From 09f8527a906912cee82ded6229bcbf5e2db97b19 Mon Sep 17 00:00:00 2001 From: devops-engineer Date: Fri, 5 Jun 2026 21:45:21 -0700 Subject: [PATCH] chore(providers): add Docker-based registry-gen make targets for toolchain-less envs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sibling of the molecule-controlplane change. core mirrors the provider registry (workspace-server/internal/providers/gen/registry_gen.go) and drift-gates it via verify-providers-gen, so the same toolchain-less gap exists here (an agent without Go can't regenerate; blocked cp#568). Extend the existing root Makefile with gen targets that cd into the workspace-server module: make gen / gen-check native (go generate ./...) make gen-docker / gen-check-docker same generator inside pinned golang:1.25 — Docker only gen-docker pins golang:1.25 to match workspace-server/go.mod; verified byte-identical to the checked-in artifact (ran both, diff clean; registry_gen.go unchanged). verify-providers-gen.yml failure messages now point at 'make gen' / 'make gen-docker'. NOTE: core's verify workflow pins setup-go go-version: 'stable' (not '1.25'); a future Go minor could reformat the artifact in CI vs a 1.25 local — flagged in the Makefile to pin CI to '1.25' in a follow-up. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/verify-providers-gen.yml | 12 ++++++-- Makefile | 35 ++++++++++++++++++++++- 2 files changed, 44 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/verify-providers-gen.yml b/.gitea/workflows/verify-providers-gen.yml index d9658269f..5da74531c 100644 --- a/.gitea/workflows/verify-providers-gen.yml +++ b/.gitea/workflows/verify-providers-gen.yml @@ -90,7 +90,13 @@ jobs: # checked-in artifact; exit 1 (RED) on any drift. This is the # single source of the gate's verdict — the same code path # `go test ./cmd/gen-providers` exercises. - go run ./cmd/gen-providers -check + if ! go run ./cmd/gen-providers -check; then + echo "::error::workspace-server/internal/providers/gen/registry_gen.go is stale (drifted from providers.yaml)." + echo "Regenerate and commit it (run from repo root):" + echo " make gen # native (needs a local Go toolchain)" + echo " make gen-docker # Docker only — no local Go needed" + exit 1 + fi - name: Belt-and-braces — regenerate in place and assert clean tree run: | @@ -101,7 +107,9 @@ jobs: go generate ./... if ! git diff --quiet -- internal/providers/gen/registry_gen.go; then echo "::error::workspace-server/internal/providers/gen/registry_gen.go drifted from providers.yaml." - echo "Run 'go generate ./...' (or 'go run ./cmd/gen-providers') in workspace-server/ and commit the result." + echo "Regenerate and commit it. No local Go? Use Docker (run from repo root):" + echo " make gen # native (needs a local Go toolchain)" + echo " make gen-docker # Docker only — no local Go needed" git --no-pager diff -- internal/providers/gen/registry_gen.go | head -80 exit 1 fi diff --git a/Makefile b/Makefile index 38b1c522c..48916a1a1 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,27 @@ # use this Makefile; CI calls docker compose / go test directly so the # Makefile can evolve without breaking the build. -.PHONY: help dev up down logs build test e2e-peer-visibility openapi-spec openapi-spec-check +.PHONY: help dev up down logs build test e2e-peer-visibility openapi-spec openapi-spec-check gen gen-docker gen-check gen-check-docker + +# ─── Provider-registry SSOT codegen (internal#718) ───────────────────── +# The Go module lives in workspace-server/. The checked-in artifact +# workspace-server/internal/providers/gen/registry_gen.go is a gofmt'd +# projection of providers.yaml, drift-gated by +# .gitea/workflows/verify-providers-gen.yml. `make gen-docker` runs the SAME +# generator inside the pinned golang image so a toolchain-less env (an agent +# without Go) can regenerate without a local Go install (core#2332 follow-up). +# +# BYTE-EQUIVALENCE: gen-docker is byte-identical to native only while +# GO_VERSION below matches the `go` directive in workspace-server/go.mod. +# NOTE: the CI verify workflow pins setup-go go-version: 'stable' (not '1.25'); +# that is a latent hazard — a future Go minor could reformat the artifact in CI +# vs a 1.25 local. Pin CI to '1.25' to close it (tracked alongside this change). +GO_VERSION ?= 1.25 +GO_IMAGE ?= golang:$(GO_VERSION) +DOCKER ?= docker +# Mount the Go module (workspace-server) read-write; Go's default -mod=readonly +# keeps go.mod/go.sum untouched — only the artifact is written in-place. +DOCKER_RUN_WS = $(DOCKER) run --rm -v "$(CURDIR)/workspace-server":/src -w /src $(GO_IMAGE) help: ## Show this help. @grep -E '^[a-zA-Z0-9_-]+:.*?## ' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-22s\033[0m %s\n", $$1, $$2}' @@ -56,3 +76,16 @@ openapi-spec: ## Regenerate OpenAPI spec from workspace-server handler annotatio openapi-spec-check: openapi-spec ## CI gate — fail if openapi-spec produces a diff vs the committed file. @git diff --exit-code -- workspace-server/docs/openapi/ \ || (echo "openapi-spec is stale — run 'make openapi-spec' and commit the result" && exit 1) + +# ─── Provider-registry codegen targets ──────────────────────────────── +gen: ## Regenerate the providers registry artifact natively (needs local Go). + cd workspace-server && go generate ./... + +gen-docker: ## Same, inside the pinned $(GO_IMAGE) — Docker only, no local Go. + $(DOCKER_RUN_WS) go generate ./... + +gen-check: ## Drift gate (native): exit 1 if the artifact is stale. + cd workspace-server && go run ./cmd/gen-providers -check + +gen-check-docker: ## Drift gate inside the pinned $(GO_IMAGE) — Docker only. + $(DOCKER_RUN_WS) go run ./cmd/gen-providers -check -- 2.52.0