From 02dc5676fb2bb8d77c6d16d8c4db414ddfa8e090 Mon Sep 17 00:00:00 2001 From: maxwellgithinji Date: Wed, 11 Aug 2021 08:36:37 +0300 Subject: [PATCH] chore: add github workflow --- .github/dependabot.yml | 7 +++ .github/workflows/ci.yml | 74 +++++++++++++++++++++++++++ .github/workflows/codeql-analysis.yml | 60 ++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8e8ac86 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + # Update Github actions in workflows + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..d8b47ca --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,74 @@ +name: Test + +on: [push] + +env: + DOCKER_BUILDKIT: 1 # Enable Buildkit and let compose use it to speed up image building + COMPOSE_DOCKER_CLI_BUILD: 1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + IS_RUNNING_TESTS: ${{ secrets.IS_RUNNING_TESTS }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }} + ROOT_COLLECTION_SUFFIX: ${{ secrets.ROOT_COLLECTION_SUFFIX }} + ENVIRONMENT: ${{ secrets.ENVIRONMENT }} + REGISTRY_URL: ${{ secrets.TEST_SCHEMA_REGISTRY_URL }} + +jobs: + lint_and_test: + strategy: + matrix: + go-version: [1.16.x] + os: [ubuntu-latest] + runs-on: ${{ matrix.os }} + timeout-minutes: 80 + steps: + - uses: actions/checkout@v2 + - uses: google-github-actions/setup-gcloud@master + with: + project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT }} + service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + export_default_credentials: true + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + + - name: Install Go dependencies + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.37.1 + go get -u github.com/kisielk/errcheck + go get -u golang.org/x/lint/golint + go get -u honnef.co/go/tools/cmd/staticcheck + go get -u github.com/axw/gocov/gocov + go get -u github.com/securego/gosec/cmd/gosec + go get -u github.com/ory/go-acc + go get -u github.com/client9/misspell/cmd/misspell + go get -u github.com/gordonklaus/ineffassign + go get github.com/fzipp/gocyclo + go get github.com/stretchr/testify/assert@v1.7.0 + go get github.com/ory/go-acc + + - name: Run lint and test + run: | + staticcheck ./... + go fmt $(go list ./... | grep -v /vendor/) + go vet $(go list ./... | grep -v /vendor/) + golint -set_exit_status $(go list ./... | grep -v /vendor/) + errcheck -ignore 'os:.*,' $(go list ./... | grep -v /vendor/) + misspell -error . + gosec -exclude=G304,G101 ./... + go-acc -o coverage.txt --ignore generated,cmd ./... -- -timeout 60m + grep -v "generated.go" coverage.txt | grep -v "main.go" > coverage.out + go tool cover -html=coverage.out -o coverage.html + gocov convert coverage.out > coverage.json + gocov report coverage.json > coverage_report.txt + tail coverage_report.txt + + - name: Install goveralls + env: + GO111MODULE: off + run: go get github.com/mattn/goveralls + - name: Send coverage + env: + COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: goveralls -coverprofile=coverage.out -service=github diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..a6050ef --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,60 @@ +name: "CodeQL" + +env: + ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} +on: + push: + branches: [master, develop] + pull_request: + # The branches below must be a subset of the branches above + branches: [master, develop] + schedule: + - cron: "41 14 * * 5" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["go"] + steps: + - run: git config --global url."https://${user}:${ACCESS_TOKEN}@gitlab.slade360emr.com".insteadOf "https://gitlab.slade360emr.com" + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1