From 8f4020109587375c86d24d0b3304eb998ddc801e Mon Sep 17 00:00:00 2001 From: meghalims Date: Wed, 20 Dec 2023 12:58:06 -0800 Subject: [PATCH 1/3] Lint and security job for Runtime Repo --- .../ci-aqua-security-trivy-tests.yml | 37 +++++++++++++++++++ .github/workflows/ci-golang-lint.yml | 33 +++++++++++++++++ CODEOWNERS | 4 ++ 3 files changed, 74 insertions(+) create mode 100644 .github/workflows/ci-aqua-security-trivy-tests.yml create mode 100644 .github/workflows/ci-golang-lint.yml create mode 100644 CODEOWNERS diff --git a/.github/workflows/ci-aqua-security-trivy-tests.yml b/.github/workflows/ci-aqua-security-trivy-tests.yml new file mode 100644 index 00000000..51dc3950 --- /dev/null +++ b/.github/workflows/ci-aqua-security-trivy-tests.yml @@ -0,0 +1,37 @@ +name: ci-aqua-security-trivy-tests +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + branches: + - main + schedule: + - cron: "0 0 * * *" +permissions: read-all +jobs: + build: + name: trivy-tests + runs-on: ubuntu-20.04 + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + scan-ref: '.' + format: 'sarif' + output: 'trivy-results.sarif' + - name: Install Rust + run: curl https://sh.rustup.rs -sSf | sh -s -- -y + - name: Install sarif-fmt + run: | + cargo install sarif-fmt + - name: Print Trivy scan results + run: sarif-fmt -i trivy-results.sarif diff --git a/.github/workflows/ci-golang-lint.yml b/.github/workflows/ci-golang-lint.yml new file mode 100644 index 00000000..eff80d41 --- /dev/null +++ b/.github/workflows/ci-golang-lint.yml @@ -0,0 +1,33 @@ +name: ci-golang-lint +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review +jobs: + golang-lint: + if: github.event_name == 'pull_request' + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup Go + uses: actions/setup-go@v4 + with: + go-version: '>=1.20.0' + - run: go version + - name: golang-lint + env: + GOGC: 10 + uses: golangci/golangci-lint-action@v3 + with: + version: latest + only-new-issues: true + skip-pkg-cache: true + skip-build-cache: true + args: --timeout=10m diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..bb4199be --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,4 @@ +# CODEOWNERS info: https://help.github.com/en/articles/about-code-owners +# Owners are automatically requested for review for PRs that changes code +# that they own. +* @gohypermode/infrastructure From 4b58dc0138b0648203125b899d8048254553a122 Mon Sep 17 00:00:00 2001 From: meghalims Date: Wed, 20 Dec 2023 13:21:49 -0800 Subject: [PATCH 2/3] Deleted CODEOWNERS which got added by mistake --- CODEOWNERS | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index bb4199be..00000000 --- a/CODEOWNERS +++ /dev/null @@ -1,4 +0,0 @@ -# CODEOWNERS info: https://help.github.com/en/articles/about-code-owners -# Owners are automatically requested for review for PRs that changes code -# that they own. -* @gohypermode/infrastructure From 4264c211bc0fa3e5560b41112457d591c27b4c0a Mon Sep 17 00:00:00 2001 From: meghalims Date: Wed, 20 Dec 2023 13:29:34 -0800 Subject: [PATCH 3/3] adding working dir as hmruntime --- .github/workflows/ci-golang-lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-golang-lint.yml b/.github/workflows/ci-golang-lint.yml index eff80d41..eab646d4 100644 --- a/.github/workflows/ci-golang-lint.yml +++ b/.github/workflows/ci-golang-lint.yml @@ -27,6 +27,7 @@ jobs: uses: golangci/golangci-lint-action@v3 with: version: latest + working-directory: hmruntime only-new-issues: true skip-pkg-cache: true skip-build-cache: true