From dd8b7c49ee0dada0966c21c4939fe24005cb25d2 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 08:07:24 +0200 Subject: [PATCH 1/9] build: Enable Dependabot to ensure that the dependencies will be updated on a monthly basis --- .github/dependabot.yml | 11 ++++++++ .github/workflows/golang.yml | 27 +++++++++++++++++++ .../workflows/gomod-go-version-updater.yml | 14 ++++++++++ .github/workflows/mcvs-pr-validation.yml | 19 +++++++++++++ .gitignore | 1 + 5 files changed, 72 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/golang.yml create mode 100644 .github/workflows/gomod-go-version-updater.yml create mode 100644 .github/workflows/mcvs-pr-validation.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8a8a10e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml new file mode 100644 index 0000000..b92e116 --- /dev/null +++ b/.github/workflows/golang.yml @@ -0,0 +1,27 @@ +--- +name: Golang +"on": + # required by gomod-go-version-updater to trigger this action once pr has + # been reviewed + pull_request_review: + types: [submitted] + push: +permissions: + contents: read + packages: read +jobs: + mcvs-golang-action: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v4.2.1 + - uses: schubergphilis/mcvs-golang-action@v0.8.1 + with: + code_coverage_expected: 59.8 + golang-unit-tests-exclusions: |- + \(cmd\/mcvs-scanner\|cmd\/mcvs-scanner-cli\|deprecated\|docs\/swagger\|mocks\) + golangci-lint-version: v1.61.0 + token: ${{ secrets.GITHUB_TOKEN }} + trivy-action-db: |- + ghcr.io/schubergphilis/mcvs-scanner-trivy-db:2 + trivy-action-java-db: |- + ghcr.io/schubergphilis/mcvs-scanner-trivy-java-db:1 diff --git a/.github/workflows/gomod-go-version-updater.yml b/.github/workflows/gomod-go-version-updater.yml new file mode 100644 index 0000000..c2679fa --- /dev/null +++ b/.github/workflows/gomod-go-version-updater.yml @@ -0,0 +1,14 @@ +--- +name: gomod-go-version-updater-action +"on": + schedule: + - cron: "42 5 * * 1-5" +permissions: + contents: write + pull-requests: write + repository-projects: write +jobs: + gomod-go-version-updater-action: + runs-on: ubuntu-22.04 + steps: + - uses: schubergphilis/gomod-go-version-updater-action@v0.1.5 diff --git a/.github/workflows/mcvs-pr-validation.yml b/.github/workflows/mcvs-pr-validation.yml new file mode 100644 index 0000000..e1fae88 --- /dev/null +++ b/.github/workflows/mcvs-pr-validation.yml @@ -0,0 +1,19 @@ +--- +name: MCVS-PR-validation-action +"on": + pull_request: + types: + - edited + - opened + - reopened + - synchronize + workflow_call: +permissions: + contents: read + pull-requests: read +jobs: + MCVS-PR-validation-action: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4.2.1 + - uses: schubergphilis/mcvs-pr-validation-action@v0.2.0 diff --git a/.gitignore b/.gitignore index 27a3afb..a6932ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ +.vscode reports From 9f845d6e0d7f7edb66995488ad8495e72409a9e6 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 08:09:59 +0200 Subject: [PATCH 2/9] fix: Resolve YML issues in prolayout file --- .prolayout.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.prolayout.yml b/.prolayout.yml index af31249..491db75 100644 --- a/.prolayout.yml +++ b/.prolayout.yml @@ -1,6 +1,4 @@ +--- module: "github.com/wimspaargaren/prolayout" root: - name: "bar" - - - From f7c63ca7277346d8e118c77a11aa2ea3b9e5a326 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 08:24:01 +0200 Subject: [PATCH 3/9] fix: Resolve issues in golangci lint --- .golangci.yml | 102 ++++++++++++-------------------------------------- 1 file changed, 23 insertions(+), 79 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index dd902be..b0dfc56 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,25 +1,17 @@ +--- run: concurrency: 3 timeout: 15m issues-exit-code: 1 tests: true - - skip-dirs: - - data - # list of build tags, all linters use it. Default is empty list # output configuration options output: - # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number" - format: code-climate - # print lines of code with issue, default is true print-issued-lines: true - # print linter name in the end of issue text, default is true print-linter-name: true - uniq-by-line: false # all available settings of specific linters @@ -30,12 +22,14 @@ linters-settings: deny: - pkg: "github.com/tj/assert" desc: not allowed, did you mean testify assert? - gci: - local-prefixes: github.com/wimspaargaren/prolayout + errcheck: check-type-assertions: false - check-foonk: true - + gci: + sections: + - standard # Standard section: captures all standard packages. + - default + - prefix(github.com/wimspaargaren/prolayout) revive: ignore-generated-header: true enable-all-rules: true @@ -79,18 +73,10 @@ linters-settings: disabled: false arguments: - "^[a-z][a-z0-9A-Z]{0,}$" - govet: - check-shadowing: false - - golint: - min-confidence: 0.8 - gofmt: simplify: true gocyclo: min-complexity: 18 - maligned: - suggest-new: true dupl: threshold: 175 goconst: @@ -114,25 +100,19 @@ linters-settings: lll: line-length: 200 tab-width: 2 - unused: - check-exported: false - unparam: check-exported: false - nakedret: max-func-lines: 0 prealloc: simple: true - range-loops: true # Report preallocation suggestions on range loops, true by default - for-loops: false # Report preallocation suggestions on for loops, false by default + range-loops: true + for-loops: false gocritic: disabled-checks: - regexpMust - enabled-tags: - performance - settings: # settings passed to gocritic captLocal: # must be valid enabled check name paramsOnly: true @@ -140,58 +120,22 @@ linters-settings: sizeThreshold: 32 linters: - disable-all: true - enable: - - asciicheck - - bodyclose - - dupl - - errcheck - - errorlint - - exhaustive - - exportloopref - - funlen - - gci - - gochecknoglobals - - gochecknoinits - - gocognit - - goconst - - gocritic - - gocyclo - - godox - - gofmt - - gofumpt - - goheader - - revive - - gomodguard - - goprintffuncname - - gosimple - - govet - - ineffassign - - misspell - - nakedret - - nestif - - noctx - - nolintlint - - rowserrcheck - - sqlclosecheck - - staticcheck - - tparallel - - typecheck - - unconvert - - unparam - - whitespace - - dogsled - - godot - - goerr113 - - goimports - - lll - - prealloc - - testpackage - - depguard - + enable-all: true + disable: + - errname + - execinquery # deprecated (since v1.58.0) + - exhaustruct + - exportloopref # deprecated (since v1.60.2) + - gomnd # deprecated (since v1.58.0) + - nilnil + - nlreturn + - paralleltest + - varnamelen + - wsl + fast: false -severity: +severity: default-severity: error rules: - linters: From 61797f4981f9e96e835228f4e74eafd8b8c34f27 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 08:44:48 +0200 Subject: [PATCH 4/9] fix: Optional GCI has this repository provides an alternative way --- .github/workflows/golang.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index b92e116..e895f8a 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -14,9 +14,10 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4.2.1 - - uses: schubergphilis/mcvs-golang-action@v0.8.1 + - uses: schubergphilis/mcvs-golang-action@87-optional-gci with: code_coverage_expected: 59.8 + gci: "false" golang-unit-tests-exclusions: |- \(cmd\/mcvs-scanner\|cmd\/mcvs-scanner-cli\|deprecated\|docs\/swagger\|mocks\) golangci-lint-version: v1.61.0 From a7501b822449dec840284f219d5e5fd0a61eb19b Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 08:51:44 +0200 Subject: [PATCH 5/9] fix: Use public TrivyDB to prevent authentication issues --- .github/workflows/golang.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index e895f8a..5af4748 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -10,6 +10,7 @@ permissions: contents: read packages: read jobs: + # mcvs-golang-action: runs-on: ubuntu-20.04 steps: @@ -21,8 +22,3 @@ jobs: golang-unit-tests-exclusions: |- \(cmd\/mcvs-scanner\|cmd\/mcvs-scanner-cli\|deprecated\|docs\/swagger\|mocks\) golangci-lint-version: v1.61.0 - token: ${{ secrets.GITHUB_TOKEN }} - trivy-action-db: |- - ghcr.io/schubergphilis/mcvs-scanner-trivy-db:2 - trivy-action-java-db: |- - ghcr.io/schubergphilis/mcvs-scanner-trivy-java-db:1 From ee5176015c887f99683ceb5b22647ee5f827fe3a Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 09:13:42 +0200 Subject: [PATCH 6/9] fix: Set code coverage to 62.3 percent --- .github/workflows/golang.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 5af4748..9d2899e 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -17,8 +17,8 @@ jobs: - uses: actions/checkout@v4.2.1 - uses: schubergphilis/mcvs-golang-action@87-optional-gci with: - code_coverage_expected: 59.8 + code_coverage_expected: 62.3 gci: "false" golang-unit-tests-exclusions: |- - \(cmd\/mcvs-scanner\|cmd\/mcvs-scanner-cli\|deprecated\|docs\/swagger\|mocks\) + \(cmd\/prolayout\) golangci-lint-version: v1.61.0 From 71e143018f3f3c079551055b96a87e09ad8bab8d Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 10:02:13 +0200 Subject: [PATCH 7/9] build: Use golang-action 0.8.2 as that one contains the optional GCI --- .github/workflows/golang.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 9d2899e..70c4d92 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -10,12 +10,11 @@ permissions: contents: read packages: read jobs: - # mcvs-golang-action: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v4.2.1 - - uses: schubergphilis/mcvs-golang-action@87-optional-gci + - uses: schubergphilis/mcvs-golang-action@v0.8.2 with: code_coverage_expected: 62.3 gci: "false" From 9859adb13dba7f612ffabffbfc58cf62b9f6b298 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 14:20:59 +0200 Subject: [PATCH 8/9] build: Ensure that ubuntu 22.04 is used for the golang action as well --- .github/workflows/golang.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 70c4d92..5ecf575 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -11,10 +11,11 @@ permissions: packages: read jobs: mcvs-golang-action: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 steps: + # - uses: actions/checkout@v4.2.1 - - uses: schubergphilis/mcvs-golang-action@v0.8.2 + - uses: schubergphilis/mcvs-golang-action@89-1-space-yamllint with: code_coverage_expected: 62.3 gci: "false" From a7a7cf5cf244208613f20b001162ae269e4addac Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 21 Oct 2024 14:36:10 +0200 Subject: [PATCH 9/9] build: Ensure that YAMLLint allows 1 space before comment to prevent clash with Prettier --- .github/workflows/golang.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index 5ecf575..f329e8a 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -13,9 +13,8 @@ jobs: mcvs-golang-action: runs-on: ubuntu-22.04 steps: - # - uses: actions/checkout@v4.2.1 - - uses: schubergphilis/mcvs-golang-action@89-1-space-yamllint + - uses: schubergphilis/mcvs-golang-action@v0.8.3 with: code_coverage_expected: 62.3 gci: "false"