diff --git a/.codecov.yml b/.codecov.yml index 4a0a11bd2..5a9bdf017 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -1,8 +1,36 @@ +# See http://docs.codecov.io/docs/coverage-configuration coverage: + precision: 2 # 2 = xx.xx%, 0 = xx% + round: down + # For example: 20...60 would result in any coverage less than 20% + # would have a red background. The color would gradually change to + # green approaching 60%. Any coverage over 60% would result in a + # solid green color. + range: "20...60" + status: - patch: off - project: - default: - target: auto - threshold: 0.2% - removed_code_behavior: adjust_base + # project will give us the diff in the total code coverage between a commit + # and its parent + project: yes + # Patch gives just the coverage of the patch + patch: yes + # changes tells us if there are unexpected code co verage changes in other files + # which were not changed by the diff + changes: yes + + # See http://docs.codecov.io/docs/ignoring-paths + ignore: + - "build/*" + - "hack/*" + - "openshift-ci/*" + - "Makefile" + - ".travis.yml" + +# See http://docs.codecov.io/docs/pull-request-comments-1 +comment: + layout: "diff, files" + behavior: "" + # default = posts once then update, posts new if delete + # once = post once then updates + # new = delete old, post new + # spammy = post new \ No newline at end of file diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 59e047ed0..00772a248 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -1,12 +1,10 @@ -name: static checks +name: PR checks + on: - workflow_dispatch: - push: - branches: - - "master" pull_request: branches: - - "*" + - master + - 'v*.*' jobs: lint: @@ -15,12 +13,22 @@ jobs: steps: - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "^1.18" + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.11" + architecture: "x64" + - name: Checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + - name: Run linters + run: make lint + unit: name: Unit Tests with Code coverage @@ -28,44 +36,37 @@ jobs: steps: - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: "^1.18" - name: Checkout Git Repository - uses: actions/checkout@v3 - - - name: Run Go Tests - run: make test - - - name: Check format - run: | - if [[ $(go fmt `go list ./... | grep -v vendor`) ]]; then - echo "not well formatted sources are found" - exit 1 - fi + uses: actions/checkout@v4 - - name: Generate coverage report + - name: Unit Tests with Code Coverage run: | - go test `go list ./... | grep -v examples` -coverprofile=coverage.txt -covermode=atomic + make test - - name: Upload coverage report - uses: codecov/codecov-action@v1 + - name: Upload Code Coverage Report + uses: codecov/codecov-action@v3 with: - file: ./coverage.txt - flags: unittests - name: codecov-umbrella + file: cover.out + verbose: true + fail_ci_if_error: true + + source-scan: + name: Gosec code scanning + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v4 - - name: Get code coverage artifiact - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: code-coverage - - name: Get test result artifact - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + - name: Run gosec + uses: securego/gosec@v2.18.2 with: - name: test-results - path: test-results - - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 + args: '-no-fail -fmt sarif -out gosec.sarif ./...' + + - name: Upload gosec scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 with: - file: coverage.out + sarif_file: 'gosec.sarif'