Skip to content

Commit

Permalink
lint: Move test running into CI.
Browse files Browse the repository at this point in the history
  • Loading branch information
@skyzyx
skyzyx committed Oct 27, 2023
1 parent 480862d commit e5e2328
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 40 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/go-dep-submission.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,14 @@ on:
branches:
- main

# The API requires write permission on the repository to submit dependencies
permissions:
contents: write
contents: read

jobs:
go-action-detection:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
Expand Down
107 changes: 107 additions & 0 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
---
# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Tests
on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

jobs:
examples:
runs-on: ubuntu-latest
name: Examples
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit

- name: Checkout Source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '>= 1.21'
cache: true

- name: Run example tests
run: |
make examples
unit:
runs-on: ubuntu-latest
name: Unit
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit

- name: Checkout Source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '>= 1.21'
cache: true

- name: Run unit tests
run: |
make unit
acc:
runs-on: ubuntu-latest
name: Acceptance (${{ matrix.terraform_version }})

strategy:
fail-fast: false
matrix:
terraform_version:
- '1.1'
- '1.2'
- '1.3'
- '1.4'
- '1.5'
- '1.6'

steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit

- name: Checkout Source
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0

- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '>= 1.21'
cache: true

- name: Install Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ matrix.terraform_version }}
terraform_wrapper: false

- name: Run acceptance tests
run: |
make acc
21 changes: 21 additions & 0 deletions .pre-commit-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,13 @@ repos:
language: system
stages: [commit, push]

- id: actionlint
name: Actionlint
description: Lint GitHub Actions workflows
entry: bash -c 'actionlint'
language: system
stages: [commit, push]

- id: unconvert
name: 'Go: unconvert (current GOOS/GOARCH)'
description: Analyzes Go packages to identify unnecessary type conversions.
Expand All @@ -110,3 +117,17 @@ repos:
entry: bash -c 'smrcptr -skip-std=true --constructor=true ./...'
language: system
stages: [commit, push]

- id: govulncheck
name: 'Go: Vulnerability check'
description: Check for Go security vulnerabilities. (https://go.dev/blog/vuln)
entry: bash -c 'govulncheck -test ./...'
language: system
stages: [commit, push]

- id: osvscanner
name: OSV Scanner
description: Check for security vulnerabilities. (https://osv.dev)
entry: bash -c 'osv-scanner -r .'
language: system
stages: [commit, push]
46 changes: 8 additions & 38 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ current_dir := $(dir $(mkfile_path))
# Global stuff.

GO=$(shell which go)
HOMEBREW_PACKAGES=bash bats-core coreutils findutils git git-lfs go grep jq librsvg nodejs pre-commit [email protected] tfschema trufflesecurity/trufflehog/trufflehog
HOMEBREW_PACKAGES=bash bats-core coreutils findutils git git-lfs go grep jq librsvg nodejs pre-commit [email protected] shellcheck tfschema trufflesecurity/trufflehog/trufflehog

# Determine the operating system and CPU arch.
OS=$(shell uname -o | tr '[:upper:]' '[:lower:]')
Expand Down Expand Up @@ -66,6 +66,7 @@ install-tools-go:
$(GO) install github.com/nikolaydubina/go-cover-treemap@latest
$(GO) install github.com/orlangure/gocovsh@latest
$(GO) install github.com/pelletier/go-toml/v2/cmd/tomljson@latest
$(GO) install github.com/rhysd/actionlint/cmd/actionlint@latest
$(GO) install github.com/securego/gosec/v2/cmd/gosec@latest
$(GO) install github.com/trufflesecurity/driftwood@latest
$(GO) install golang.org/x/perf/cmd/benchstat@latest
Expand Down Expand Up @@ -210,32 +211,6 @@ binsize:
#-------------------------------------------------------------------------------
# Linting

.PHONY: vuln
## vuln: [lint]* Checks for known security vulnerabilities.
vuln:
@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running govulncheck (https://go.dev/blog/vuln)...\033[0m"
govulncheck ./...

@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running govulncheck -test (https://go.dev/blog/vuln)...\033[0m"
govulncheck -test ./...

@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running osv-scanner (https://osv.dev)...\033[0m"
osv-scanner -r .

@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running gosec (https://github.com/securego/gosec)...\033[0m"
gosec -terse -tests ./...

.PHONY: secrets
## secrets: [lint]* Checks for verifiable secrets.
secrets:
@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running TruffleHog...\033[0m"
trufflehog git file://. --json --only-verified --concurrency=$(nproc) 2>/dev/null | jq '.'

.PHONY: pre-commit
## pre-commit: [lint]* Runs `pre-commit` against all files.
pre-commit:
Expand Down Expand Up @@ -265,16 +240,9 @@ license:
@ - licensei header
@ $(ECHO) " "

.PHONY: unconvert
## unconvert: [lint]* Identify unnecessary type conversions. All GOOS/GOARCH matches.
unconvert:
@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running unconvert (all GOOS/GOARCH)...\033[0m"
unconvert -all -fastmath -tests -v ./...

.PHONY: lint
## lint: [lint]* Runs ALL linting/validation tasks.
lint: vuln license unconvert pre-commit
lint: license pre-commit

#-------------------------------------------------------------------------------
# Testing
Expand Down Expand Up @@ -307,7 +275,7 @@ list-tests:

@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Fuzzing tests...\033[0m"
@ cat ./corefunc/*_test.go | ggrep "func Fuzz" | gsed 's/func\s//g' | gsed -r 's/\(.*//g' | gsed -r 's/Fuzz/make fuzz NAME=/g'
@ $(ECHO) "make fuzz"

@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> BATS tests...\033[0m"
Expand Down Expand Up @@ -358,11 +326,13 @@ examples:
gotestsum --format testname -- -run=Example$(NAME) -count=1 -parallel=$(shell nproc) -timeout 30s -coverpkg=./corefunc/... -coverprofile=__coverage.out -v ./corefunc/...

.PHONY: fuzz
## fuzz: [test]* Runs the fuzzer for 10 minutes. Set NAME= (without 'Fuzz') to run a specific test by name
## fuzz: [test]* Runs the fuzzer for 1 minute per test.
fuzz:
@ $(ECHO) " "
@ $(ECHO) "\033[1;33m=====> Running the fuzzer (https://go.dev/doc/tutorial/fuzz)...\033[0m"
$(GO) test -run='^$$' -fuzz=Fuzz$(NAME) -fuzztime 10m -parallel=$(shell nproc) -v ./corefunc/...
$(GO) test -run='^$$' -fuzz=FuzzEnvEnsure -fuzztime 1m -v ./corefunc
$(GO) test -run='^$$' -fuzz=FuzzStrIterativeReplace -fuzztime 1m -v ./corefunc
$(GO) test -run='^$$' -fuzz=FuzzTruncateLabel -fuzztime 1m -v ./corefunc

.PHONY: quickbench
## quickbench: [test]* Runs the benchmarks with minimal data for a quick check
Expand Down

0 comments on commit e5e2328

Please sign in to comment.