forked from aquasecurity/esquery
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7ace685
commit c62c130
Showing
6 changed files
with
173 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
version: 2.1 | ||
|
||
commands: | ||
configure_github_access: | ||
steps: | ||
- run: | ||
name: Configure github access | ||
command: git config --global url."https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" | ||
|
||
restore_build_cache: | ||
steps: | ||
- restore_cache: | ||
keys: | ||
- v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }} | ||
- v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }} | ||
- v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-main | ||
- v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}- | ||
|
||
save_build_cache: | ||
steps: | ||
- save_cache: | ||
key: v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }} | ||
paths: | ||
- /mnt/ramdisk/.cache/go-build | ||
when: always | ||
|
||
global_context: &global_context | ||
context: | ||
- org-global | ||
- org-datadog-credentials | ||
- GITHUB_CREDS | ||
|
||
global_dockerhub_auth: &global_dockerhub_auth | ||
auth: | ||
username: $GLOBAL_DOCKERHUB_USERNAME | ||
password: $GLOBAL_DOCKERHUB_PASSWORD | ||
|
||
executors: | ||
test-container: | ||
docker: | ||
- image: cimg/go:1.21 | ||
<<: *global_dockerhub_auth | ||
environment: | ||
GOCACHE: /mnt/ramdisk/.cache/go-build | ||
TEST_RESULTS: /tmp/test-results | ||
|
||
test_steps: &test_steps | ||
steps: | ||
- checkout | ||
- restore_build_cache | ||
- configure_github_access | ||
- run: | ||
name: Run tests | ||
command: make test-ci | ||
- store_artifacts: | ||
path: /tmp/test-results | ||
destination: raw-test-output | ||
- store_artifacts: | ||
path: /tmp/artifacts | ||
- store_test_results: | ||
path: /tmp/test-results | ||
- persist_to_workspace: | ||
root: /tmp/artifacts | ||
paths: | ||
- test_coverage_stats | ||
- save_build_cache | ||
|
||
jobs: | ||
test: | ||
executor: test-container | ||
resource_class: small | ||
<<: *test_steps | ||
|
||
workflows: | ||
version: 2 | ||
build_and_push: | ||
jobs: | ||
- test: | ||
<<: *global_context |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# To get started with Dependabot version updates, you'll need to specify which | ||
# package ecosystems to update and where the package manifests are located. | ||
# Please see the documentation for all configuration options: | ||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates | ||
|
||
version: 2 | ||
updates: | ||
- package-ecosystem: "" # See documentation for possible values | ||
directory: "/" # Location of package manifests | ||
schedule: | ||
interval: "weekly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
name: "CodeQL - Minimal incremental analysis" | ||
|
||
on: | ||
push: | ||
branches: | ||
- "main" # Change this to the branch to default branch | ||
- "!ignore/branch" # Ignore CodeQL scan for these branches | ||
- "!test/*" # Ignore CodeQL scan for these branches | ||
paths-ignore: | ||
- "**/*.md" | ||
- "**/*.txt" | ||
pull_request: | ||
branches: | ||
- "main" # Change this to the branch to default branch | ||
# If your project is not actively developed, consider scheduling CodeQL scans | ||
#schedule: | ||
# - cron: '44 23 * * 5' # Run CodeQL scan every Friday at 11:44 PM UTC | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 30 # Set timeout to 30 minutes; Change if your project takes longer to scan | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: ["go"] | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# queries: security-extended,security-and-quality | ||
# debug: true # Only use this for debugging. It will increase the runtime of the action and take up storage | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
category: "/language:${{matrix.language}}" |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# Go related variables. | ||
GOBASE=$(shell pwd) | ||
export GOBIN=$(GOBASE)/bin | ||
export GOPRIVATE=github.com/deliveroo/* | ||
export GOPROXY=https://proxy.golang.org,off | ||
|
||
# Ensure that we use vendored binaries before consulting the system. | ||
GOBIN=$(shell pwd)/bin | ||
export PATH := $(GOBIN):$(PATH) | ||
|
||
MODULE = $(shell env GO111MODULE=on go list -m) | ||
|
||
# allows passing specific tags to go build (for example musl) | ||
ifdef GO_BUILD_TAGS | ||
GO_BUILD_TAGS_ARG += -tags $(GO_BUILD_TAGS) | ||
endif | ||
|
||
gocoverstats=$(GOBIN)/gocoverstats | ||
$(gocoverstats): | ||
GOBIN=$(GOBIN) go install $(GO_BUILD_TAGS_ARG) gitlab.com/fgmarand/gocoverstats@latest | ||
|
||
.PHONY: test | ||
test: ## Run tests | ||
APP_ENV=test go test -race ./... | ||
|
||
.PHONY: test-ci | ||
test-ci: $(go-junit-report) $(gocoverstats) ## Run tests and output as junit-xml | ||
mkdir -p /tmp/artifacts | ||
mkdir -p /tmp/test-results | ||
touch /tmp/test-results/go-test.out | ||
trap "$(GOBIN)/go-junit-report </tmp/test-results/go-test.out > /tmp/test-results/go-test-report.xml" EXIT; \ | ||
APP_ENV=test go test ${GO_TEST_ARGS} $(GO_BUILD_TAGS_ARG) -coverprofile=/tmp/artifacts/coverage.txt -race ./... 2>&1 | tee /tmp/test-results/go-test.out | ||
$(GOBIN)/gocoverstats -f /tmp/artifacts/coverage.txt > /tmp/artifacts/test_coverage_stats | ||
go tool cover -html=/tmp/artifacts/coverage.txt -o /tmp/artifacts/coverage.html |