Skip to content

Commit

Permalink
Merge branch 'nephio-project:main' into pv-pipeline-readiness-gates
Browse files Browse the repository at this point in the history
  • Loading branch information
JamesMcDermott authored Dec 18, 2024
2 parents 60cb107 + 9b4e226 commit d854e74
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 5 deletions.
57 changes: 57 additions & 0 deletions .github/workflows/gosec-scan.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
# Copyright 2024 The Nephio Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: Gosec security scan

on:
push:
paths-ignore:
- "docs/**"
- "release/**"
- ".prow.yaml"
- "OWNERS"
pull_request:
paths-ignore:
- "docs/**"
- "release/**"
- ".prow.yaml"
- "OWNERS"

jobs:
tests:
name: Porch gosec scan
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
env:
GO111MODULE: on
steps:
- name: Checkout Porch
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '>=1.22.2'
- name: Run Gosec Security Scanner
uses: securego/[email protected]
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -exclude-dir=generated -exclude-dir=test -exclude-generated=true -fmt=sarif -out=results.sarif ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
token: ${{ secrets.GITHUB_TOKEN }}
6 changes: 5 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,9 @@ __debug*
# Ignore all local history of files
**/.history

# gosec artifacts
*results.html

### Jetbrains IDEs ###
.idea/*
.idea/*

9 changes: 5 additions & 4 deletions default-gosec.mk
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2023 The Nephio Authors.
# Copyright 2023-2024 The Nephio Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -12,15 +12,16 @@
# See the License for the specific language governing permissions and
# limitations under the License.

GOSEC_VER ?= 2.19.0
GOSEC_VER ?= 2.21.4
GIT_ROOT_DIR ?= $(dir $(lastword $(MAKEFILE_LIST)))
include $(GIT_ROOT_DIR)/detect-container-runtime.mk

# Install link at https://github.com/securego/gosec#install if not running inside a container
.PHONY: gosec
gosec: ## Inspect the source code for security problems by scanning the Go Abstract Syntax Tree
ifeq ($(CONTAINER_RUNNABLE), 0)
$(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} ./...
$(RUN_CONTAINER_COMMAND) docker.io/securego/gosec:${GOSEC_VER} -fmt=html -out=gosec-results.html \
-stdout -verbose=text -exclude-dir=generated -exclude-dir=test -exclude-generated ./...
else
gosec ./...
gosec -fmt=html -out=gosec-results.html -stdout -verbose=text -exclude-dir=generated -exclude-dir=test -exclude-generated ./...
endif
3 changes: 3 additions & 0 deletions pkg/git/git.go
Original file line number Diff line number Diff line change
Expand Up @@ -508,6 +508,7 @@ func (r *gitRepository) DeletePackageRevision(ctx context.Context, old repositor
if err := r.pushAndCleanup(ctx, refSpecs); err != nil {
return fmt.Errorf("failed to update git references: %v", err)
}

return nil
}

Expand All @@ -524,6 +525,8 @@ func (r *gitRepository) removeDeletionProposedBranchIfExists(ctx context.Context
return err
}
}
delete(r.deletionProposedCache, deletionProposedBranch)

return nil
}

Expand Down

0 comments on commit d854e74

Please sign in to comment.