Skip to content

Commit

Permalink
Merge pull request #291 from controlplaneio/cleanup
Browse files Browse the repository at this point in the history 
chore: update deps and improve ci
  • Loading branch information
@06kellyjac
06kellyjac authored Dec 9, 2024
2 parents 2f224a7 + b62f744 commit 38a4274
Show file tree
Hide file tree
Showing 8 changed files with 80 additions and 29 deletions.
27 changes: 21 additions & 6 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,45 @@ updates:
directory: /
schedule:
interval: weekly
time: "06:00"
timezone: UTC
# offset from the hour to avoid other build jobs
time: "06:34"
timezone: Etc/UTC
open-pull-requests-limit: 10
commit-message:
prefix: chore
include: scope
groups:
gha:
patterns:
- "*"
- package-ecosystem: gomod
directory: /
schedule:
interval: weekly
time: "06:00"
timezone: UTC
# offset from the hour to avoid other build jobs
time: "06:34"
timezone: Etc/UTC
allow:
# direct and indirect updates
- dependency-type: "all"
commit-message:
prefix: chore
include: scope
groups:
gomod:
patterns:
- "*"
- package-ecosystem: docker
directory: /
schedule:
interval: weekly
time: "06:00"
timezone: UTC
# offset from the hour to avoid other build jobs
time: "06:34"
timezone: Etc/UTC
commit-message:
prefix: chore
include: scope
groups:
docker:
patterns:
- "*"
40 changes: 36 additions & 4 deletions .github/workflows/security_analysis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,27 @@ name: Security Analysis
on:
push:
branches: [master]
paths:
- "**.go"
- "go.mod"
- "go.sum"
pull_request:
branches: [master]
paths:
- "**.go"
- "go.mod"
- "go.sum"
schedule:
- cron: "0 6 * * *"
# 06:12 - offset from the hour to avoid other build jobs
- cron: "12 6 * * *"

jobs:
codeql:
name: CodeQL
runs-on: ubuntu-latest
permissions:
# allow uploading sarif results
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
Expand All @@ -22,18 +34,38 @@ jobs:
with:
languages: go

# analyzes + uploads sarif
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3

govulncheck:
name: govulncheck
runs-on: ubuntu-latest
permissions:
# allow uploading sarif results
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Vulnerability Scan Go Code
uses: Templum/govulncheck-action@v1.0.1
uses: golang/govulncheck-action@v1
with:
go-version: 1.22
vulncheck-version: v1.0.1
go-version-file: go.mod
repo-checkout: false
output-format: sarif
output-file: govulncheck.sarif

- name: Fix govulncheck SARIF output
# https://github.com/docker/buildx/blob/d4eca07af8385dca95b4c38535a9bbaa3bfc0fa9/hack/dockerfiles/govulncheck.Dockerfile#L22-L25
# Make sure "results" field is defined in SARIF output otherwise GitHub Code Scanning
# will fail when uploading report with "Invalid SARIF. Missing 'results' array in run."
# Relates to https://github.com/golang/vuln/blob/ffdef74cc44d7eb71931d8d414c478b966812488/internal/sarif/sarif.go#L69
run: |
cat <<< $(jq '(.runs[] | select(.results == null) | .results) |= []' govulncheck.sarif) > govulncheck.sarif
- name: Upload Scan SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: govulncheck.sarif
category: govulncheck
20 changes: 12 additions & 8 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ LDFLAGS=-s -w \
-X github.com/controlplaneio/badrobot/cmd.commit=$(GIT_SHA)

PACKAGE = none
BATS_PARALLEL_JOBS := $(shell command -v parallel 2>/dev/null && echo '--jobs 20')
BATS_PARALLEL_JOBS := $(shell command -v parallel 2>&1 >/dev/null && echo '--jobs 20')

.PHONY: all
all: help
Expand All @@ -83,26 +83,30 @@ test: ## unit and local acceptance tests
@echo "+ $@"
make test-unit build test-acceptance

test/bin/%:
git submodule update --init -- $@
.PHONY: check-and-reinit-submodules
check-and-reinit-submodules:
@if git submodule status | grep "^[-+]" ; then \
git submodule update --init; \
fi

.PHONY: bats
bats: test/bin/bats test/bin/bats-assert test/bin/bats-support ## fetch bats dependencies
.PHONY: uninit-submodules
uninit-submodules:
git submodule deinit -f .

.PHONY: test-acceptance
test-acceptance: bats build ## acceptance tests
test-acceptance: check-and-reinit-submodules build ## acceptance tests
@echo "+ $@"
bash -xc 'cd test && ./bin/bats/bin/bats $(BATS_PARALLEL_JOBS) .'

.PHONY: test-unit
test-unit: ## golang unit tests
@echo "+ $@"
go test -race $$(go list ./... | grep -v '/vendor/') -run "$${RUN:-.*}"
CGO_ENABLED=1 go test -race $$(go list ./... | grep -v '/vendor/') -run "$${RUN:-.*}"

.PHONY: test-unit-verbose
test-unit-verbose: ## golang unit tests (verbose)
@echo "+ $@"
go test -race -v $$(go list ./... | grep -v '/vendor/') -run "$${RUN:-.*}"
CGO_ENABLED=1 go test -race -v $$(go list ./... | grep -v '/vendor/') -run "$${RUN:-.*}"

# ---

Expand Down
8 changes: 4 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module github.com/controlplaneio/badrobot

go 1.22.0
go 1.23

toolchain go1.22.2
toolchain go1.23.3

require (
github.com/ghodss/yaml v1.0.0
Expand Down Expand Up @@ -30,8 +30,8 @@ require (
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/apimachinery v0.31.3 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 // indirect
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
8 changes: 4 additions & 4 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,10 @@ k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno=
k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE=
sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A=
sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
Expand Down
2 changes: 1 addition & 1 deletion test/bin/bats
Submodule bats updated 275 files
2 changes: 1 addition & 1 deletion test/bin/bats-assert
Submodule bats-assert updated 13 files
+8 −0 .github/workflows/sync-master.yml
+9 −0 .github/workflows/test.yml
+0 −27 .github/workflows/tests.yml
+0 −1 .gitignore
+107 −21 README.md
+2 −0 load.bash
+36 −0 package-lock.json
+4 −4 package.json
+56 −0 src/assert_regex.bash
+66 −0 src/refute_regex.bash
+87 −0 test/assert_regex.bats
+98 −0 test/refute_regex.bats
+2 −1 test/test_helper.bash
2 changes: 1 addition & 1 deletion test/bin/bats-support
Submodule bats-support updated 5 files
+8 −0 load.bash
+2 −2 src/output.bash
+27 −0 test/50-output-10-batslib_err.bats
+33 −0 test/50-output-19-batslib_decorate.bats
+1 −0 test/cat

0 comments on commit 38a4274

Please sign in to comment.