From 05dfbee5ed8a24e50edaddfca02a2b5958c38194 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 20 Dec 2023 15:04:26 +0800 Subject: [PATCH 1/3] feat: self-host coverage badge --- .github/workflows/build.yaml | 2 +- .github/workflows/codeql-analysis.yaml | 3 +-- .github/workflows/coverage.yaml | 26 ++++++++++----------- .github/workflows/dependabot-automerge.yaml | 3 +-- .github/workflows/dependency-review.yaml | 5 ++-- .github/workflows/lint.yaml | 9 +++++-- .github/workflows/ossf-analysis.yaml | 3 ++- .github/workflows/release.yaml | 2 +- .github/workflows/test.yaml | 5 ++-- README.md | 2 +- 10 files changed, 33 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 0eed421..0151802 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,7 +3,7 @@ on: pull_request: branches: - main -permissions: read-all +permissions: {} jobs: build-snapshot: permissions: diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index b6a528c..2d60b35 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -6,8 +6,7 @@ on: pull_request: branches: - main -permissions: - contents: read +permissions: {} jobs: analyze: permissions: diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 5e9560f..962d161 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -3,27 +3,27 @@ on: push: branches: - main -permissions: - contents: read +permissions: {} jobs: coverage: + permissions: + contents: write runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Configure git - run: | - git config --global user.name "$GITHUB_ACTOR" - git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: go-version: stable - name: Calculate coverage run: | - go test -v -covermode=count -coverprofile=coverage.out.raw -coverpkg=./... ./... - grep -v mock_ coverage.out.raw > coverage.out - - name: Convert coverage to lcov - uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5 # v1.0.9 - - name: Upload coverage to Coveralls - uses: coverallsapp/github-action@3dfc5567390f6fa9267c0ee9c251e4c8c3f18949 # v2.2.3 + go test -v -covermode=count -coverprofile=cover.out.raw -coverpkg=./... ./... + # remove mocks from coverage calculation + grep -v mock_ cover.out.raw > cover.out + - name: Generage coverage badge + uses: vladopajic/go-test-coverage@v2 with: - github-token: ${{ secrets.github_token }} + profile: cover.out + local-prefix: github.com/smlx/go-cli-github + git-token: ${{ secrets.GITHUB_TOKEN }} + # orphan branch for storing badges + git-branch: badges diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml index b788f00..0636a36 100644 --- a/.github/workflows/dependabot-automerge.yaml +++ b/.github/workflows/dependabot-automerge.yaml @@ -4,8 +4,7 @@ on: pull_request: branches: - main -permissions: - contents: read +permissions: {} jobs: dependabot-automerge: permissions: diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml index f8309cf..1d3d823 100644 --- a/.github/workflows/dependency-review.yaml +++ b/.github/workflows/dependency-review.yaml @@ -3,10 +3,11 @@ on: pull_request: branches: - main -permissions: - contents: read +permissions: {} jobs: dependency-review: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index c96255a..c13568a 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -3,10 +3,11 @@ on: pull_request: branches: - main -permissions: - contents: read +permissions: {} jobs: lint-go: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -17,6 +18,8 @@ jobs: with: args: --timeout=180s lint-commits: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -24,6 +27,8 @@ jobs: fetch-depth: 0 - uses: wagoid/commitlint-github-action@0d749a1a91d4770e983a7b8f83d4a3f0e7e0874e # v5.4.4 lint-actions: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/ossf-analysis.yaml b/.github/workflows/ossf-analysis.yaml index e82a87b..5d8bb04 100644 --- a/.github/workflows/ossf-analysis.yaml +++ b/.github/workflows/ossf-analysis.yaml @@ -3,11 +3,12 @@ on: push: branches: - main -permissions: read-all +permissions: {} jobs: ossf-scorecard-analysis: runs-on: ubuntu-latest permissions: + contents: read # Needed if using Code scanning alerts security-events: write # Needed for GitHub OIDC token if publish_results is true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 4a90f95..535158b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -3,7 +3,7 @@ on: push: branches: - main -permissions: read-all +permissions: {} jobs: release-tag: permissions: diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7b16ef0..9b29efb 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -3,10 +3,11 @@ on: pull_request: branches: - main -permissions: - contents: read +permissions: {} jobs: test-go: + permissions: + contents: read runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/README.md b/README.md index b1383bb..2270ecd 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Release](https://github.com/smlx/go-cli-github/actions/workflows/release.yaml/badge.svg)](https://github.com/smlx/go-cli-github/actions/workflows/release.yaml) [![Go Reference](https://pkg.go.dev/badge/github.com/smlx/go-cli-github.svg)](https://pkg.go.dev/github.com/smlx/go-cli-github) -[![Coverage](https://coveralls.io/repos/github/smlx/go-cli-github/badge.svg?branch=main)](https://coveralls.io/github/smlx/go-cli-github?branch=main) +![coverage](https://raw.githubusercontent.com/smlx/go-cli-github/badges/.badges/main/coverage.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/smlx/go-cli-github)](https://goreportcard.com/report/github.com/smlx/go-cli-github) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/smlx/go-cli-github/badge)](https://securityscorecards.dev/viewer/?uri=github.com/smlx/go-cli-github) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8168/badge)](https://www.bestpractices.dev/projects/8168) From 2df5acbee014408e4b04d6998af1b6d693c9cf2f Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 20 Dec 2023 15:10:09 +0800 Subject: [PATCH 2/3] chore: add badges instructions to the README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2270ecd..bc48015 100644 --- a/README.md +++ b/README.md @@ -52,9 +52,21 @@ Then push some code to main: git push -u origin main ``` +1. Create the `badges` branch for storing the README coverage badge. + + ```bash + git checkout --orphan badges + git rm -rf . + rm -f .gitignore + echo 'This branch exists only to contains the coverage badge in the README on `main`.' > README.md + git add README.md + git commit -m 'chore: initialize the badges branch' + git push origin badges + ``` + Then customize the code for your repository: -1. Check out a new branch to set up the repo `git checkout -b setup` +1. Check out a new branch to set up the repo `git checkout -b setup main` 1. Update the code for your project: From 5198a49da88214cd72135f9a73321958e18c4bf6 Mon Sep 17 00:00:00 2001 From: Scott Leggett Date: Wed, 20 Dec 2023 15:18:33 +0800 Subject: [PATCH 3/3] fix: except license for coverage action --- .github/dependency-review-config.yaml | 7 ++++++- .github/workflows/coverage.yaml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/dependency-review-config.yaml b/.github/dependency-review-config.yaml index 3705f78..df8f653 100644 --- a/.github/dependency-review-config.yaml +++ b/.github/dependency-review-config.yaml @@ -1,5 +1,5 @@ # https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md -allow_licenses: +allow-licenses: - 'Apache-2.0' - 'BSD-2-Clause' - 'BSD-2-Clause-FreeBSD' @@ -10,3 +10,8 @@ allow_licenses: - 'Python-2.0' - 'X11' - 'Zlib' + +# this action is GPL-3 but it is only used in CI +# https://github.com/actions/dependency-review-action/issues/530#issuecomment-1638291806 +allow-dependencies-licenses: > + pkg:githubactions/vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787 diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 962d161..0c28048 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -20,7 +20,7 @@ jobs: # remove mocks from coverage calculation grep -v mock_ cover.out.raw > cover.out - name: Generage coverage badge - uses: vladopajic/go-test-coverage@v2 + uses: vladopajic/go-test-coverage@bcd064e5ceef1ccec5441519eb054263b6a44787 # v2.8.2 with: profile: cover.out local-prefix: github.com/smlx/go-cli-github