Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI: Add CLA check, Linting and security scanning #31

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/workflows/cla-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: CLA check

on:
pull_request:
branches: [main]

jobs:
cla-check:
runs-on: ubuntu-22.04
steps:
- name: Check if Canonical's Contributor License Agreement has been signed
uses: canonical/has-signed-canonical-cla@v1
29 changes: 29 additions & 0 deletions .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Lint

on:
push:
paths-ignore:
- '**.md'
pull_request:
branches: [main]

jobs:
lint:
name: Lint
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3

- uses: actions/setup-go@v3
with:
go-version-file: 'go.mod'

- name: Ensure no formatting changes
run: |
go fmt ./...
git diff --exit-code

- name: Check bugs and unused code
uses: golangci/golangci-lint-action@v3
with:
version: v1.54.1
20 changes: 20 additions & 0 deletions .github/workflows/security.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: Security

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
scan:
name: Scan for known vulnerabilities
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
55 changes: 55 additions & 0 deletions .golangci.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
linters:
# Disable all linters.
# Default: false
disable-all: true
# Enable specific linter
# https://golangci-lint.run/usage/linters/#enabled-by-default
enable:
- errcheck
- staticcheck
- unused

issues:
exclude-rules:
# exclusions for errcheck
- path: "^.*/log.go$"
text: "globalLogger.Output.*not checked"
linters:
- errcheck
- path: "^.*_test.go$"
text: "release.Render.*not checked"
linters:
- errcheck
- path: "^.*_test.go$"
text: "release.Walk.*not checked"
linters:
- errcheck
- path: "internal/setup/fetch.go"
text: "lockFile.Unlock.*not checked"
linters:
- errcheck
# exclusions for unused
# addDebugCommand is an useful function that may be used later
- path: "cmd/chisel/main.go"
text: "addDebugCommand.*unused"
linters:
- unused
# exclude common (unused) issues from log.go files
- path: "^.*/log.go$"
text: "logf.*unused"
linters:
- unused
- path: "^.*/log.go$"
text: "debugf.*unused"
linters:
- unused
- path: "^.*/log.go$"
text: "globalDebug.*unused"
linters:
- unused
- path: "^.*/log.go$"
text: "globalLogger.*unused"
linters:
- unused
max-issues-per-linter: 0
max-same-issues: 0
6 changes: 2 additions & 4 deletions cmd/chisel/cmd_cut.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import (
"github.com/jessevdk/go-flags"

"fmt"
"io/ioutil"
"os"
"regexp"
"strings"

Expand Down Expand Up @@ -103,8 +103,6 @@ func (cmd *cmdCut) Execute(args []string) error {
Archives: archives,
TargetDir: cmd.RootDir,
})

return printVersions()
}

// TODO These need testing, and maybe moving into a common file.
Expand All @@ -120,7 +118,7 @@ func parseReleaseInfo(release string) (label, version string, err error) {
}

func readReleaseInfo() (label, version string, err error) {
data, err := ioutil.ReadFile("/etc/lsb-release")
data, err := os.ReadFile("/etc/lsb-release")
if err == nil {
const labelPrefix = "DISTRIB_ID="
const versionPrefix = "DISTRIB_RELEASE="
Expand Down
9 changes: 5 additions & 4 deletions cmd/chisel/cmd_help.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,10 @@ func (w *manfixer) Write(buf []byte) (int, error) {

var tpRegexp = regexp.MustCompile(`(?m)(?:^\.TP\n)+`)

func (w *manfixer) flush() {
func (w *manfixer) flush() error {
str := tpRegexp.ReplaceAllLiteralString(w.Buffer.String(), ".TP\n")
io.Copy(Stdout, strings.NewReader(str))
_, err := io.Copy(Stdout, strings.NewReader(str))
return err
}

func (cmd cmdHelp) Execute(args []string) error {
Expand All @@ -114,8 +115,8 @@ func (cmd cmdHelp) Execute(args []string) error {
// subcommand, but --man is hidden so no real need to check.
out := &manfixer{}
cmd.parser.WriteManPage(out)
out.flush()
return nil
err := out.flush()
return err
}
if cmd.All {
if len(cmd.Positional.Subs) > 0 {
Expand Down
3 changes: 1 addition & 2 deletions cmd/chisel/cmd_version.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

package main

import (
Expand All @@ -14,7 +13,7 @@ var longVersionHelp = `
The version command displays the versions of the running client and server.
`

type cmdVersion struct {}
type cmdVersion struct{}

func init() {
addCommand("version", shortVersionHelp, longVersionHelp, func() flags.Commander { return &cmdVersion{} }, nil, nil)
Expand Down
27 changes: 12 additions & 15 deletions cmd/chisel/main.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@

package main

import (
Expand All @@ -11,16 +10,13 @@ import (
"unicode/utf8"

