Skip to content

Commit

Permalink
Merge branch 'main' into feature/sarif-validation
Browse files Browse the repository at this point in the history
  • Loading branch information
arthurflame authored Jan 22, 2025
2 parents 49487a8 + fa1fa18 commit a7cdefb
Show file tree
Hide file tree
Showing 15 changed files with 281 additions and 166 deletions.
1 change: 1 addition & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
version: 2
updates:
- package-ecosystem: "gomod"
Expand Down
208 changes: 104 additions & 104 deletions .github/workflows/go.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# This workflow will build a golang project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go

---
name: Go Pipeline

# Enable this workflow to run for pull requests and
Expand All @@ -18,63 +18,63 @@ jobs:
download:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: '1.22'
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.22"

- name: Download dependencies
run: go mod download
- name: Download dependencies
run: go mod download

lint:
needs: download
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.22"

- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: '1.22'

- name: Static Analysis
run: go vet ./...
- name: Static Analysis
run: go vet ./...

- name: Check Formatting
run: test -z "$(gofmt -s -l -e .)"
- name: Check Formatting
run: test -z "$(gofmt -s -l -e .)"

build:
needs: download
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: '1.22'
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.22"

- name: Build
run: |
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
go build -ldflags='-w -s -extldflags "-static"' -tags netgo -o validator cmd/validator/validator.go
- name: Build
run: |
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
go build -ldflags='-w -s -extldflags "-static"' -tags netgo -o validator cmd/validator/validator.go
test:
needs: download
Expand All @@ -83,68 +83,68 @@ jobs:
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.

- name: Set up Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: '1.22'

- name: Unit test
run: go test -v -cover -coverprofile coverage.out ./...

- name: Check coverage
id: check-coverage
env:
COVERAGE_THRESHOLD: 94
run: |
# Validate that the coverage is above or at the required threshold
echo "Checking if test coverage is above threshold ..."
echo "Coverage threshold: ${COVERAGE_THRESHOLD} %"
totalCoverage=$(go tool cover -func coverage.out | grep 'total' | grep -Eo '[0-9]+\.[0-9]+')
echo "Current test coverage : ${totalCoverage} %"
if (( $(echo "${COVERAGE_THRESHOLD} <= ${totalCoverage}" | bc -l) )); then
echo "Coverage OK"
else
echo "Current test coverage is below threshold"
exit 1
fi
echo "total_coverage=${totalCoverage}" >> "${GITHUB_OUTPUT}"
- name: Create badge img tag and apply to README files
id: generate-badge
run: |
# Create Badge URL
# Badge will always be green because of coverage threshold check
# so we just have to populate the total coverage
totalCoverage=${{ steps.check-coverage.outputs.total_coverage }}
BADGE_URL="https://img.shields.io/badge/Coverage-${totalCoverage}%25-brightgreen"
BADGE_IMG_TAG="<img id=\"cov\" src=\"${BADGE_URL}\" alt=\"Code Coverage\">"
# Update README.md and index.md
for markdown_file in README.md index.md; do
sed -i "/id=\"cov\"/c\\${BADGE_IMG_TAG}" "${markdown_file}"
done
# Check to see if files were updated
if git diff --quiet; then
echo "badge_updates=false" >> "${GITHUB_OUTPUT}"
else
echo "badge_updates=true" >> "${GITHUB_OUTPUT}"
fi
- name: Commit changes
if: steps.generate-badge.outputs.badge_updates == 'true' && github.event_name == 'push'
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git add -- README.md index.md
git commit -m "chore: Updated coverage badge."
git push
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.

- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: "1.22"

- name: Unit test
run: go test -v -cover -coverprofile coverage.out ./...

