Skip to content

Commit

Permalink
Merge branch 'main' into make-defectdojo-tag-duplicates
Browse files Browse the repository at this point in the history
  • Loading branch information
northdpole authored Mar 12, 2024
2 parents 810576c + 014211d commit 98c428d
Show file tree
Hide file tree
Showing 8,017 changed files with 2,500,473 additions and 40,064 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
6 changes: 3 additions & 3 deletions .github/settings.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ repository:
topics: 'SAST, DAST, DevSecOps, Pipelines, Tekton'

# Either `true` to make the repository private, or `false` to make it public.
private: public
private: false

# Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true
Expand All @@ -36,15 +36,15 @@ repository:

# Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging.
allow_squash_merge: true
allow_squash_merge: false

# Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits.
allow_merge_commit: false

# Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging.
allow_rebase_merge: false
allow_rebase_merge: true

# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true
Expand Down
16 changes: 12 additions & 4 deletions .github/workflows/format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,17 @@ jobs:
build:
name: Format
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
steps:
- name: Check out code
uses: actions/checkout@v2
- name: Check out code
uses: actions/checkout@v4

- name: Format
run: ./pleasew fmt-all
- name: Setup Go 1.21.6
uses: actions/setup-go@v4
with:
go-version: 1.21.6

- name: Format
run: make install-lint-tools fmt && test $(git diff -p | wc -l) -eq 0
36 changes: 19 additions & 17 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -1,41 +1,43 @@
---
name: Lint
on:
pull_request:
pull_request_target:
types:
- opened
- synchronize
- reopened
branches:
- main

env:
PLZ_CONFIG_PROFILE: ci
SEGMENT_DOWNLOAD_TIMEOUT_MINS: "2"

permissions:
# Grant the ability to checkout the repository
contents: read

# Allow reviewdog to comment on PRs
# Grant the ability to write comments on a pull request
pull-requests: write

jobs:
build:
lint:
name: Lint
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Cache plz
id: cache-plz
uses: actions/cache@v3
- name: Setup Go 1.21.6
uses: actions/setup-go@v4
with:
path: .plz-cache
key: ${{ runner.os }}-plz
go-version: 1.21.6

- name: Setup reviewdog
run: go install github.com/reviewdog/reviewdog/cmd/reviewdog@latest

- name: Install linters
run: make install-lint-tools

- name: Lint
env:
REVIEWDOG_GITHUB_API_TOKEN: "${{ github.token }}"
GOLANGCI_LINT_CACHE: "${{ github.workspace }}/.golangci-lint-cache"
run: "./pleasew -p -v=2 lint"
REVIEWDOG_GITHUB_API_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
run: make lint
28 changes: 2 additions & 26 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,15 @@ on:
- 'v*'
branches:
- main
# Trigger, but do nothing in PRs so we can check that the workflow is valid.
pull_request:
branches:
- main

env:
PLZ_CONFIG_PROFILE: ci

permissions:
# Grant the ability to checkout the repository
contents: read

jobs:
pre-release:
name: Publish
if: github.event_name != 'pull_request' && github.ref_type == 'tag'
runs-on: ubuntu-latest
permissions:
# Grant the ability to create GitHub Releases.
contents: write
steps:
- name: Check out code
uses: actions/checkout@v2

- name: Create pre-release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./pleasew run //build/releases:pre-release

push-docker-images:
publish-docker-images:
name: Push Docker images
runs-on: ubuntu-latest
if: github.event_name != 'pull_request'
permissions:
# Grant the ability to write to GitHub Packages (push Docker images to
# GitHub Container Registry).
Expand All @@ -56,4 +32,4 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Docker images
run: ./pleasew run //build/releases:publish-images
run: make publish-component-containers
50 changes: 17 additions & 33 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,51 +8,35 @@ on:
branches:
- main

env:
PLZ_CONFIG_PROFILE: ci
SEGMENT_DOWNLOAD_TIMEOUT_MINS: "2"

permissions:
# Grant the ability to checkout the repository
contents: read

jobs:
build:
name: Build
test:
name: Test
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-build
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-test
cancel-in-progress: true
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Cache plz
id: cache-plz
uses: actions/cache@v3
- name: Setup Go 1.21.6
uses: actions/setup-go@v4
with:
path: .plz-cache
key: ${{ runner.os }}-plz
go-version: 1.21.6

