From f4023b9613bbd9230b2ce621d47a43ccaa03e14c Mon Sep 17 00:00:00 2001 From: Elton-Barasa Date: Mon, 9 Aug 2021 11:51:12 +0300 Subject: [PATCH] chore: add GitHub workflow --- .github/dependabot.yml | 8 +++ .github/workflows/ci.yml | 79 +++++++++++++++++++++++++++ .github/workflows/codeql-analysis.yml | 59 ++++++++++++++++++++ .travis.yml | 62 --------------------- README.md | 2 + 5 files changed, 148 insertions(+), 62 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .travis.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a90d77c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: + # Update Github actions in workflows + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..b6de4fd --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,79 @@ +name: Test + +on: [push] + +env: + DOCKER_BUILDKIT: 1 # Enable Buildkit and let compose use it to speed up image building + COMPOSE_DOCKER_CLI_BUILD: 1 + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + PORT: ${{ secrets.PORT }} + DEBUG: ${{ secrets.DEBUG }} + IS_RUNNING_TESTS: ${{ secrets.IS_RUNNING_TESTS }} + GOOGLE_APPLICATION_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + GOOGLE_CLOUD_PROJECT: ${{ secrets.GOOGLE_CLOUD_PROJECT }} + FIREBASE_WEB_API_KEY: ${{ secrets.FIREBASE_WEB_API_KEY }} + FIREBASE_DYNAMIC_LINKS_DOMAIN: ${{ secrets.FIREBASE_DYNAMIC_LINKS_DOMAIN }} + CLOUDSDK_CORE_DISABLE_PROMPTS: ${{ secrets.CLOUDSDK_CORE_DISABLE_PROMPTS }} + GOOGLE_PROJECT_NUMBER: ${{ secrets.GOOGLE_PROJECT_NUMBER }} + ROOT_COLLECTION_SUFFIX: ${{ secrets.ROOT_COLLECTION_SUFFIX }} + ENVIRONMENT: ${{ secrets.ENVIRONMENT }} + +jobs: + lint_and_test: + strategy: + matrix: + go-version: [1.16.x] + os: [ubuntu-latest] + runs-on: ${{ matrix.os }} + timeout-minutes: 80 + steps: + - uses: actions/checkout@v2 + - uses: google-github-actions/setup-gcloud@master + with: + project_id: ${{ secrets.GOOGLE_CLOUD_PROJECT }} + service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + export_default_credentials: true + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: ${{ matrix.go-version }} + + - name: Install Go dependencies + run: | + curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.37.1 + go get -u github.com/kisielk/errcheck + go get -u golang.org/x/lint/golint + go get -u honnef.co/go/tools/cmd/staticcheck + go get -u github.com/axw/gocov/gocov + go get -u github.com/securego/gosec/cmd/gosec + go get -u github.com/ory/go-acc + go get -u github.com/client9/misspell/cmd/misspell + go get -u github.com/gordonklaus/ineffassign + go get github.com/fzipp/gocyclo + go get github.com/stretchr/testify/assert@v1.7.0 + go get github.com/ory/go-acc + - name: Run lint and test + run: | + staticcheck ./... + go fmt $(go list ./... | grep -v /vendor/) + go vet $(go list ./... | grep -v /vendor/) + golint -set_exit_status $(go list ./... | grep -v /vendor/) + errcheck -ignore 'os:.*,' $(go list ./... | grep -v /vendor/) + misspell -error . + gosec -exclude=G304,G101 ./... + go-acc -o coverage.txt --ignore generated,cmd ./... -- -timeout 60m + grep -v "generated.go" coverage.txt > coverage.out + go tool cover -html=coverage.out -o coverage.html + gocov convert coverage.out > coverage.json + gocov report coverage.json > coverage_report.txt + tail coverage_report.txt + + - name: Install goveralls + env: + GO111MODULE: off + run: go get github.com/mattn/goveralls + - name: Send coverage + env: + COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: goveralls -coverprofile=coverage.out -service=github diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..89aff64 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,59 @@ +name: "CodeQL" + +env: + ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} +on: + push: + branches: [main, develop] + pull_request: + # The branches below must be a subset of the branches above + branches: [main, develop] + schedule: + - cron: "41 14 * * 5" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["go"] + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index d3a8519..0000000 --- a/.travis.yml +++ /dev/null @@ -1,62 +0,0 @@ -dist: bionic - -language: go - -sudo: required -services: - - docker - -# You don't need to test on very old versions of the Go compiler. It's the user's -# responsibility to keep their compiler up to date. -go: - - 1.16.x - -# Only clone the most recent commit. -git: - depth: 1 - -# Skip the install step. Don't `go get` dependencies. Only build with the code -# in vendor/ -install: true - -# Don't email me the results of the test runs. -notifications: - email: false - -# Anything in before_script that returns a nonzero exit code will flunk the -# build and immediately stop. It's sorta like having set -e enabled in bash. -# We can download and extract the golangci-lint binary in one (long) command. -before_script: - - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.37.1 - - go get -u github.com/kisielk/errcheck - - go get -u golang.org/x/lint/golint - - go get -u honnef.co/go/tools/cmd/staticcheck - - go get -u github.com/axw/gocov/gocov - - go get -u github.com/securego/gosec/cmd/gosec - - go get -u github.com/ory/go-acc - - go get -u github.com/client9/misspell/cmd/misspell - - go get -u github.com/gordonklaus/ineffassign - - go get github.com/fzipp/gocyclo - -# script always runs to completion (set +e). If we have linter issues AND a -# failing test, we want to see both. Configure golangci-lint with a -# .golangci.yml file at the top level of your repo. -script: - - staticcheck ./... - - go fmt $(go list ./... | grep -v /vendor/) - - go vet $(go list ./... | grep -v /vendor/) - - golint -set_exit_status $(go list ./... | grep -v /vendor/) - - errcheck -ignore 'os:.*,' $(go list ./... | grep -v /vendor/) - - misspell -error . - - gosec -exclude=G304,G101 ./... - - go-acc -o coverage.txt --ignore generated,cmd,graph ./... - - grep -v "generated.go" coverage.txt | grep -v "_gen.go" | grep -v "mocks.go" > coverage.out - - go tool cover -html=coverage.out -o coverage.html - - gocov convert coverage.out > coverage.json - - gocov report coverage.json > coverage_report.txt - - tail coverage_report.txt - # - ineffassign ./* # identify ineffective assignments - - "gocyclo -over 5 . || :" # display the most complex functions but do not fail the build because of this - -after_success: - - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/README.md b/README.md index 0c62b82..f3fd641 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ [![Build Status](https://travis-ci.com/savannahghi/server_utils.svg?branch=main)](https://travis-ci.com/savannahghi/server_utils) [![Maintained](https://img.shields.io/badge/Maintained-Actively-informational.svg?style=for-the-badge)](https://shields.io/) +![Linting and Tests](https://github.com/savannahghi/serverutils/actions/workflows/ci.yml/badge.svg) +[![Coverage Status](https://coveralls.io/repos/github/savannahghi/serverutils/badge.svg?branch=main)](https://coveralls.io/github/savannahghi/serverutils?branch=main) # Server Utils Library serverutils are utilities used by several backend services. These includes starting up and running the server.