- name: Check coverage
id: check-coverage
env:
COVERAGE_THRESHOLD: 94
run: |
# Validate that the coverage is above or at the required threshold
echo "Checking if test coverage is above threshold ..."
echo "Coverage threshold: ${COVERAGE_THRESHOLD} %"
totalCoverage=$(go tool cover -func coverage.out | grep 'total' | grep -Eo '[0-9]+\.[0-9]+')
echo "Current test coverage : ${totalCoverage} %"
if (( $(echo "${COVERAGE_THRESHOLD} <= ${totalCoverage}" | bc -l) )); then
echo "Coverage OK"
else
echo "Current test coverage is below threshold"
exit 1
fi
echo "total_coverage=${totalCoverage}" >> "${GITHUB_OUTPUT}"
- name: Create badge img tag and apply to README files
id: generate-badge
run: |
# Create Badge URL
# Badge will always be green because of coverage threshold check
# so we just have to populate the total coverage
totalCoverage=${{ steps.check-coverage.outputs.total_coverage }}
BADGE_URL="https://img.shields.io/badge/Coverage-${totalCoverage}%25-brightgreen"
BADGE_IMG_TAG="<img id=\"cov\" src=\"${BADGE_URL}\" alt=\"Code Coverage\">"
# Update README.md and index.md
for markdown_file in README.md index.md; do
sed -i "/id=\"cov\"/c\\${BADGE_IMG_TAG}" "${markdown_file}"
done
# Check to see if files were updated
if git diff --quiet; then
echo "badge_updates=false" >> "${GITHUB_OUTPUT}"
else
echo "badge_updates=true" >> "${GITHUB_OUTPUT}"
fi
- name: Commit changes
if: steps.generate-badge.outputs.badge_updates == 'true' && github.event_name == 'push'
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Action"
git add -- README.md index.md
git commit -m "chore: Updated coverage badge."
git push
9 changes: 5 additions & 4 deletions .github/workflows/golangci-lint.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
name: golangci-lint
on:
push:
Expand All @@ -15,12 +16,12 @@ jobs:
golangci:
strategy:
matrix:
go: ['1.21']
go: ["1.21"]
os: [ubuntu-latest, macos-latest, windows-latest]
permissions:
# Optional: Allow write access to checks to allow the action to annotate code in the PR.
checks: write

name: lint
runs-on: ${{ matrix.os }}
steps:
Expand All @@ -30,7 +31,7 @@ jobs:
egress-policy: audit

- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
- uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ matrix.go }}
cache: false
Expand All @@ -55,4 +56,4 @@ jobs:
# only-new-issues: true

# Optional:The mode to install golangci-lint. It can be 'binary' or 'goinstall'.
# install-mode: "goinstall"
# install-mode: "goinstall"
77 changes: 39 additions & 38 deletions .github/workflows/goreportcard.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
name: Go Report Card

on:
Expand All @@ -6,53 +7,53 @@ on:
- main
pull_request:

permissions: # added using https://github.com/step-security/secure-repo
permissions: # added using https://github.com/step-security/secure-repo
contents: read

jobs:
goreportcard:
strategy:
matrix:
go: ['stable']
go: ["stable"]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit

- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
with:
go-version: ${{ matrix.go }}
cache: false
- name: Checkout gojp/goreportcard repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: gojp/goreportcard
path: goreportcard
- name: Install goreportcard-cli
# goreportcard-cli requires the following linters:
# 1. gometalinter
# 2. golint
# 3. gocyclo
# 4. ineffassign
# 5. misspell
# among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
# Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
run: |
cd goreportcard
- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
with:
go-version: ${{ matrix.go }}
cache: false
- name: Checkout gojp/goreportcard repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: gojp/goreportcard
path: goreportcard
- name: Install goreportcard-cli
# goreportcard-cli requires the following linters:
# 1. gometalinter
# 2. golint
# 3. gocyclo
# 4. ineffassign
# 5. misspell
# among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
# Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
run: |
cd goreportcard
# Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
# Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
make install
# Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
# Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
make install
# Install goreportcard-cli binary
go install ./cmd/goreportcard-cli
- name: Checkout Boeing/config-file-validator repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run goreportcard
run: |
# Failure threshold is set to 95% to fail at any errors. Default is 75%.
goreportcard-cli -t 95
# Install goreportcard-cli binary
go install ./cmd/goreportcard-cli
- name: Checkout Boeing/config-file-validator repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run goreportcard
run: |
# Failure threshold is set to 95% to fail at any errors. Default is 75%.
goreportcard-cli -t 95
Loading

0 comments on commit a7cdefb

Please sign in to comment.