Skip to content

Commit

Permalink
added gosec & govulncheck
Browse files Browse the repository at this point in the history
  • Loading branch information
apoorvajagtap committed Jul 22, 2023
1 parent d11e39a commit b7f5b09
Show file tree
Hide file tree
Showing 5 changed files with 96 additions and 11 deletions.
3 changes: 3 additions & 0 deletions .github/workflows/issues.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ on:
issues:
types:
- opened
pull_request:
types:
- opened

jobs:
add-to-project:
Expand Down
30 changes: 30 additions & 0 deletions .github/workflows/pull-request-size-labeler.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Pull request size labeler

on: [pull_request]

jobs:
labeler:
runs-on: ubuntu-latest
name: Label the PR size
permissions:
issues: write
pull-requests: write
steps:
- uses: codelytv/pr-size-labeler@v1
with:
GITHUB_TOKEN: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
xs_label: 'size/xs'
xs_max_size: '10'
s_label: 'size/s'
s_max_size: '100'
m_label: 'size/m'
m_max_size: '500'
l_label: 'size/l'
l_max_size: '1000'
xl_label: 'size/xl'
fail_if_xl: 'false'
message_if_xl: >
This PR exceeds the recommended size of 1000 lines.
Please make sure you are NOT addressing multiple issues with one PR.
Note this PR might be rejected due to its size.
files_to_ignore: ''
21 changes: 18 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,28 @@ jobs:
go-version: ${{ matrix.go }}
cache: false

- name: Verify
- name: Run GolangCI-Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53
args: --timeout=5m


- name: Run GoSec
if: matrix.os == 'ubuntu-latest'
uses: securego/gosec@master
with:
args: ./...

- name: Run GoVulnCheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ${{ matrix.go }}
go-package: ./...

- name: Test
run: go test -race --coverprofile=coverage.txt --covermode=atomic -v ./...

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
uses: codecov/codecov-action@v3
with:
files: ./coverage
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
coverage.coverprofile
52 changes: 44 additions & 8 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -7,27 +7,63 @@ else
GOBIN=$(shell go env GOBIN)
endif

# LINT is the path to the golangci-lint binary
LINT = $(shell which golangci-lint)
# GOLINT is the path to the golangci-lint binary
GOLINT = $(shell which golangci-lint 2> /dev/null || echo '')

# GOSEC is the path to the gosec binary
GOSEC = $(shell which gosec 2> /dev/null || echo '')

# GOVULNCHECK is the path to the govulncheck binary
GOVULNCHECK = $(shell which govulncheck 2> /dev/null || echo '')

.PHONY: golangci-lint
golangci-lint:
ifeq (, $(LINT))
ifeq (, $(GOLINT))
ifeq (, $(shell which golangci-lint))
@{ \
set -e ;\
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ;\
}
override LINT=$(GOBIN)/golangci-lint
override GOLINT=$(GOBIN)/golangci-lint
else
override GOLINT=$(shell which golangci-lint)
endif
endif

.PHONY: gosec
gosec:
ifeq (, $(GOSEC))
ifeq (, $(shell which gosec))
@{ \
set -e ;\
go install github.com/securego/gosec/v2/cmd/gosec@latest ;\
}
override GOSEC=$(GOBIN)/gosec
else
override GOSEC=$(shell which gosec)
endif
endif

.PHONY: govulncheck
govulncheck:
ifeq (, $(GOVULNCHECK))
ifeq (, $(shell which govulncheck))
@{ \
set -e ;\
go install golang.org/x/vuln/cmd/govulncheck@latest ;\
}
override GOVULNCHECK=$(GOBIN)/govulncheck
else
override LINT=$(shell which golangci-lint)
override GOVULNCHECK=$(shell which govulncheck)
endif
endif

.PHONY: verify
verify: golangci-lint
$(LINT) run
verify: golangci-lint gosec govulncheck
$(GOLINT) run
$(GOSEC) ./...
$(GOVULNCHECK) ./...

.PHONY: test
test:
go test -race --coverprofile=coverage.coverprofile --covermode=atomic -v ./...
go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...

0 comments on commit b7f5b09

Please sign in to comment.