Skip to content

Commit

Permalink
Implement Github actions
Browse files Browse the repository at this point in the history
  • Loading branch information
jakeschuurmans committed Jan 24, 2024
1 parent 7636cac commit 9efa847
Show file tree
Hide file tree
Showing 21 changed files with 696 additions and 76 deletions.
5 changes: 5 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
*
.git
!**.go
!go.*
!fleet-scheduler
5 changes: 5 additions & 0 deletions .github/ISSUE_TEMPLATE/default.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Please don't forget to include the following information in your issue:

- What version of Fleet Scheduler exhibits this behavior (if applicable)

- Detailed steps to verify the issue(s)
2 changes: 2 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#### What does this PR do

72 changes: 72 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"

on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '34 3 * * 0'

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v4

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.

# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality


# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
68 changes: 68 additions & 0 deletions .github/workflows/push-pr-lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
name: lint, test and build image
on: [pull_request, push]

jobs:
lint-test:
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: '1.20'
- name: Checkout code
uses: actions/checkout@v4
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
args: --config .golangci.yml --timeout 2m
version: v1.52.2
- name: Test
run: go test ./...
build:
runs-on: ubuntu-latest
needs: [lint-test]
steps:
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: '1.20'

- name: Checkout code
uses: actions/checkout@v4

- name: build binary
run: make build-linux

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build Alloy Docker image - no push
id: dockerbuild-fleet-scheduler
uses: docker/build-push-action@v5
with:
context: .
push: false
tags: ghcr.io/metal-toolbox/fleet-scheduler:latest
file: Dockerfile

- name: Scan image - Alloy
id: scan-Alloy-image
uses: anchore/scan-action@v3
with:
image: ghcr.io/metal-toolbox/fleet-scheduler:latest
acs-report-enable: true
# TODO(joel): Fail build once we migrate off CentOS.
fail-build: false

# TODO(joel): Uncomment once we migrate off CentOS.
# - name: upload Anchore scan SARIF report
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: ${{ steps.scan.outputs.sarif }}
# # This should run even if we fail the container scan
# if: always()

- name: Inspect action SARIF report
run: cat ${{ steps.scan.outputs.sarif }}
# This should run even if we fail the container scan
if: always()
47 changes: 47 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: release

on:
push:
tags:
- 'v*.*.*'

jobs:
goreleaser:
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
packages: write
steps:
-
name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.20"
-
name: install cosign
uses: sigstore/cosign-installer@main
-
uses: anchore/sbom-action/[email protected]
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COSIGN_EXPERIMENTAL: 1
GOVERSION: "1.20"
116 changes: 116 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# golangci.com configuration
# https://github.com/golangci/golangci/wiki/Configuration
service:
golangci-lint-version: 1.50.0 # use the fixed version to not introduce new linters unexpectedly

linters-settings:
govet:
auto-fix: true
check-shadowing: true
settings:
printf:
funcs:
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
revive:
min-confidence: 0
gocyclo:
min-complexity: 15
dupl:
threshold: 100
goconst:
min-len: 2
min-occurrences: 2
depguard:
list-type: blacklist
packages:
# logging is allowed only by logutils.Log, logrus
# is allowed to use only in logutils package
- github.com/sirupsen/logrus
misspell:
locale: US
auto-fix: true
lll:
line-length: 140
goimports:
local-prefixes: github.com/golangci/golangci-lint
gocritic:
enabled-tags:
- performance
- style
- experimental
disabled-checks:
- wrapperFunc
gofumpt:
extra-rules: true
wsl:
auto-fix: true

linters:
enable:
- errcheck
- gosimple
- govet
- gofmt
- gocyclo
- ineffassign
- stylecheck
- misspell
- staticcheck
- unused
- prealloc
- typecheck
# additional linters
- bodyclose
- gocritic
- goerr113
- goimports
- revive
- misspell
- noctx
- stylecheck
- gosec
enable-all: false
disable-all: true

run:
# build-tags:
skip-dirs:
- internal/fixtures
skip-files:
- "(.*/)*.*_test.go"

issues:
exclude-rules:
- linters:
- gosec
text: "weak cryptographic primitive"

- linters:
- stylecheck
text: "ST1016"
exclude:
# Default excludes from `golangci-lint run --help` with EXC0002 removed
# EXC0001 errcheck: Almost all programs ignore errors on these functions and in most cases it's ok
- Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv). is not checked
# EXC0002 golint: Annoying issue about not having a comment. The rare codebase has such comments
# - (comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form)
# EXC0003 golint: False positive when tests are defined in package 'test'
- func name will be used as test\.Test.* by other packages, and that stutters; consider calling this
# EXC0004 govet: Common false positives
- (possible misuse of unsafe.Pointer|should have signature)
# EXC0005 staticcheck: Developers tend to write in C-style with an explicit 'break' in a 'switch', so it's ok to ignore
- ineffective break statement. Did you mean to break out of the outer loop
# EXC0006 gosec: Too many false-positives on 'unsafe' usage
- Use of unsafe calls should be audited
# EXC0007 gosec: Too many false-positives for parametrized shell calls
- Subprocess launch(ed with variable|ing should be audited)
# EXC0008 gosec: Duplicated errcheck checks
- (G104|G307)
# EXC0009 gosec: Too many issues in popular repos
- (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)
# EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)'
- Potential file inclusion via variable
exclude-use-default: false
Loading

0 comments on commit 9efa847

Please sign in to comment.