From f9a9b07be9a38eac59377b598c3cd797ed6e05ef Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 25 Sep 2024 17:26:57 -0700 Subject: [PATCH] Add more linters and fix workflows --- .github/workflows/ci.yml | 60 ++++++++++++++++++------------------ .github/workflows/codeql.yml | 59 +++++++++++++++++------------------ .github/workflows/lint.yml | 39 ++++++++++++++++++----- .golangci.yml | 15 +++++++++ Makefile | 4 +++ 5 files changed, 110 insertions(+), 67 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ab0b4a5..60ecd7a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,12 +23,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Setup Golang Environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: stable @@ -37,7 +37,7 @@ jobs: run: echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT - name: Build binary - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6 + uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 with: version: v2.2.0 # renovate: datasource=github-tags depName=goreleaser/goreleaser args: build --clean ${{ !startsWith(github.ref, 'refs/tags/') && '--snapshot' || '' }} @@ -46,7 +46,7 @@ jobs: GOPATH: ${{ steps.go.outputs.go_path }} - name: Store Artifacts in Cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ${{ github.workspace }}/dist key: test-containers-${{ github.run_id }}-${{ github.run_number }} @@ -60,25 +60,25 @@ jobs: type: [tcp, udp] steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Fetch Cached Artifacts - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 with: path: ${{ github.workspace }}/dist key: test-containers-${{ github.run_id }}-${{ github.run_number }} - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64,ppc64le,s390x if: github.event_name != 'pull_request' - name: Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -87,7 +87,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ghcr.io/nginxinc/kic-test-${{ matrix.type }}-server @@ -99,7 +99,7 @@ jobs: org.opencontainers.image.description=KIC Test ${{ matrix.type }} Server - name: Build Docker image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 id: build-push with: file: ${{ matrix.type }}/Dockerfile @@ -116,7 +116,7 @@ jobs: no-cache: ${{ github.event_name != 'pull_request' }} - name: Run Grype vulnerability scanner - uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4 + uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2 continue-on-error: true id: scan with: @@ -125,7 +125,7 @@ jobs: add-cpes-if-none: true - name: upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: ${{ steps.scan.outputs.sarif }} @@ -134,19 +134,19 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64,ppc64le,s390x if: github.event_name != 'pull_request' - name: Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -155,7 +155,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ghcr.io/nginxinc/kic-test-grpc-server @@ -167,7 +167,7 @@ jobs: org.opencontainers.image.description=KIC Test gRPC Server - name: Build Docker image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 id: build-push with: file: grpc/Dockerfile @@ -183,7 +183,7 @@ jobs: no-cache: ${{ github.event_name != 'pull_request' }} - name: Run Grype vulnerability scanner - uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4 + uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2 continue-on-error: true id: scan with: @@ -192,7 +192,7 @@ jobs: add-cpes-if-none: true - name: upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: ${{ steps.scan.outputs.sarif }} @@ -201,19 +201,19 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup QEMU - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: arm64,ppc64le,s390x if: github.event_name != 'pull_request' - name: Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -222,7 +222,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ghcr.io/nginxinc/kic-test-dos-server @@ -234,7 +234,7 @@ jobs: org.opencontainers.image.description=KIC Test DOS Server - name: Build Docker image - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6 + uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 id: build-push with: file: nap-dos/Dockerfile @@ -250,7 +250,7 @@ jobs: no-cache: ${{ github.event_name != 'pull_request' }} - name: Run Grype vulnerability scanner - uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4 + uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2 continue-on-error: true id: scan with: @@ -259,7 +259,7 @@ jobs: add-cpes-if-none: true - name: upload Anchore scan SARIF report - uses: github/codeql-action/upload-sarif@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: ${{ steps.scan.outputs.sarif }} @@ -269,7 +269,7 @@ jobs: if: github.event_name != 'pull_request' steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Create/Update Draft uses: lucacome/draft-release@5d29432a46bff6c122cd4b07a1fb94e1bb158d34 # v1.1.1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bc0a02c..b5a3b06 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,12 +3,12 @@ name: "CodeQL" on: push: branches: - - "main" + - "main" pull_request: branches: - - "main" + - "main" schedule: - - cron: '20 0 * * 3' + - cron: "20 0 * * 3" jobs: analyze: @@ -34,10 +34,10 @@ jobs: fail-fast: false matrix: include: - - language: go - build-mode: autobuild - - language: python - build-mode: none + - language: go + build-mode: autobuild + - language: python + build-mode: none # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' # Use `c-cpp` to analyze code written in C, C++ or both # Use 'java-kotlin' to analyze code written in Java, Kotlin or both @@ -47,30 +47,29 @@ jobs: # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Golang Environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 - with: - go-version: stable - if: matrix.language == 'go' + - name: Setup Golang Environment + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + with: + go-version: stable + if: matrix.language == 'go' - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3 - with: - languages: ${{ matrix.language }} - build-mode: ${{ matrix.build-mode }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f0f3afee809481da311ca3a6ff1ff51d81dbeb24 # v3 - with: - category: "/language:${{matrix.language}}" + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index dc54158..b6c6778 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,19 +15,19 @@ concurrency: jobs: lint: - name: Lint + name: Go Lint runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Golang Environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: stable - - name: Lint Code - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6 + - name: Lint Go + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: version: v1.60.3 # renovate: datasource=github-tags depName=golangci/golangci-lint @@ -36,7 +36,32 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Lint Actions + uses: reviewdog/action-actionlint@05c9d7bef25a46caf572df3497afa7082fc111df # v1.55.0 with: actionlint_flags: -shellcheck "" + + markdown-lint: + name: Markdown Lint + runs-on: ubuntu-24.04 + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Lint Markdown + uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17.0.0 + with: + config: .markdownlint-cli2.yaml + globs: "**/*.md" + fix: false + + yaml-lint: + name: YAML lint + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Lint YAML + uses: reviewdog/action-yamllint@e09f07780388032a624e9eb44a23fd1bbb4052cc # v1.19.0 diff --git a/.golangci.yml b/.golangci.yml index d22b833..5b442c3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,35 +5,47 @@ linters-settings: ignore-generated-header: true rules: - name: blank-imports + - name: constant-logical-expr - name: context-as-argument - name: context-keys-type + - name: defer - name: dot-imports + - name: duplicated-imports - name: empty-block - name: error-naming - name: error-return - name: error-strings - name: errorf - name: exported + - name: import-shadowing - name: increment-decrement - name: indent-error-flow - name: package-comments - name: range + - name: range-val-address + - name: range-val-in-closure - name: receiver-naming - name: redefines-builtin-id + - name: string-of-int - name: superfluous-else - name: time-naming + - name: unchecked-type-assertion - name: unexported-return + - name: unnecessary-stmt - name: unreachable-code - name: unused-parameter - name: var-declaration - name: var-naming govet: enable-all: true + gocyclo: + min-complexity: 15 linters: enable: - asasalint - asciicheck - bidichk + - containedctx - contextcheck - copyloopvar - dupword @@ -60,11 +72,14 @@ linters: - ineffassign - intrange - makezero + - mirror - misspell - musttag - nilerr + - nilnil - noctx - nolintlint + - paralleltest - perfsprint - prealloc - predeclared diff --git a/Makefile b/Makefile index 1ec9a8c..7f3c936 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,8 @@ +# renovate: datasource=github-tags depName=golangci/golangci-lint +GOLANGCI_LINT_VERSION = v1.60.3 +lint: + go run github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) run --fix build-docker-tcp: docker build -t tcp-server -f tcp/Dockerfile .