Skip to content

Commit

Permalink
update dependencies (#33)
Browse files Browse the repository at this point in the history
* update dependencies

* update workflow steps

* add a lint config and fix up linting issues

* fixup the linux make target label
  • Loading branch information
DoctorVin authored Feb 20, 2024
1 parent 35a6dad commit 6ab1a53
Show file tree
Hide file tree
Showing 12 changed files with 453 additions and 88 deletions.
72 changes: 72 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '34 3 * * 0'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
68 changes: 68 additions & 0 deletions .github/workflows/push-pr-lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: lint, test and build image
on: [pull_request, push]

jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Checkout code
uses: actions/checkout@v4
- name: golangci-lint
uses: golangci/golangci-lint-action@v4
with:
args: --config .golangci.yml --timeout 2m
version: v1.55.2
- name: Test
run: go test ./...
build:
runs-on: ubuntu-latest
needs: [lint-test]
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: '1.21'

- name: Checkout code
uses: actions/checkout@v4

- name: build binary
run: make build

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Docker image - no push
id: docker-build
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: ghcr.io/metal-toolbox/fleet-rest-skeleton:latest
file: Dockerfile

- name: Scan image
id: scan-image
uses: anchore/scan-action@v3
with:
image: ghcr.io/metal-toolbox/fleet-rest-skeleton:latest
acs-report-enable: true
# TODO(joel): Fail build once we migrate off CentOS.
fail-build: false

# TODO(joel): Uncomment once we migrate off CentOS.
# - name: upload Anchore scan SARIF report
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: ${{ steps.scan.outputs.sarif }}
# # This should run even if we fail the container scan
# if: always()

- name: Inspect action SARIF report
run: cat ${{ steps.scan.outputs.sarif }}
# This should run even if we fail the container scan
if: always()
8 changes: 4 additions & 4 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ jobs:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@v5
with:
go-version: "1.20"
go-version: "1.21"
-
name: install cosign
uses: sigstore/cosign-installer@main
-
uses: anchore/sbom-action/download-syft@v0.14.3
uses: anchore/sbom-action/download-syft@v0.15.8
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
Expand All @@ -44,4 +44,4 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_EXPERIMENTAL: 1
GOVERSION: "1.20"
GOVERSION: "1.21"
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,9 @@ bomservice
# Output of the go coverage tool, specifically when used with LiteIDE
*.out

# editor swap files
*.swp
*.swo

# Dependency directories (remove the comment below to include it)
# vendor/
124 changes: 124 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
# golangci.com configuration
# https://github.com/golangci/golangci/wiki/Configuration
service:
golangci-lint-version: 1.55.2 # use the fixed version to not introduce new linters unexpectedly

linters-settings:
govet:
auto-fix: true
check-shadowing: true
settings:
printf:
funcs:
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
revive:
min-confidence: 0
gocyclo:
min-complexity: 15
dupl:
threshold: 100
goconst:
min-len: 2
min-occurrences: 2
depguard:
list-type: blacklist
packages:
# logging is allowed only by logutils.Log, logrus
# is allowed to use only in logutils package
- github.com/sirupsen/logrus
misspell:
locale: US
auto-fix: true
lll:
line-length: 140
goimports:
local-prefixes: github.com/golangci/golangci-lint
gocritic:
enabled-tags:
- performance
- style
- experimental
disabled-checks:
- wrapperFunc
gofumpt:
extra-rules: true
wsl:
auto-fix: true

linters:
enable:
- errcheck
- gosimple
- govet
- gofmt
- gocyclo
- ineffassign
- stylecheck
- misspell
- staticcheck
- unused
- prealloc
- typecheck
# additional linters
- bodyclose
- gocritic
- goerr113
- goimports
- revive
- misspell
- noctx
- stylecheck
- gosec
enable-all: false
disable-all: true

run:
# build-tags:
skip-dirs:
- internal/fixtures
skip-files:
- "(.*/)*.*_test.go"

issues:
exclude-rules:
- linters:
- gosec
text: "weak cryptographic primitive"

- linters:
- stylecheck
text: "ST1016"

- linters:
- gocritic
text: "whyNoLint"

- linters:
- goerr113
text: "do not define dynamic errors"
exclude:
# Default excludes from `golangci-lint run --help` with EXC0002 removed
# EXC0001 errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv). is not checked
# EXC0002 golint: Annoying issue about not having a comment. The rare codebase has such comments
# - (comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form)
# EXC0003 golint: False positive when tests are defined in package 'test'
- func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
# EXC0004 govet: Common false positives
- (possible misuse of unsafe.Pointer|should have signature)
# EXC0005 staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
- ineffective break statement. Did you mean to break out of the outer loop
# EXC0006 gosec: Too many false-positives on 'unsafe' usage
- Use of unsafe calls should be audited
# EXC0007 gosec: Too many false-positives for parametrized shell calls
- Subprocess launch(ed with variable|ing should be audited)
# EXC0008 gosec: Duplicated errcheck checks
- (G104|G307)
# EXC0009 gosec: Too many issues in popular repos
- (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
# EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
- Potential file inclusion via variable
exclude-use-default: false
19 changes: 2 additions & 17 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -26,23 +26,8 @@ gen-store-mock:
go install github.com/golang/mock/mockgen@v1.6.0
mockgen -package=mock -source=internal/store/interface.go > internal/store/mock/mock.go

## build osx bin
build-osx:
ifeq ($(GO_VERSION), 0)
$(error build requies go version 1.17.n or higher)
endif
GOOS=darwin GOARCH=amd64 go build -o bomservice \
-ldflags \
"-X $(LDFLAG_LOCATION).GitCommit=$(GIT_COMMIT) \
-X $(LDFLAG_LOCATION).GitBranch=$(GIT_BRANCH) \
-X $(LDFLAG_LOCATION).GitSummary=$(GIT_SUMMARY) \
-X $(LDFLAG_LOCATION).AppVersion=$(VERSION) \
-X $(LDFLAG_LOCATION).BuildDate=$(BUILD_DATE)"



## Build linux bin
build-linux:
build:
ifeq ($(GO_VERSION), 0)
$(error build requies go version 1.20.x+ or higher)
endif
Expand All @@ -56,7 +41,7 @@ endif


## build docker image and tag as ghcr.io/metal-toolbox/bomservice:latest
build-image: build-linux
build-image: build
@echo ">>>> NOTE: You may want to execute 'make build-image-nocache' depending on the Docker stages changed"
docker build --rm=true -f Dockerfile -t ${DOCKER_IMAGE}:latest . \
--label org.label-schema.schema-version=1.0 \
Expand Down
2 changes: 0 additions & 2 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ package cmd

import (
"log"
"os"

"github.com/spf13/cobra"
)
Expand All @@ -38,7 +37,6 @@ var rootCmd = &cobra.Command{
func Execute() {
if err := rootCmd.Execute(); err != nil {
log.Fatal(err)
os.Exit(1)
}
}

Expand Down
Loading

0 comments on commit 6ab1a53

Please sign in to comment.