- name: Build
env:
# This uses a public read-only PAT tied to VJftw, please don't abuse! :pray:
# See: https://github.com/actions/setup-node/issues/49 for reasons.
GITHUB_TOKEN: ${{ secrets.VJFTW_GITHUB_TOKEN }}
CONSUMER_JIRA_API_TOKEN: ${{secrets.CONSUMER_JIRA_API_TOKEN}}
CONSUMER_JIRA_USER: ${{secrets.CONSUMER_JIRA_USER}}
CONSUMER_JIRA_URL: ${{secrets.CONSUMER_JIRA_URL}}
run: ./pleasew build -p -v 2 //...
- name: Run Go tests
run: make go-tests

test:
name: Test
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-test
cancel-in-progress: true
steps:
- name: Check out code
uses: actions/checkout@v3
- name: Run migration tests
run: make migration-tests

- name: Test
run: ./pleasew test //...
- name: Coveralls
uses: coverallsapp/github-action@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
format: golang
file: tests/output/cover.out
9 changes: 3 additions & 6 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,10 +1,7 @@
/dist/
/vendor/
__pycache__
*.pyc
**/node_modules/
.plz_clean*

# Entries below this point are managed by Please (DO NOT EDIT)
plz-out
.plzconfig.local
bin
.custom_image
tests/output
65 changes: 0 additions & 65 deletions .plzconfig

This file was deleted.

3 changes: 0 additions & 3 deletions .plzconfig.ci

This file was deleted.

57 changes: 30 additions & 27 deletions .reviewdog.yml
Original file line number Diff line number Diff line change
@@ -1,42 +1,45 @@
---
runner:
go/vet:
cmd: go vet $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto/)
format: govet

go/staticcheck:
cmd: |
./pleasew run //third_party/binary/dominikh/go-tools:staticcheck -- $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
errorformat:
- '%E%f:%l:%c: %m'
cmd: staticcheck $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto)
format: staticcheck

go/revive:
cmd: |
./pleasew run //third_party/binary/mgechev/revive:revive -- $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
cmd: revive -exclude ./vendor/... -exclude ./api/proto/... -config revive.toml ./...
errorformat:
- '%E%f:%l:%c: %m'

go/vet:
cmd: |
./pleasew run "//third_party/go:toolchain|go" -- vet $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
- '%f:%l:%c: %m'

go/containedctx:
cmd: go vet -vettool=$(which containedctx) $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto)
errorformat:
- '%E%f:%l:%c: %m'
- '%f:%l:%c: %m'

go/gosec:
cmd: |
./pleasew run //third_party/binary/securego/gosec:gosec -- -fmt golint $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
go/ineffassign:
cmd: ineffassign $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto)
errorformat:
- '%E%f:%l:%c: %m'
- '%f:%l:%c: %m'

go/fmt:
cmd: |
./pleasew run //third_party/go/mvdan.cc/gofumpt:gofumpt -- -d $(./pleasew query alltargets --include go | grep -v "//third_party/" | cut -f3- -d/ | cut -f1 -d: | awk '{ print "./" $0 }' | xargs)
format: diff
level: error
go/errorlint:
cmd: go-errorlint -errorf-multi -errorf -test $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto)
errorformat:
- '%f:%l:%c: %m'

buf_lint:
cmd: ./pleasew run "//third_party/binary/bufbuild/buf:buf|buf" -- lint --path api/
level: error
go/errcheck:
cmd: errcheck -asserts -blank $(go list ./... | grep -v /vendor/ | grep -v github.com/ocurity/dracon/api/proto)
errorformat:
- '%f:%l:%c:%m'

buf_format:
cmd: ./pleasew run "//third_party/binary/bufbuild/buf:buf|buf" -- format --diff --path api/
format: diff
# TODO: figure out how to set errorformat to parse the error output
# actionlint:
# cmd: actionlint
# errorformat:
# -

buf_lint:
cmd: buf lint . --path ./api/
level: error
format: buf
Loading

0 comments on commit 98c428d

Please sign in to comment.