From 5d1209685eb3945623f616b44b512e1715700f96 Mon Sep 17 00:00:00 2001 From: Nathan Oyler Date: Wed, 6 Dec 2023 01:54:38 -0700 Subject: [PATCH] Makefile.maker.yaml config --- .github/renovate.json | 48 +++++++++++++ .github/workflows/ci.yaml | 87 +++++++++++++----------- .github/workflows/codeql.yaml | 22 ++++-- .github/workflows/dependency-review.yaml | 24 +++++++ .github/workflows/license.yaml | 40 ++++++----- Makefile.maker.yaml | 15 ++++ renovate.json | 5 -- 7 files changed, 173 insertions(+), 68 deletions(-) create mode 100644 .github/renovate.json create mode 100644 .github/workflows/dependency-review.yaml delete mode 100644 renovate.json diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 00000000..902ee0ec --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,48 @@ +{ + "extends": [ + "config:base", + "default:pinDigestsDisabled", + "github>whitesource/merge-confidence:beta", + "docker:disable" + ], + "assignees": [ + "notque" + ], + "commitMessageAction": "Renovate: Update", + "constraints": { + "go": "1.21" + }, + "postUpdateOptions": [ + "gomodTidy", + "gomodUpdateImportPaths" + ], + "packageRules": [ + { + "matchPackageNames": [ + "golang" + ], + "allowedVersions": "1.21.x" + }, + { + "matchPackagePatterns": [ + "^github\\.com\\/sapcc\\/.*" + ], + "automerge": true, + "groupName": "github.com/sapcc" + }, + { + "excludePackagePatterns": [ + "^github\\.com\\/sapcc\\/.*" + ], + "matchPackagePatterns": [ + ".*" + ], + "groupName": "External dependencies" + } + ], + "prHourlyLimit": 0, + "schedule": [ + "before 8am on Friday" + ], + "semanticCommits": "disabled" +} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 924806e8..dd7a2fa8 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,60 +1,69 @@ +################################################################################ +# This file is AUTOGENERATED with # +# Edit Makefile.maker.yaml instead. # +################################################################################ + name: CI "on": - pull_request: + push: branches: - - '*' + - master paths-ignore: - - '**.md' - push: + - '**.md' + pull_request: branches: - - master + - '*' paths-ignore: - - '**.md' + - '**.md' +permissions: + contents: read jobs: build: name: Build needs: - - lint + - lint runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: "1.21" - - name: Make all check - run: make build-all check + - name: Check out code + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" + - name: Make build + run: make build-all lint: name: Lint runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: "1.21" - - name: Run gofmt, go vet, staticcheck - run: make static-check + - name: Check out code + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: latest test: name: Test needs: - - build + - build runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: "1.21" - - name: Run tests and generate coverage report - run: make build/cover.out - - name: Upload coverage report to Coveralls - env: - COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_BRANCH: ${{ github.head_ref }} - run: | - go install github.com/mattn/goveralls@latest - goveralls -service=github -coverprofile=build/cover.out + - name: Check out code + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" + - name: Run tests and generate coverage report + run: make build/cover.out + - name: Upload coverage report to Coveralls + env: + COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GIT_BRANCH: ${{ github.head_ref }} + run: | + go install github.com/mattn/goveralls@latest + goveralls -service=github -coverprofile=build/cover.out diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 1d8d9b1f..b8717ad7 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -1,28 +1,38 @@ +################################################################################ +# This file is AUTOGENERATED with # +# Edit Makefile.maker.yaml instead. # +################################################################################ + name: CodeQL "on": push: branches: - master - paths-ignore: - - '**.md' pull_request: branches: - master - paths-ignore: - - '**.md' schedule: - cron: '00 07 * * 1' +permissions: + actions: read + contents: read + security-events: write jobs: analyze: name: Analyze runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: go - queries: security-and-quality + - name: Autobuild + uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml new file mode 100644 index 00000000..ed5e6be6 --- /dev/null +++ b/.github/workflows/dependency-review.yaml @@ -0,0 +1,24 @@ +################################################################################ +# This file is AUTOGENERATED with # +# Edit Makefile.maker.yaml instead. # +################################################################################ + +name: Dependency Review +"on": + pull_request: + branches: + - '*' +permissions: + contents: read +jobs: + review: + name: Review + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + - name: Dependency Review + uses: actions/dependency-review-action@v3 + with: + deny-licenses: AGPL-1.0, AGPL-3.0, GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0 + fail-on-severity: high diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml index 53bd7b0e..7548558b 100644 --- a/.github/workflows/license.yaml +++ b/.github/workflows/license.yaml @@ -1,27 +1,31 @@ +################################################################################ +# This file is AUTOGENERATED with # +# Edit Makefile.maker.yaml instead. # +################################################################################ + name: License "on": - pull_request: - branches: - - '*' - paths-ignore: - - '**.md' push: branches: - - master - paths-ignore: - - '**.md' + - master + pull_request: + branches: + - '*' +permissions: + contents: read jobs: addlicense: name: Check runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: "1.17" - - name: Check if source code files have license header - run: | - go install github.com/google/addlicense@latest - find * \( -name vendor -type d -prune \) -o \( -name \*.go -exec addlicense --check -- {} + \) + - name: Check out code + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: "1.21" + - name: Check if source code files have license header + run: | + shopt -s globstar + go install github.com/google/addlicense@latest + addlicense --check -ignore "vendor/**" -- **/*.go diff --git a/Makefile.maker.yaml b/Makefile.maker.yaml index 6cb81a83..fe9ba652 100644 --- a/Makefile.maker.yaml +++ b/Makefile.maker.yaml @@ -13,3 +13,18 @@ dockerfile: golangciLint: createConfig: true + +githubWorkflow: + ci: + enabled: true + coveralls: true + ignorePaths: + - "**.md" # all Markdown files + license: + enabled: true + securityChecks: + enabled: true +renovate: + enabled: true + assignees: + - notque \ No newline at end of file diff --git a/renovate.json b/renovate.json deleted file mode 100644 index f45d8f11..00000000 --- a/renovate.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "extends": [ - "config:base" - ] -}