test

.github/actions/build-chisel/action.yml

@@ -0,0 +1,30 @@
+name: "Build chisel"
+description: >
+  Generates the version file and builds chisel from the current project directory.
+
+  The build can be configured via Go environment variables.
+outputs:
+  CHISEL_VERSION:
+    description: "The chisel version"
+    value: ${{ steps.build.outputs.chisel-version }}
+runs:
+  using: "composite"
+  steps:
+    - id: build
+      shell: bash
+      run: |
+        echo "Generating version file"
+        go generate ./cmd/
+
+        echo "Building for $GOOS $GOARCH"
+        go build -trimpath -ldflags='-s -w' ./cmd/chisel
+
+        # Get version via "chisel version" to ensure it matches that exactly
+        CHISEL_VERSION=$(GOOS=linux GOARCH=amd64 go run ./cmd/chisel version)
+        echo "Version: $CHISEL_VERSION"
+
+        # Version should not be "unknown"
+        [ "$CHISEL_VERSION" != "unknown" ] || exit 1
+
+        # Share variables with subsequent steps
+        echo "chisel-version=${CHISEL_VERSION}" >>$GITHUB_OUTPUT

.github/workflows/build.yml

@@ -51,28 +51,13 @@ jobs:
         with:
           go-version-file: 'go.mod'
 
-      - name: Build Chisel for linux/${{ matrix.arch }}
+      - uses: ./.github/actions/build-chisel/
+        name: Build Chisel for linux/${{ matrix.arch }}
         id: build
         env:
           GOOS: "linux"
           GOARCH: ${{ matrix.arch }}
           CGO_ENABLED: "0"
-        run: |
-          echo "Generating version file"
-          go generate ./cmd/
-
-          echo "Building for $GOOS $GOARCH"
-          go build -trimpath -ldflags='-s -w' ./cmd/chisel
-
-          # Get version via "chisel version" to ensure it matches that exactly
-          CHISEL_VERSION=$(GOOS=linux GOARCH=amd64 go run ./cmd/chisel version)
-          echo "Version: $CHISEL_VERSION"
-
-          # Version should not be "unknown"
-          [ "$CHISEL_VERSION" != "unknown" ] || exit 1
-
-          # Share variables with subsequent steps
-          echo "CHISEL_VERSION=${CHISEL_VERSION}" >>$GITHUB_OUTPUT
 
       - name: Test if is executable
         run: test -x ./chisel

.github/workflows/tests.yaml

@@ -1,6 +1,23 @@
 name: Tests
 
 on:
+  workflow_call:
+    inputs:
+      repository:
+        description: 'Repository name (with owner) to clone'
+        required: true
+        type: string
+      ref:
+        description: 'The branch, tag or SHA to checkout'
+        required: true
+        type: string
+    outputs:
+      test-coverage-file:
+        description: 'The name of the coverage report file'
+        value: ${{ jobs.unit-tests.outputs.test-coverage-file }}
+      test-coverage-artifact:
+        description: 'The name used to upload the coverage file as a GH artifact'
+        value: ${{ jobs.unit-tests.outputs.test-coverage-artifact }}
   workflow_dispatch:
   push:
     paths-ignore:
@@ -14,9 +31,16 @@ jobs:
     name: Unit Tests
     env:
       TEST_COVERAGE_FILE: test-coverage.out
+      TEST_COVERAGE_ARTIFACT: chisel-test-coverage
       TEST_COVERAGE_HTML_FILE: test-coverage.html
+    outputs:
+      test-coverage-file: ${{ env.TEST_COVERAGE_FILE }}
+      test-coverage-artifact: ${{ env.TEST_COVERAGE_ARTIFACT }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_call' && inputs.ref || '' }}
+          repository: ${{ github.event_name == 'workflow_call' && inputs.repository || '' }}
 
       - uses: actions/setup-go@v3
         with:
@@ -36,10 +60,10 @@ jobs:
               -o=${TEST_COVERAGE_HTML_FILE}
           fi
 
-      - name: Upload HTML test coverage
-        uses: actions/upload-artifact@v3
+      - name: Upload test coverage
+        uses: actions/upload-artifact@v4
         if: always()
         continue-on-error: true
         with:
-          name: chisel-test-coverage.html
-          path: ./*.html
+          name: ${{ env.TEST_COVERAGE_ARTIFACT }}
+          path: ./test-coverage*