"github.com/jessevdk/go-flags"

"golang.org/x/crypto/ssh/terminal"
"golang.org/x/term"

"github.com/canonical/chisel/internal/archive"
"github.com/canonical/chisel/internal/deb"
"github.com/canonical/chisel/internal/setup"
"github.com/canonical/chisel/internal/slicer"

//"github.com/canonical/chisel/internal/logger"

)

var (
Expand All @@ -29,16 +25,11 @@ var (
Stdout io.Writer = os.Stdout
Stderr io.Writer = os.Stderr
// overridden for testing
ReadPassword = terminal.ReadPassword
ReadPassword = term.ReadPassword
// set to logger.Panicf in testing
//noticef = logger.Noticef
)

// defaultChiselDir is the Chisel directory used if $CHISEL is not set. It is
// created by the daemon ("chisel run") if it doesn't exist, and also used by
// the chisel client.
const defaultChiselDir = "/var/lib/chisel/default"

type options struct {
Version func() `long:"version"`
}
Expand Down Expand Up @@ -164,7 +155,10 @@ func fixupArg(optName string) string {
// from each other.
func Parser() *flags.Parser {
optionsData.Version = func() {
printVersions()
err := printVersions()
if err != nil {
panic(&exitStatus{1})
}
panic(&exitStatus{0})
}
flagopts := flags.Options(flags.PassDoubleDash)
Expand All @@ -178,7 +172,10 @@ func Parser() *flags.Parser {
version.Hidden = true
}
// add --help like what go-flags would do for us, but hidden
addHelp(parser)
err := addHelp(parser)
if err != nil {
debugf("cannot add --help: %v", err)
}

// Add all regular commands
for _, c := range commands {
Expand Down Expand Up @@ -293,8 +290,8 @@ func Parser() *flags.Parser {
}

var (
isStdinTTY = terminal.IsTerminal(0)
isStdoutTTY = terminal.IsTerminal(1)
isStdinTTY = term.IsTerminal(0)
isStdoutTTY = term.IsTerminal(1)
)

func main() {
Expand Down
19 changes: 6 additions & 13 deletions cmd/chisel/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,7 @@ import (
"os"
"testing"

"golang.org/x/crypto/ssh/terminal"

"golang.org/x/term"
. "gopkg.in/check.v1"

"github.com/canonical/chisel/cmd"
Expand All @@ -20,10 +19,10 @@ func Test(t *testing.T) { TestingT(t) }

type BaseChiselSuite struct {
testutil.BaseTest
stdin *bytes.Buffer
stdout *bytes.Buffer
stderr *bytes.Buffer
password string
stdin *bytes.Buffer
stdout *bytes.Buffer
stderr *bytes.Buffer
password string
}

func (s *BaseChiselSuite) readPassword(fd int) ([]byte, error) {
Expand Down Expand Up @@ -51,7 +50,7 @@ func (s *BaseChiselSuite) TearDownTest(c *C) {
chisel.Stdin = os.Stdin
chisel.Stdout = os.Stdout
chisel.Stderr = os.Stderr
chisel.ReadPassword = terminal.ReadPassword
chisel.ReadPassword = term.ReadPassword

s.BaseTest.TearDownTest(c)
}
Expand All @@ -70,12 +69,6 @@ func (s *BaseChiselSuite) ResetStdStreams() {
s.stderr.Reset()
}

func fakeArgs(args ...string) (restore func()) {
old := os.Args
os.Args = args
return func() { os.Args = old }
}

func fakeVersion(v string) (restore func()) {
old := cmd.Version
cmd.Version = v
Expand Down
5 changes: 2 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,13 @@ require (
github.com/klauspost/compress v1.15.4
github.com/ulikunitz/xz v0.5.10
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898
golang.org/x/term v0.12.0
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
gopkg.in/yaml.v3 v3.0.0-20220512140231-539c8e751b99
)

require (
github.com/kr/pretty v0.2.1 // indirect
github.com/kr/text v0.1.0 // indirect
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
golang.org/x/sys v0.12.0 // indirect
)
11 changes: 4 additions & 7 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@ github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM=
go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
Expand All @@ -59,12 +57,11 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
Expand Down
Loading
Loading