Common workflows (#80)

* setting permissions to read-only * adding golangci-lint to common workflow * adding golintci config file * setting golangci output format * upgrading golangci to v6 * replace go vet, fmt, lint with golangci-lint
dell · Aug 26, 2024 · 3ca1b25 · 3ca1b25
1 parent a844269
commit 3ca1b25
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 19 deletions.
diff --git a/.github/configs/golangci-lint/golangci.yaml b/.github/configs/golangci-lint/golangci.yaml
@@ -0,0 +1,28 @@
+run:
+  timeout: 20m
+  tests: true
+  skip-dirs-use-default: true
+  modules-download-mode: readonly
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+  new: false
+output:
+  formats:
+    - format: colored-line-number
+  print-linter-name: true
+  sort-results: true
+  uniq-by-line: false
+  print-issued-lines: true
+linters:
+  disable-all: true
+  fast: false
+  enable:
+    # A stricter replacement for gofmt.
+    - gofumpt
+    # Inspects source code for security problems.
+    - gosec
+    # Check for correctness of programs.
+    - govet
+    # Drop-in replacement of golint.
+    - revive
diff --git a/.github/workflows/go-static-analysis.yaml b/.github/workflows/go-static-analysis.yaml
@@ -14,38 +14,47 @@ name: Golang Static Analysis
 on:
   workflow_call:
 
+# permissions required for this workflow
+permissions:
+  contents: read
+
 # environment variables common across all jobs
 env:
   WF_ORG: dell
   WF_REPO: common-github-actions
   WF_CONFIGS: .github/configs
+  WF_CONFIGS_BRANCH: main
 
 # Various jobs
 jobs:
 
-  # Check sources files for formatting, linting, and vetting issues.
-  code-check:
-    name: Check Go formatting, linting, vetting
+  # Lints code with golangci-lint (config is in .github/config/golangci-lint/golangci.yaml)
+  # Enabled linters include: lint, vet, fmt, gosec
+  golangci-lint:
+    name: Lint golang code
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout the code
-        uses: actions/checkout@v4
-      - name: Run the formatter, linter, and vetter
-        uses: dell/common-github-actions/go-code-formatter-linter-vetter@main
+      - uses: actions/setup-go@v5
         with:
-          directories: ./...
-
-  # Inspects source code for security problems by scanning the Go AST and SSA code representation.
-  go_security_scan:
-    name: Go security
-    runs-on: ubuntu-latest
-    steps:
+          go-version: "1.22"
+          cache: false
       - name: Checkout the code
         uses: actions/checkout@v4
-      - name: Run Go Security
-        uses: securego/gosec@master
+      - name: Grab golangci-lint config file
+        continue-on-error: true
+        run: |
+          export CONFIG="$WF_ORG/$WF_REPO/$WF_CONFIGS_BRANCH/$WF_CONFIGS/golangci-lint/golangci.yaml"
+          echo "Grabbing config file from: https://raw.githubusercontent.com/$CONFIG"
+          curl -O -f https://raw.githubusercontent.com/$CONFIG
+      - name: Vendor packages
+        run: |
+          go mod vendor
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
         with:
-          args: ./...
+          version: latest
+          skip-cache: true
+          args: --config=golangci.yaml
 
   # Check sources files for malware
   malware_security_scan:
@@ -77,8 +86,9 @@ jobs:
       - name: Grab yamllint config file
         continue-on-error: true
         run: |
-          echo "Grabbing Yaml config file from: https://raw.githubusercontent.com/$WF_ORG/$WF_REPO/main/$WF_CONFIGS/yamllint/yamllint.yaml"
-          curl -O -f https://raw.githubusercontent.com/$WF_ORG/$WF_REPO/main/$WF_CONFIGS/yamllint/yamllint.yaml
+          export CONFIG="$WF_ORG/$WF_REPO/$WF_CONFIGS_BRANCH/$WF_CONFIGS/yamllint/yamllint.yaml"
+          echo "Grabbing Yaml config file from: https://raw.githubusercontent.com/$CONFIG"
+          curl -O -f https://raw.githubusercontent.com/$CONFIG
       - name: Run yamllint
         run: |
           if [ -f yamllint.yaml ]; then