.github/workflows/tics.yml

@@ -0,0 +1,124 @@
+name: TiCS
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+  # Running on pull_request_target instead of pull_request because this workflow
+  # uses secrets, and thus we need to ensure it runs under this project's code base.
+  pull_request_target:
+    branches: [main]
+  schedule:
+    - cron: '0 10 * * *'
+
+jobs:
+  set-project:
+    # This is needed because pull_request_target events will run workflows in 
+    # the context of the base repository (the repository receiving the pull request).
+    # 
+    # This means that, for such events, we need to explicitly tell the job to
+    # "action/checkout" the forked repository/ref (aka source of the PR).
+    name: Set project environment
+    runs-on: ubuntu-latest
+    outputs:
+      ref: ${{ steps.get-ref.outputs.ref }}
+      repo: ${{ steps.get-repo.outputs.repo }}
+    steps:
+      - id: get-ref
+        run: echo "ref=${{ github.event_name == 'pull_request_target' && github.head_ref || '' }}" >> $GITHUB_OUTPUT
+
+      - id: get-repo
+        run: echo "repo=${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name || '' }}" >> $GITHUB_OUTPUT
+
+  # This is safe because the reusable workflow does not require secrets and this
+  # call is not setting secret inheritance (i.e. "secrets: inherit")
+  call-unit-tests:
+    uses: ./.github/workflows/tests.yaml
+    needs: [set-project]
+    with:
+      ref: ${{ needs.set-project.outputs.ref }}
+      repository: ${{ needs.set-project.outputs.repo }}
+
+  tics-static-code-analysis:
+    runs-on: ubuntu-24.04
+    name: TiCS Static Code Analysis
+    needs: [set-project, call-unit-tests]
+    permissions:
+      pull-requests: write
+    env:
+      TICS_FILELIST: tics-filelist
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.set-project.outputs.ref }}
+          repository: ${{ needs.set-project.outputs.repo }}
+
+      - name: Check changed paths in PR
+        id: changed-paths
+        if: github.event_name == 'pull_request_target'
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            any:
+              - "**/*"
+          list-files: csv
+
+      - name: Compile filelist for TiCS
+        id: get-pr-filelist
+        run: |
+          if [[ "${{ github.event_name }}" == "pull_request_target" ]]
+          then
+              echo "${{ steps.changed-paths.outputs.any_files }}" | tr "," "\n" > ${TICS_FILELIST}
+          else
+              echo "." > ${TICS_FILELIST}
+          fi
+
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: 'go.mod'
+
+      - uses: actions/download-artifact@v4
+
+      # This is safe because actions do not have access to secrets unless these
+      # are passed via inputs or environment variables.
+      # Ref: https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets
+      - uses: ./.github/actions/build-chisel/
+        name: Build Chisel (TiCS analysis precondition)
+        env:
+          CGO_ENABLED: "0"
+
+      - name: Prepare cobertura XML results
+        env:
+          TICS_COVERAGE_FOLDER: ".coverage"
+        run: |
+          set -x
+          mkdir -p ${TICS_COVERAGE_FOLDER}
+          go install github.com/boumenot/gocover-cobertura@latest
+          gocover-cobertura \
+            < ${{ needs.call-unit-tests.outputs.test-coverage-artifact }}/${{ needs.call-unit-tests.outputs.test-coverage-file }} \
+            > ${TICS_COVERAGE_FOLDER}/coverage.xml
+
+      - run: go install honnef.co/go/tools/cmd/staticcheck@latest
+
+      - name: Run TiCS analysis
+        uses: tiobe/tics-github-action@v3
+        with:
+          mode: ${{ github.event_name == 'pull_request_target' && 'client' || 'qserver' }}
+          codetype: ${{ github.event_name == 'pull_request_target' && 'TESTCODE' || 'PRODUCTION' }}
+          project: chisel
+          branchdir: .
+          filelist: ${{ env.TICS_FILELIST }}
+          viewerUrl: 'https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default'
+          displayUrl: 'https://canonical.tiobe.com/tiobeweb/TICS'
+          ticsAuthToken: ${{ secrets.TICSAUTHTOKEN }}
+          installTics: true
+
+      - id: get-summary
+        run: |
+          cat $GITHUB_STEP_SUMMARY | tee summary
+          echo "summary=summary" >> $GITHUB_OUTPUT
+
+      - name: Post messages to PR
+        uses: mshick/add-pr-comment@v2
+        with:
+          message-path: ${{ steps.get-summary.outputs.summary }}

internal/jsonwall/jsonwall.go

@@ -40,6 +40,7 @@
 //	}
 package jsonwall
 
+//something
 import (
 	"bytes"
 	"encoding/json"

internal/jsonwall/jsonwall_test.go

@@ -15,6 +15,7 @@ type DataType struct {
 	D string `json:"d,omitempty"`
 }
 
+// something
 type dataTypeGet struct {
 	get      any
 	result   any