatting in this context.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if word splitting is actually needed for gofumpt

# Search for gofumpt usage patterns in the codebase
rg -A 5 'gofumpt.*-l.*-w' .

# Check gofumpt documentation for file handling
curl -s "https://pkg.go.dev/mvdan.cc/gofumpt" | grep -A 5 -B 5 "command line"

Length of output: 107

---

Script:

#!/bin/bash
# Check the complete workflow file and find ALL_CHANGED_FILES definition
cat .github/workflows/autofix.yml

# Look for similar patterns in other workflow files
fd -e yml -e yaml . .github/workflows/ --exec cat {}

Length of output: 36089

---

Script:

#!/bin/bash
# Check gofumpt help to verify multiple files handling
curl -s https://raw.githubusercontent.com/mvdan/gofumpt/master/README.md | grep -A 5 "Usage:"

# Also try installing and checking directly
go install mvdan.cc/gofumpt@latest
gofumpt --help

Length of output: 559

[suzuki-shunsuke]

🤔

https://github.com/cloudposse/atmos/actions/runs/13062330404/job/36447972019?pr=991

Run make build-windows
.build-harness:1: *** multiple target patterns.  Stop.
Error: Process completed with exit code 1.

[osterman]

Run make build-windows
.build-harness:1: *** multiple target patterns.  Stop.
Error: Process completed with exit code 1.

Ugh, something we've seen start happening in the past day. Let me see what we can do as it's failing other builds. It relates to how the build-harness is bootstrapped. Our plan is to deprecated is very soon.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

.github/workflows/autofix.yml (4)

10-10: Consider using a stable Ubuntu version.

Ubuntu 24.04 is currently in development and might be unstable. Consider using ubuntu-22.04 which is the current LTS version.

-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04

---

21-22: Add verification after updating aqua-checksums.json.

Consider verifying the integrity of the updated checksums file.

       - name: Update aqua-checksums.json
-        run: aqua upc -prune
+        run: |
+          aqua upc -prune
+          aqua verify

---

28-28: Verify go.mod changes after running tidy.

Consider verifying that no unexpected changes were made to go.mod and go.sum.

-      - run: go mod tidy
+      - name: Tidy and verify go modules
+        run: |
+          go mod tidy
+          git diff --exit-code go.mod go.sum || (echo "go.mod or go.sum changed unexpectedly" && exit 1)

---

38-41: Improve error handling in the formatting step.

Consider adding error checking and removing the shellcheck disable:

       - run: |
-          # shellcheck disable=SC2086
-          gofumpt -l -w $ALL_CHANGED_FILES
+          if [ -n "$ALL_CHANGED_FILES" ]; then
+            echo "Formatting files: $ALL_CHANGED_FILES"
+            for file in $ALL_CHANGED_FILES; do
+              gofumpt -l -w "$file" || exit 1
+            done
+          fi

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d98bf94 and 97f6700.

📒 Files selected for processing (1)

• .github/workflows/autofix.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/autofix.yml

[error] 3-3: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Build (windows-latest, windows)
• GitHub Check: Build (ubuntu-latest, linux)
• GitHub Check: Analyze (go)
• GitHub Check: Summary

🔇 Additional comments (3)

.github/workflows/autofix.yml (3)

1-7: LGTM! Workflow configuration follows best practices.

The workflow name is correctly set as "autofix.ci" as required by autofix.ci, and the permissions follow the principle of least privilege.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 3-3: trailing spaces

(trailing-spaces)

---

14-16: LGTM! Secure checkout configuration.

The checkout action uses a pinned SHA and disables credential persistence, following security best practices.

---

45-45: LGTM! Secure autofix configuration.

The autofix action uses a pinned SHA, following security best practices.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

.github/workflows/autofix.yml (5)

7-7: Consider documenting the security implications of empty permissions.

An empty permissions block (permissions: {}) effectively removes all permissions. While this is a good security practice, consider adding a comment explaining this choice to help future maintainers understand the security model.

+# Explicitly remove all permissions for security
 permissions: {}

---

12-12: Document the timeout rationale.

The 15-minute timeout is reasonable for this workflow, but consider documenting why this specific duration was chosen to help future maintainers understand if adjustments are needed.

+# 15 minutes should be sufficient for formatting and tidying operations
 timeout-minutes: 15

---

28-28: Consider adding error handling for go mod tidy.

While go mod tidy is straightforward, it's good practice to handle potential errors and provide clear feedback.

-run: go mod tidy
+run: |
+  if ! go mod tidy; then
+    echo "::error::Failed to tidy Go modules"
+    exit 1
+  fi

---

44-44: Remove trailing whitespace.

There's unnecessary trailing whitespace on this line.

-        
+

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 44-44: trailing spaces

(trailing-spaces)

---

41-43: Add error handling for gofumpt.

Consider adding error handling to catch and report formatting failures clearly.

 run: |
   # shellcheck disable=SC2086
-  gofumpt -l -w $ALL_CHANGED_FILES
+  if ! gofumpt -l -w $ALL_CHANGED_FILES; then
+    echo "::error::Failed to format Go files"
+    exit 1
+  fi

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 97f6700 and e85b919.

📒 Files selected for processing (1)

• .github/workflows/autofix.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/autofix.yml

[error] 3-3: trailing spaces

(trailing-spaces)

---

[error] 44-44: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Build (windows-latest, windows)
• GitHub Check: Build (ubuntu-latest, linux)
• GitHub Check: Analyze (go)
• GitHub Check: Summary

🔇 Additional comments (3)

.github/workflows/autofix.yml (3)

14-16: Well done on security configuration!

Excellent security practices:

• Using a pinned version of actions/checkout
• Explicitly disabling credential persistence

---

17-22: Solid Aqua setup configuration!

Great practices:

• Pinned installer version
• Explicit Aqua version specification
• Checksum verification step

---

46-46: Good use of pinned action version!

Using a pinned version of autofix-ci/action ensures reproducible builds.

[github-actions]

These changes were released in v1.158.0.