chore: add workflows to check for fmt and copywrite deltas

.github/workflows/make-gen-delta.yml

@@ -0,0 +1,42 @@
+name: "make-gen-delta"
+on:
+  - workflow_dispatch
+  - push
+  - workflow_call
+
+permissions:
+  contents: read
+
+jobs:
+  make-gen-delta:
+    name: "Check for uncommitted changes from make gen"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          fetch-depth: '0'
+      - name: Determine Go version
+        id: get-go-version
+        # We use .go-version as our source of truth for current Go
+        # version, because "goenv" can react to it automatically.
+        run: |
+          echo "Building with Go $(cat .go-version)"
+          echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT"
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: "${{ steps.get-go-version.outputs.go-version }}"
+      - name: Running go mod tidy
+        run: |
+          go mod tidy
+      - name: Install Dependencies
+        run: |
+          make tools
+      - name: Running make gen
+        run: |
+          make gen
+      - name: Check for changes
+        run: |
+          git diff --exit-code
+          git status --porcelain
+          test -z "$(git status --porcelain)"

Makefile

@@ -0,0 +1,12 @@
+# Format Go files, ignoring files marked as generated through the header defined at
+# https://pkg.go.dev/cmd/go#hdr-Generate_Go_files_by_processing_source
+.PHONY: fmt
+fmt:
+	gofumpt -w $$(find . -name '*.go')
+
+.PHONY: gen
+gen: fmt copywrite
+
+.PHONY: copywrite
+copywrite:
+	copywrite headers

jwt/docs.go

@@ -13,22 +13,22 @@ JOSE header validation provided by the the package includes the option to valida
 
 JWT signature verification is supported by providing keys from the following sources:
 
- - JSON Web Key Set (JWKS) URL
- - OIDC Discovery mechanism
- - Local public keys
+  - JSON Web Key Set (JWKS) URL
+  - OIDC Discovery mechanism
+  - Local public keys
 
 JWT signature verification supports the following asymmetric algorithms as defined in
 https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1:
 
- - RS256: RSASSA-PKCS1-v1_5 using SHA-256
- - RS384: RSASSA-PKCS1-v1_5 using SHA-384
- - RS512: RSASSA-PKCS1-v1_5 using SHA-512
- - ES256: ECDSA using P-256 and SHA-256
- - ES384: ECDSA using P-384 and SHA-384
- - ES512: ECDSA using P-521 and SHA-512
- - PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256
- - PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384
- - PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512
- - EdDSA: Ed25519 using SHA-512
+  - RS256: RSASSA-PKCS1-v1_5 using SHA-256
+  - RS384: RSASSA-PKCS1-v1_5 using SHA-384
+  - RS512: RSASSA-PKCS1-v1_5 using SHA-512
+  - ES256: ECDSA using P-256 and SHA-256
+  - ES384: ECDSA using P-384 and SHA-384
+  - ES512: ECDSA using P-521 and SHA-512
+  - PS256: RSASSA-PSS using SHA-256 and MGF1 with SHA-256
+  - PS384: RSASSA-PSS using SHA-384 and MGF1 with SHA-384
+  - PS512: RSASSA-PSS using SHA-512 and MGF1 with SHA-512
+  - EdDSA: Ed25519 using SHA-512
 */
 package jwt

jwt/keyset.go

@@ -28,7 +28,6 @@ import (
 // KeySet represents a set of keys that can be used to verify the signatures of JWTs.
 // A KeySet is expected to be backed by a set of local or remote keys.
 type KeySet interface {
-
 	// VerifySignature parses the given JWT, verifies its signature, and returns the claims in its payload.
 	// The given JWT must be of the JWS compact serialization form.
 	VerifySignature(ctx context.Context, token string) (claims map[string]interface{}, err error)

ldap/client_test.go

@@ -79,7 +79,6 @@ func TestClient_renderUserSearchFilter(t *testing.T) {
 			assert.Equal(tc.want, f)
 		})
 	}
-
 }
 
 func TestClient_NewClient(t *testing.T) {

ldap/conn_test.go

@@ -35,7 +35,7 @@ func Test_EscapeValue(t *testing.T) {
 
 // Fuzz_EscapeValue is only focused on finding panics
 func Fuzz_EscapeValue(f *testing.F) {
-	for tc, _ := range testcases {
+	for tc := range testcases {
 		f.Add(tc)
 	}
 	f.Fuzz(func(t *testing.T, s string) {

oidc/access_token.go

@@ -5,7 +5,7 @@ package oidc
 
 import "encoding/json"
 
-//  AccessToken is an oauth access_token.
+// AccessToken is an oauth access_token.
 type AccessToken string
 
