ci(megalinter): add github action (#218)

* ci(megalinter): add github action * ci(megalinter): fix linter errors - update links, lint yml files, update gitignore, fix dockerfile * ci(megalinter): add root level config * ci(megalinter): linted yaml files, update contributing instructions * ci(megalinter): linted yaml for mega linter * chore(megalinter): added inline code comments for megalinter config * chore(megalinter): replaced tags with commit hashes, update dockerfile to remvoe the tag variable
Boeing · Jan 21, 2025 · f4c0ee9 · f4c0ee9
1 parent 1e0de7b
commit f4c0ee9
Show file tree

Hide file tree

Showing 14 changed files with 258 additions and 160 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,3 +1,4 @@
+---
 version: 2
 updates:
   - package-ecosystem: "gomod"

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -1,6 +1,6 @@
 # This workflow will build a golang project
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go
-
+---
 name: Go Pipeline
 
 # Enable this workflow to run for pull requests and
@@ -18,63 +18,63 @@ jobs:
   download:
     runs-on: ubuntu-latest
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
-      with:
-        egress-policy: audit
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
 
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - name: Set up Go
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-      with:
-        go-version: '1.22'
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: "1.22"
 
-    - name: Download dependencies
-      run: go mod download
+      - name: Download dependencies
+        run: go mod download
 
   lint:
     needs: download
     runs-on: ubuntu-latest
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
-      with:
-        egress-policy: audit
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: "1.22"
 
-    - name: Set up Go
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-      with:
-        go-version: '1.22'
-
-    - name: Static Analysis
-      run: go vet ./...
+      - name: Static Analysis
+        run: go vet ./...
 
-    - name: Check Formatting
-      run: test -z "$(gofmt -s -l -e .)"
+      - name: Check Formatting
+        run: test -z "$(gofmt -s -l -e .)"
 
   build:
     needs: download
     runs-on: ubuntu-latest
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
-      with:
-        egress-policy: audit
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
 
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - name: Set up Go
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-      with:
-        go-version: '1.22'
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: "1.22"
 
-    - name: Build
-      run: |
-        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
-          go build -ldflags='-w -s -extldflags "-static"' -tags netgo -o validator cmd/validator/validator.go
+      - name: Build
+        run: |
+          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+            go build -ldflags='-w -s -extldflags "-static"' -tags netgo -o validator cmd/validator/validator.go
 
   test:
     needs: download
@@ -83,68 +83,68 @@ jobs:
     permissions:
       contents: write
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
-      with:
-        egress-policy: audit
-
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
-
-    - name: Set up Go
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-      with:
-        go-version: '1.22'
-
-    - name: Unit test
-      run: go test -v -cover -coverprofile coverage.out ./...
-
-    - name: Check coverage
-      id: check-coverage
-      env:
-        COVERAGE_THRESHOLD: 94
-      run: |
-        # Validate that the coverage is above or at the required threshold
-        echo "Checking if test coverage is above threshold ..."
-        echo "Coverage threshold: ${COVERAGE_THRESHOLD} %"
-        totalCoverage=$(go tool cover -func coverage.out | grep 'total' | grep -Eo '[0-9]+\.[0-9]+')
-        echo "Current test coverage : ${totalCoverage} %"
-        if (( $(echo "${COVERAGE_THRESHOLD} <= ${totalCoverage}" | bc -l) )); then
-          echo "Coverage OK"
-        else
-          echo "Current test coverage is below threshold"
-          exit 1
-        fi
-        echo "total_coverage=${totalCoverage}" >> "${GITHUB_OUTPUT}"
-    
-    - name: Create badge img tag and apply to README files
-      id: generate-badge
-      run: |
-        # Create Badge URL
-        # Badge will always be green because of coverage threshold check
-        # so we just have to populate the total coverage
-        totalCoverage=${{ steps.check-coverage.outputs.total_coverage }}
-        BADGE_URL="https://img.shields.io/badge/Coverage-${totalCoverage}%25-brightgreen"
-        BADGE_IMG_TAG="<img id=\"cov\" src=\"${BADGE_URL}\" alt=\"Code Coverage\">"
-
-        # Update README.md and index.md
-        for markdown_file in README.md index.md; do
-          sed -i "/id=\"cov\"/c\\${BADGE_IMG_TAG}" "${markdown_file}"
-        done
-
-        # Check to see if files were updated
-        if git diff --quiet; then
-          echo "badge_updates=false" >> "${GITHUB_OUTPUT}"
-        else
-          echo "badge_updates=true" >> "${GITHUB_OUTPUT}"
-        fi
-
-    - name: Commit changes
-      if: steps.generate-badge.outputs.badge_updates == 'true' && github.event_name == 'push'
-      run: |
-        git config --local user.email "[email protected]"
-        git config --local user.name "GitHub Action"
-        git add -- README.md index.md
-        git commit -m "chore: Updated coverage badge."
-        git push
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository.
+
+      - name: Set up Go
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        with:
+          go-version: "1.22"
+
+      - name: Unit test
+        run: go test -v -cover -coverprofile coverage.out ./...
+
+      - name: Check coverage
+        id: check-coverage
+        env:
+          COVERAGE_THRESHOLD: 94
+        run: |
+          # Validate that the coverage is above or at the required threshold
+          echo "Checking if test coverage is above threshold ..."
+          echo "Coverage threshold: ${COVERAGE_THRESHOLD} %"
+          totalCoverage=$(go tool cover -func coverage.out | grep 'total' | grep -Eo '[0-9]+\.[0-9]+')
+          echo "Current test coverage : ${totalCoverage} %"
+          if (( $(echo "${COVERAGE_THRESHOLD} <= ${totalCoverage}" | bc -l) )); then
+            echo "Coverage OK"
+          else
+            echo "Current test coverage is below threshold"
+            exit 1
+          fi
+          echo "total_coverage=${totalCoverage}" >> "${GITHUB_OUTPUT}"
+
+      - name: Create badge img tag and apply to README files
+        id: generate-badge
+        run: |
+          # Create Badge URL
+          # Badge will always be green because of coverage threshold check
+          # so we just have to populate the total coverage
+          totalCoverage=${{ steps.check-coverage.outputs.total_coverage }}
+          BADGE_URL="https://img.shields.io/badge/Coverage-${totalCoverage}%25-brightgreen"
+          BADGE_IMG_TAG="<img id=\"cov\" src=\"${BADGE_URL}\" alt=\"Code Coverage\">"
+
+          # Update README.md and index.md
+          for markdown_file in README.md index.md; do
+            sed -i "/id=\"cov\"/c\\${BADGE_IMG_TAG}" "${markdown_file}"
+          done
+
+          # Check to see if files were updated
+          if git diff --quiet; then
+            echo "badge_updates=false" >> "${GITHUB_OUTPUT}"
+          else
+            echo "badge_updates=true" >> "${GITHUB_OUTPUT}"
+          fi
+
+      - name: Commit changes
+        if: steps.generate-badge.outputs.badge_updates == 'true' && github.event_name == 'push'
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git add -- README.md index.md
+          git commit -m "chore: Updated coverage badge."
+          git push
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -1,3 +1,4 @@
+---
 name: golangci-lint
 on:
   push:
@@ -15,12 +16,12 @@ jobs:
   golangci:
     strategy:
       matrix:
-        go: ['1.21']
+        go: ["1.21"]
         os: [ubuntu-latest, macos-latest, windows-latest]
     permissions:
       # Optional: Allow write access to checks to allow the action to annotate code in the PR.
       checks: write
-    
+
     name: lint
     runs-on: ${{ matrix.os }}
     steps:
@@ -55,4 +56,4 @@ jobs:
           # only-new-issues: true
 
