From 164facb01bcd85f171e35eefdfdbb52ba6af63d5 Mon Sep 17 00:00:00 2001 From: Marius Poke Date: Tue, 5 Dec 2023 13:46:12 +0100 Subject: [PATCH] ci: updating some workflows and preparing for merge queues (#1464) * update codeql analysis * add merge_group to go linter * update golangci_version in Makefile * add diff condition on linter * add paths to gosec.yml * update md link checker * add merge_group to test.yml * add PR linter * add workflow for adding issue labels --- .github/issue_labeler.yml | 2 + .../{codeql.yml => codeql-analysis.yml} | 34 +++++++------- .github/workflows/golangci-lint.yml | 47 +++++++------------ .github/workflows/gosec.yml | 15 ++++-- .github/workflows/issue_labeler.yml | 15 ++++++ .github/workflows/linkchecker.yml | 14 ------ .github/workflows/lint-pr.yml | 47 +++++++++++++++++++ .github/workflows/md-link-checker.yml | 13 +++++ .github/workflows/test.yml | 1 + Makefile | 2 +- 10 files changed, 126 insertions(+), 64 deletions(-) create mode 100644 .github/issue_labeler.yml rename .github/workflows/{codeql.yml => codeql-analysis.yml} (69%) create mode 100644 .github/workflows/issue_labeler.yml delete mode 100644 .github/workflows/linkchecker.yml create mode 100644 .github/workflows/lint-pr.yml create mode 100644 .github/workflows/md-link-checker.yml diff --git a/.github/issue_labeler.yml b/.github/issue_labeler.yml new file mode 100644 index 0000000000..cd0e25488a --- /dev/null +++ b/.github/issue_labeler.yml @@ -0,0 +1,2 @@ +needs-triage: # if no label is set then set triage + - '' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql-analysis.yml similarity index 69% rename from .github/workflows/codeql.yml rename to .github/workflows/codeql-analysis.yml index c6fb56c2a6..6d30a0fee4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,18 +2,15 @@ name: "CodeQL" on: push: - branches: - - main - - feat/* - - paths-ignore: - - "legacy_ibc_testing" + paths: + - "**.go" pull_request: branches: - main + - release/* - feat/* - paths-ignore: - - "legacy_ibc_testing" + paths: + - "**.go" schedule: # ┌───────────── minute (0 - 59) # │ ┌───────────── hour (0 - 23) @@ -27,28 +24,33 @@ on: - cron: "30 1 * * 0" jobs: - CodeQL-Build: - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest + analyze: + name: Analyze runs-on: ubuntu-latest - permissions: - # required for all workflows - security-events: write - - # only required for workflows in private repositories actions: read contents: read + security-events: write steps: - name: Checkout repository uses: actions/checkout@v4 - + - uses: actions/setup-go@v4 + with: + go-version: "1.20" + check-latest: true # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 # Override language selection by uncommenting this and choosing your languages with: languages: go + queries: +security-and-quality,github/codeql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql@main,github/codeql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql@main,github/codeql/go/ql/src/experimental/CWE-369/DivideByZero.ql@main + packs: +crypto-com/cosmos-sdk-codeql + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below). diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 33a2f62c07..5e70c5d2d7 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,47 +1,34 @@ -name: golangci-lint +name: Lint on: push: - tags: - - v* branches: - - master - main + - release/** - feat/* pull_request: + merge_group: permissions: contents: read - # Optional: allow read access to pull request. Use with `only-new-issues` option. - # pull-requests: read jobs: golangci: - name: lint + name: golangci-lint runs-on: ubuntu-latest steps: - uses: actions/setup-go@v4 with: go-version: '1.20' - - uses: actions/checkout@v4 - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + - uses: technote-space/get-diff-action@v6.1.2 + id: git_diff with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v1.54.1 - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. - args: --config=.golangci.yml - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true then the all caching functionality will be complete disabled, - # takes precedence over all other caching options. - # skip-cache: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true + PATTERNS: | + **/*.go + go.mod + go.sum + **/go.mod + **/go.sum + - uses: actions/checkout@v4 + - name: run linting + if: env.GIT_DIFF + run: | + make lint - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true diff --git a/.github/workflows/gosec.yml b/.github/workflows/gosec.yml index d01bfd37f4..3955b92323 100644 --- a/.github/workflows/gosec.yml +++ b/.github/workflows/gosec.yml @@ -1,13 +1,22 @@ -name: gosec +name: Run Gosec on: - push: + pull_request: + paths: + - "**/*.go" + - "go.mod" + - "go.sum" branches: - main - feat/* - pull_request: + push: branches: - main - feat/* + paths: + - "**/*.go" + - "go.mod" + - "go.sum" + jobs: Gosec: runs-on: ubuntu-latest diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml new file mode 100644 index 0000000000..cc3e78fe99 --- /dev/null +++ b/.github/workflows/issue_labeler.yml @@ -0,0 +1,15 @@ +name: "Issue Labeler" +on: + issues: + types: [opened] + +jobs: + triage: + runs-on: ubuntu-latest + steps: + - uses: github/issue-labeler@v3.3 + if: join(github.event.issue.labels) == '' + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" + configuration-path: .github/issue_labeler.yml + enable-versioned-regex: 0 diff --git a/.github/workflows/linkchecker.yml b/.github/workflows/linkchecker.yml deleted file mode 100644 index a1afa643cf..0000000000 --- a/.github/workflows/linkchecker.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: Check Markdown links -on: push -jobs: - markdown-link-check: - runs-on: ubuntu-latest - steps: - # Check out the latest version of the code - - uses: actions/checkout@v4 - - # Checks the status of hyperlinks in *.md files in docs/ - - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 - with: - folder-path: "docs" - file-path: './README.md' \ No newline at end of file diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml new file mode 100644 index 0000000000..18027164fc --- /dev/null +++ b/.github/workflows/lint-pr.yml @@ -0,0 +1,47 @@ +name: "Lint PR" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +permissions: + contents: read + +jobs: + main: + permissions: + pull-requests: read # for amannn/action-semantic-pull-request to analyze PRs + statuses: write # for amannn/action-semantic-pull-request to mark status of analyzed PR + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@v5.4.0 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: marocchino/sticky-pull-request-comment@v2 + # When the previous steps fails, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋🏼 + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@v2 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/md-link-checker.yml b/.github/workflows/md-link-checker.yml new file mode 100644 index 0000000000..981bc1b601 --- /dev/null +++ b/.github/workflows/md-link-checker.yml @@ -0,0 +1,13 @@ +name: Check Markdown links +on: + pull_request: + paths: + - "**.md" + - "!.github/**" + - "!.changelog/**" +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: gaurav-nelson/github-action-markdown-link-check@1.0.15 \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index efd2860398..35d1f05c64 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -2,6 +2,7 @@ name: Test on: workflow_call: pull_request: + merge_group: push: branches: - main diff --git a/Makefile b/Makefile index 33420f4c4e..27719a9942 100644 --- a/Makefile +++ b/Makefile @@ -96,7 +96,7 @@ test-trace: ### Linting ### ############################################################################### -golangci_version=v1.52.2 +golangci_version=v1.54.1 lint: @echo "--> Running linter"