 // RedactedAccessToken is the redacted string or json for an oauth access_token.

oidc/callback/authcode_test.go

@@ -182,7 +182,6 @@ func Test_AuthCodeResponses(t *testing.T) {
 				return
 			}
 			assert.Equal("login successful", string(contents))
-
 		})
 	}
 }

oidc/config_test.go

@@ -852,7 +852,6 @@ func TestConfig_Hash(t *testing.T) {
 			default:
 				assert.NotEqual(got1, got2)
 			}
-
 		})
 	}
 }

oidc/docs.go

@@ -5,7 +5,6 @@
 oidc is a package for writing clients that integrate with OIDC Providers using
 OIDC flows.
 
-
 Primary types provided by the package:
 
 * Request: represents one OIDC authentication flow for a user.  It contains the
@@ -26,13 +25,13 @@ signing algorithms, additional scopes requested, etc)
 capabilities like: generating an auth URL, exchanging codes for tokens,
 verifying tokens, making user info requests, etc.
 
-The oidc.callback package
+# The oidc.callback package
 
 The callback package includes handlers (http.HandlerFunc) which can be used
 for the callback leg an OIDC flow. Callback handlers for both the authorization
 code flow (with optional PKCE) and the implicit flow are provided.
 
-Example apps
+# Example apps
 
 Complete concise example solutions:
 
@@ -41,6 +40,5 @@ https://github.com/hashicorp/cap/tree/main/oidc/examples/cli/
 
 * OIDC authentication SPA:
 https://github.com/hashicorp/cap/tree/main/oidc/examples/spa/
-
 */
 package oidc

oidc/examples/spa/request_cache.go

@@ -25,7 +25,6 @@ func newRequestCache() *requestCache {
 	return &requestCache{
 		c: map[string]extendedRequest{},
 	}
-
 }
 
 // Read implements the callback.StateReader interface and will delete the state
@@ -63,7 +62,6 @@ func (rc *requestCache) SetToken(id string, t oidc.Token) error {
 		return nil
 	}
 	return fmt.Errorf("%s: %s not found", op, id)
-
 }
 
 func (rc *requestCache) Delete(id string) {

oidc/internal/base62/base62.go

@@ -12,8 +12,10 @@ import (
 	uuid "github.com/hashicorp/go-uuid"
 )
 
-const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
-const csLen = byte(len(charset))
+const (
+	charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+	csLen   = byte(len(charset))
+)
 
 // Random generates a random string using base-62 characters.
 // Resulting entropy is ~5.95 bits/character.

oidc/options_test.go

@@ -33,7 +33,6 @@ func Test_WithNow(t *testing.T) {
 		testOpts := tokenDefaults()
 		testOpts.withNowFunc = testNow
 		testAssertEqualFunc(t, opts.withNowFunc, testNow, "now = %p,want %p", opts.withNowFunc, testNow)
-
 	})
 	t.Run("reqOptions", func(t *testing.T) {
 		opts := getReqOpts(WithNow(testNow))

oidc/pkce_verifier.go

@@ -26,7 +26,6 @@ const (
 //
 // See: https://tools.ietf.org/html/rfc7636#section-4.1
 type CodeVerifier interface {
-
 	// Verifier returns the code verifier (see:
 	// https://tools.ietf.org/html/rfc7636#section-4.1)
 	Verifier() string

oidc/provider.go

@@ -295,7 +295,7 @@ func (p *Provider) Exchange(ctx context.Context, oidcRequest Request, authorizat
 	}
 	// Add the "openid" scope, which is a required scope for oidc flows
 	scopes = append([]string{oidc.ScopeOpenID}, scopes...)
-	var oauth2Config = oauth2.Config{
+	oauth2Config := oauth2.Config{
 		ClientID:     p.config.ClientID,
 		ClientSecret: string(p.config.ClientSecret),
 		RedirectURL:  oidcRequest.RedirectURL(),
@@ -664,7 +664,6 @@ func (p *Provider) HTTPClientContext(ctx context.Context) (context.Context, erro
 	c, err := p.HTTPClient()
 	if err != nil {
 		return nil, fmt.Errorf("%s: %w", op, err)
-
 	}
 	// simple to implement as a wrapper for the coreos package
 	return oidc.ClientContext(ctx, c), nil

oidc/request_test.go

@@ -108,7 +108,6 @@ func TestRequest_IsExpired(t *testing.T) {
 		require.NoError(err)
 		assert.True(oidcRequest.IsExpired())
 	})
-
 }
 
 func Test_WithImplicit(t *testing.T) {