           # Optional:The mode to install golangci-lint. It can be 'binary' or 'goinstall'.
-          # install-mode: "goinstall"
+          # install-mode: "goinstall"
diff --git a/.github/workflows/goreportcard.yaml b/.github/workflows/goreportcard.yaml
@@ -1,3 +1,4 @@
+---
 name: Go Report Card
 
 on:
@@ -6,53 +7,53 @@ on:
       - main
   pull_request:
 
-permissions:  # added using https://github.com/step-security/secure-repo
+permissions: # added using https://github.com/step-security/secure-repo
   contents: read
 
 jobs:
   goreportcard:
     strategy:
       matrix:
-        go: ['stable']
+        go: ["stable"]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
-      with:
-        egress-policy: audit
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
 
-    - name: Setup Go ${{ matrix.go }}
-      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-      with:
-        go-version: ${{ matrix.go }}
-        cache: false
-    - name: Checkout gojp/goreportcard repo
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        repository: gojp/goreportcard
-        path: goreportcard
-    - name: Install goreportcard-cli
-      # goreportcard-cli requires the following linters:
-      #  1. gometalinter
-      #  2. golint
-      #  3. gocyclo
-      #  4. ineffassign
-      #  5. misspell
-      # among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
-      # Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
-      run: |
-        cd goreportcard
+      - name: Setup Go ${{ matrix.go }}
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version: ${{ matrix.go }}
+          cache: false
+      - name: Checkout gojp/goreportcard repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          repository: gojp/goreportcard
+          path: goreportcard
+      - name: Install goreportcard-cli
+        # goreportcard-cli requires the following linters:
+        #  1. gometalinter
+        #  2. golint
+        #  3. gocyclo
+        #  4. ineffassign
+        #  5. misspell
+        # among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
+        # Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
+        run: |
+          cd goreportcard
 
-        # Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
-        # Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
-        make install
+          # Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
+          # Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
+          make install
 
-        # Install goreportcard-cli binary
-        go install ./cmd/goreportcard-cli
-    - name: Checkout Boeing/config-file-validator repo
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-    - name: Run goreportcard
-      run: |
-        # Failure threshold is set to 95% to fail at any errors. Default is 75%.
-        goreportcard-cli -t 95
+          # Install goreportcard-cli binary
+          go install ./cmd/goreportcard-cli
+      - name: Checkout Boeing/config-file-validator repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Run goreportcard
+        run: |
+          # Failure threshold is set to 95% to fail at any errors. Default is 75%.
+          goreportcard-cli -t 95