add github action for coverage, lint and vulnerability

.github/workflows/docker-build-publish.yaml

@@ -110,7 +110,19 @@ jobs:
           go version
           rm -rf example
           go test -v -race -covermode=atomic -coverprofile=coverage.out ./...
-          go tool cover -html=coverage.out -o coverage.html
+
+      # This action uploads coverage to Codecov.
+      # https://github.com/codecov/codecov-action
+      -
+        name: Upload coverage to Codecov
+        id: go-coverage
+        uses: codecov/codecov-action@v3
+        with:
+          files: ./coverage.out
+          flags: unittests
+          fail_ci_if_error: true
+          verbose: true
+          version: "latest"
 
       # The Github action runs CIS Dockerfile benchmark against dockerfiles in repository (CIS 4.1, 4.2, 4.3, 4.6, 4.7, 4.9, 4.10)
       # https://github.com/sysdiglabs/benchmark-dockerfile

.github/workflows/lint.yaml

@@ -0,0 +1,85 @@
+name: lint
+
+on:
+  # If any commit message in your push or the HEAD commit of your PR contains the strings
+  # [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
+  # workflows triggered on the push or pull_request events will be skipped.
+  # https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
+  push:
+    branches: [ master ]
+    # Publish semver tags as releases.
+    tags: [ 'v[0-9]+.[0-9]+.[0-9]+' ]
+  # If any commit message in your push or the HEAD commit of your PR contains the strings
+  # [skip ci], [ci skip], [no ci], [skip actions], or [actions skip]
+  # workflows triggered on the push or pull_request events will be skipped.
+  # https://github.blog/changelog/2021-02-08-github-actions-skip-pull-request-and-push-workflows-with-skip-ci/
+  pull_request:
+    branches: [ master ]
+
+env:
+  GOLANG_VERSION: ^1.19
+
+jobs:
+  # This job runs golangci-lint and reports issues from linters.
+  # https://github.com/golangci/golangci-lint-action
+  golangci-lint:
+    name: golangci-lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Setup Golang
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ env.GOLANG_VERSION }}
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        # continue-on-error: true
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: "latest"
+          # Optional: golangci-lint command line arguments.
+          args: --issues-exit-code=0 -c ./.golangci.yml
+
+  # This job runs markdownlint and reports issues from linters.
+  # https://github.com/DavidAnson/markdownlint-cli2-action
+  markdownlint:
+    name: markdownlint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: markdownlint
+        uses: DavidAnson/markdownlint-cli2-action@v7
+        continue-on-error: true
+        with:
+          globs: |
+            README.md
+            CHANGELOG.md
+            docs/*.md
+
+  CodeQL:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ['go']
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.golangci.yml

@@ -1,6 +1,31 @@
 linters-settings:
   errcheck:
-    ignore: fmt:.*,glg:.*
+    ignore: "fmt:.*,github.com/kpango/glg:.*"
 issues:
-  exclude:
-    - Error return value of .(glg.(Info|Log|Debug|Warn|Error|Success|Fail|Print|Println|CustomLog)f?). is not checked
+  max-same-issues: 0
+  # exclude:
+  #   - Error return value of .(glg.(Info|Log|Debug|Warn|Error|Success|Fail|Print|Println|CustomLog)f?). is not checked
+linters:
+  presets:
+    # - bugs
+    - comment
+    # - complexity
+    # - error
+    # - format
+    # - import
+    # - metalinter
+    - module
+    - performance
+    # - sql
+    # - style
+    # - test
+    - unused
+  disable:
+    - varcheck
+    - deadcode
+    - structcheck
+    - maligned
+    - dupword
+    - godox
+    - gomoddirectives
+    - godot

Makefile

@@ -2,7 +2,10 @@ GO_VERSION:=$(shell go version)
 
 .PHONY: all clean bench bench-all profile lint test contributors update install
 
-all: clean install lint test bench
+all: build
+
+build:
+	go build
 
 clean:
 	go clean ./...
@@ -36,7 +39,7 @@ deps: clean
 	rm -rf vendor
 
 lint:
-	gometalinter --enable-all . | rg -v comment
+	golangci-lint run -c ./.golangci.yml
 
 test: clean init
 	GO111MODULE=on go test --race -v ./...

README.md

@@ -9,17 +9,18 @@
 
 ![logo](./images/logo.png)
 
-<!-- TOC insertAnchor:false -->
+<!-- TOC -->
 
 - [What is Garm](#what-is-garm)
 - [Use Case](#use-case)
-    - [Authorization](#authorization)
-    - [Docker](#docker)
-    - [Usage](#usage)
+  - [Authorization](#authorization)
+  - [Docker](#docker)
+  - [Usage](#usage)
 - [Contributor License Agreement](#contributor-license-agreement)
 - [About releases](#about-releases)
 
 <!-- /TOC -->
+<!--markdownlint-disable MD013-->
 
 ## What is Garm
 
@@ -51,8 +52,9 @@ Garm convert the K8s request to Athenz request based on the mapping rules in `co
 P.S. It is just a sample deployment solution above. Garm can work on any environment as long as it can access both the API server and the Athenz server.
 
 ### Docker
-```shell
-$ docker pull docker.io/athenz/garm
+
+```bash
+docker pull docker.io/athenz/garm
 ```
 
 ### Usage
@@ -70,5 +72,5 @@ Note that only for contributions to the garm repository on the [GitHub](https://
 ## About releases
 
 - Releases
-    - [![GitHub release (latest by date)](https://img.shields.io/github/v/release/AthenZ/garm?style=flat-square&label=Github%20version)](https://github.com/AthenZ/garm/releases/latest)
-    - [![Docker Image Version (tag latest)](https://img.shields.io/docker/v/athenz/garm/latest?style=flat-square&label=Docker%20version)](https://hub.docker.com/r/athenz/garm/tags)
+  - [![GitHub release (latest by date)](https://img.shields.io/github/v/release/AthenZ/garm?style=flat-square&label=Github%20version)](https://github.com/AthenZ/garm/releases/latest)
+  - [![Docker Image Version (tag latest)](https://img.shields.io/docker/v/athenz/garm/latest?style=flat-square&label=Docker%20version)](https://hub.docker.com/r/athenz/garm/tags)