-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into add-sarif-reporter
- Loading branch information
Showing
66 changed files
with
978 additions
and
317 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # recommended by https://github.com/golangci/golangci-lint-action | ||
| # this will force line ending to be lf on windows | ||
| *.go text eol=lf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| name: golangci-lint | ||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - main | ||
| pull_request: | ||
|
|
||
| permissions: | ||
| contents: read | ||
| # Optional: allow read access to pull request. Use with `only-new-issues` option. | ||
| pull-requests: read | ||
|
|
||
| jobs: | ||
| golangci: | ||
| strategy: | ||
| matrix: | ||
| go: ['1.21'] | ||
| os: [ubuntu-latest, macos-latest, windows-latest] | ||
| permissions: | ||
| # Optional: Allow write access to checks to allow the action to annotate code in the PR. | ||
| checks: write | ||
|
|
||
| name: lint | ||
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | ||
| - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | ||
| with: | ||
| go-version: ${{ matrix.go }} | ||
| cache: false | ||
| - name: golangci-lint | ||
| uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4.0.1 | ||
| with: | ||
| # Require: The version of golangci-lint to use. | ||
| # When `install-mode` is `binary` (default) the value can be v1.2 or v1.2.3 or `latest` to use the latest version. | ||
| # When `install-mode` is `goinstall` the value can be v1.2.3, `latest`, or the hash of a commit. | ||
| version: v1.57.2 | ||
|
|
||
| # Optional: working directory, useful for monorepos | ||
| # working-directory: somedir | ||
|
|
||
| # Optional: golangci-lint command line arguments. | ||
| # | ||
| # Note: by default the `.golangci.yml` file should be at the root of the repository. | ||
| # The location of the configuration file can be changed by using `--config=` | ||
| args: --timeout=10m | ||
|
|
||
| # Optional: show only new issues if it's a pull request. The default value is `false`. | ||
| # only-new-issues: true | ||
|
|
||
| # Optional:The mode to install golangci-lint. It can be 'binary' or 'goinstall'. | ||
| # install-mode: "goinstall" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| name: Go Report Card | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| pull_request: | ||
|
|
||
| permissions: # added using https://github.com/step-security/secure-repo | ||
| contents: read | ||
|
|
||
| jobs: | ||
| goreportcard: | ||
| strategy: | ||
| matrix: | ||
| go: ['stable'] | ||
| os: [ubuntu-latest] | ||
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: Setup Go ${{ matrix.go }} | ||
| uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | ||
| with: | ||
| go-version: ${{ matrix.go }} | ||
| cache: false | ||
| - name: Checkout gojp/goreportcard repo | ||
| uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | ||
| with: | ||
| repository: gojp/goreportcard | ||
| path: goreportcard | ||
| - name: Install goreportcard-cli | ||
| # goreportcard-cli requires the following linters: | ||
| # 1. gometalinter | ||
| # 2. golint | ||
| # 3. gocyclo | ||
| # 4. ineffassign | ||
| # 5. misspell | ||
| # among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it. | ||
| # Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301 | ||
| run: | | ||
| cd goreportcard | ||
| # Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell | ||
| # Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface | ||
| make install | ||
| # Install goreportcard-cli binary | ||
| go install ./cmd/goreportcard-cli | ||
| - name: Checkout Boeing/config-file-validator repo | ||
| uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | ||
| - name: Run goreportcard | ||
| run: | | ||
| # Failure threshold is set to 100% to fail at any errors. Default is 75%. | ||
| goreportcard-cli -t 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # This workflow uses actions that are not certified by GitHub. They are provided | ||
| # by a third-party and are governed by separate terms of service, privacy | ||
| # policy, and support documentation. | ||
|
|
||
| name: Scorecard supply-chain security | ||
| on: | ||
| # For Branch-Protection check. Only the default branch is supported. See | ||
| # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection | ||
| branch_protection_rule: | ||
| # To guarantee Maintained check is occasionally updated. See | ||
| # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained | ||
| schedule: | ||
| - cron: '43 11 * * 5' | ||
| push: | ||
| branches: [ "main" ] | ||
| pull_request: | ||
|
|
||
| # Declare default permissions as read only. | ||
| permissions: read-all | ||
|
|
||
| jobs: | ||
| analysis: | ||
| name: Scorecard analysis | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| # Needed to upload the results to code-scanning dashboard. | ||
| security-events: write | ||
| # Needed to publish results and get a badge (see publish_results below). | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0 | ||
| with: | ||
| egress-policy: audit | ||
|
|
||
| - name: "Checkout code" | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| persist-credentials: false | ||
|
|
||
| - name: "Run analysis" | ||
| uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 | ||
| with: | ||
| results_file: results.sarif | ||
| results_format: sarif | ||
|
|
||
| # Public repositories: | ||
| # - Publish results to OpenSSF REST API for easy access by consumers | ||
| # - Allows the repository to include the Scorecard badge. | ||
| # - See https://github.com/ossf/scorecard-action#publishing-results. | ||
| publish_results: true | ||
|
|
||
| # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF | ||
| # format to the repository Actions tab. | ||
| - name: "Upload artifact" | ||
| uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20 | ||
| with: | ||
| name: SARIF file | ||
| path: results.sarif | ||
| retention-days: 5 | ||
|
|
||
| # Upload the results to GitHub's code scanning dashboard (optional). | ||
| # Commenting out will disable upload of results to your repo's Code Scanning dashboard | ||
| - name: "Upload to code-scanning" | ||
| uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 | ||
| with: | ||
| sarif_file: results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,7 @@ | |
| *.so | ||
| *.dylib | ||
| cmd/validator/validator | ||
| bin/ | ||
|
|
||
| # Test binary, built with `go test -c` | ||
| *.test | ||
|
|
||
Oops, something went wrong.