chore: add deadcode elimination linter

Assert that `machined` build does deadcode elimination.

Fixes #11296

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 721595a)

Author: smira

Dockerfile

@@ -325,8 +325,11 @@ WORKDIR /src
 FROM build AS build-go
 COPY ./go.mod ./go.sum ./
 COPY ./pkg/machinery/go.mod ./pkg/machinery/go.sum ./pkg/machinery/
+COPY ./tools ./tools
 WORKDIR /src/pkg/machinery
 RUN --mount=type=cache,target=/.cache,id=talos/.cache go mod download
+WORKDIR /src/tools
+RUN --mount=type=cache,target=/.cache,id=talos/.cache go mod download
 WORKDIR /src
 RUN --mount=type=cache,target=/.cache,id=talos/.cache go mod download
 RUN --mount=type=cache,target=/.cache,id=talos/.cache go mod verify
@@ -505,6 +508,22 @@ WORKDIR /src
 FROM base AS lint-vulncheck
 RUN --mount=type=cache,target=/.cache,id=talos/.cache govulncheck ./...
 
+# The lint-deadcode target runs the deadcode elimination check.
+FROM base AS lint-deadcode
+ARG GO_BUILDFLAGS
+ARG GO_LDFLAGS
+ARG GO_MACHINED_LDFLAGS
+ARG GOAMD64
+RUN --mount=type=cache,target=/.cache,id=talos/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} ${GO_MACHINED_LDFLAGS} -dumpdep" ./internal/app/machined \
+    |& go tool  -modfile=tools/go.mod github.com/aarzilli/whydeadcode > deadcode.txt
+RUN if [[ -s deadcode.txt ]]; then \
+        echo "Dead code elimination problem found:"; \
+        cat deadcode.txt; \
+        exit 1; \
+    else \
+        echo "No dead code elimination issues found"; \
+    fi
+
 # The init target builds the init binary.
 
 FROM base AS init-build-amd64
@@ -892,7 +911,6 @@ ARG NAME
 ARG TAG
 
 COPY ./hack/sbom.sh /usr/bin/sbom.sh
-COPY ./tools ./tools
 
 RUN mkdir -p /tmp/sbom-src /rootfs/usr/share/spdx
 RUN cp go.mod go.sum /tmp/sbom-src/
@@ -953,7 +971,6 @@ COPY --from=vex-generate /talos.grype.yaml /talos.grype.yaml
 FROM build-go AS grype-scan
 COPY --from=sbom-arm64 /talos-arm64.spdx.json /talos-arm64.spdx.json
 COPY --from=vex /talos.vex.json /talos.vex.json
-COPY ./tools ./tools
 RUN --mount=type=cache,target=/.cache,id=talos/.cache go tool -modfile=tools/go.mod \
     github.com/anchore/grype/cmd/grype sbom:/talos-arm64.spdx.json \
     --vex /talos.vex.json -vv 2>&1 | tee /grype-scan.log
@@ -965,7 +982,6 @@ FROM build-go AS grype-validate
 COPY --from=sbom-arm64 /talos-arm64.spdx.json /talos-arm64.spdx.json
 COPY --from=vex /talos.vex.json /talos.vex.json
 COPY --from=vex /talos.grype.yaml /talos.grype.yaml
-COPY ./tools ./tools
 RUN --mount=type=cache,target=/.cache,id=talos/.cache go tool -modfile=tools/go.mod \
     github.com/anchore/grype/cmd/grype sbom:/talos-arm64.spdx.json \
     --vex /talos.vex.json -vv --fail-on negligible --config /talos.grype.yaml

Makefile

@@ -560,8 +560,8 @@ fmt: ## Formats the source code and protobuf files.
 lint-%: ## Runs the specified linter. Valid options are go, protobuf, and markdown (e.g. lint-go).
 	@$(MAKE) target-lint-$* PLATFORM=linux/$(ARCH)
 
-lint: ## Runs linters on go, vulncheck, protobuf, and markdown file types.
-	@$(MAKE) lint-go lint-vulncheck lint-protobuf lint-markdown
+lint: ## Runs linters on go, vulncheck, deadcode, protobuf, and markdown file types.
+	@$(MAKE) lint-go lint-vulncheck lint-deadcode lint-protobuf lint-markdown
 
 check-dirty: ## Verifies that source tree is not dirty
 	@if test -n "`git status --porcelain`"; then echo "Source tree is dirty"; git status; git diff; exit 1 ; fi

tools/go.mod

@@ -3,6 +3,7 @@ module github.com/siderolabs/talos/tools
 go 1.24.5
 
 tool (
+	github.com/aarzilli/whydeadcode
 	github.com/anchore/grype/cmd/grype
 	github.com/anchore/syft/cmd/syft
 )
@@ -42,6 +43,7 @@ require (
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v1.2.0 // indirect
 	github.com/STARRY-S/zip v0.2.1 // indirect
+	github.com/aarzilli/whydeadcode v0.0.0-20241226171816-ed86f8ea0a6f // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
 	github.com/adrg/xdg v0.5.3 // indirect

tools/go.sum

@@ -664,6 +664,8 @@ github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGh
 github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
 github.com/STARRY-S/zip v0.2.1 h1:pWBd4tuSGm3wtpoqRZZ2EAwOmcHK6XFf7bU9qcJXyFg=
 github.com/STARRY-S/zip v0.2.1/go.mod h1:xNvshLODWtC4EJ702g7cTYn13G53o1+X9BWnPFpcWV4=
+github.com/aarzilli/whydeadcode v0.0.0-20241226171816-ed86f8ea0a6f h1:S9nWL2BVcrC0teJDsnP+HLWqnOlGl9cz/a5rlsUh4cc=
+github.com/aarzilli/whydeadcode v0.0.0-20241226171816-ed86f8ea0a6f/go.mod h1:rHV6WbQI4oOtjbl+J0d9UYVs8eBU9bqZIp9UB5QACiQ=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
 github.com/acobaugh/osrelease v0.1.0 h1:Yb59HQDGGNhCj4suHaFQQfBps5wyoKLSSX/J/+UifRE=