diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..b430fdb --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,79 @@ +version: 2.1 + +commands: + configure_github_access: + steps: + - run: + name: Configure github access + command: git config --global url."https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/" + + restore_build_cache: + steps: + - restore_cache: + keys: + - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }} + - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }} + - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-main + - v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}- + + save_build_cache: + steps: + - save_cache: + key: v1.21-go-build-cache-{{ .Environment.CIRCLE_JOB }}-{{ .Environment.CIRCLE_BRANCH }}-{{ .Environment.CIRCLE_SHA1 }} + paths: + - /mnt/ramdisk/.cache/go-build + when: always + +global_context: &global_context + context: + - org-global + - org-datadog-credentials + - GITHUB_CREDS + +global_dockerhub_auth: &global_dockerhub_auth + auth: + username: $GLOBAL_DOCKERHUB_USERNAME + password: $GLOBAL_DOCKERHUB_PASSWORD + +executors: + test-container: + docker: + - image: cimg/go:1.21 + <<: *global_dockerhub_auth + environment: + GOCACHE: /mnt/ramdisk/.cache/go-build + TEST_RESULTS: /tmp/test-results + +test_steps: &test_steps + steps: + - checkout + - restore_build_cache + - configure_github_access + - run: + name: Run tests + command: make test-ci + - store_artifacts: + path: /tmp/test-results + destination: raw-test-output + - store_artifacts: + path: /tmp/artifacts + - store_test_results: + path: /tmp/test-results + - persist_to_workspace: + root: /tmp/artifacts + paths: + - test_coverage_stats + - save_build_cache + +jobs: + test: + executor: test-container + resource_class: small + <<: *test_steps + +workflows: + version: 2 + build_and_push: + jobs: + - test: + <<: *global_context diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..e69de29 diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..ac6621f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..832d837 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,49 @@ +name: "CodeQL - Minimal incremental analysis" + +on: + push: + branches: + - "main" # Change this to the branch to default branch + - "!ignore/branch" # Ignore CodeQL scan for these branches + - "!test/*" # Ignore CodeQL scan for these branches + paths-ignore: + - "**/*.md" + - "**/*.txt" + pull_request: + branches: + - "main" # Change this to the branch to default branch + # If your project is not actively developed, consider scheduling CodeQL scans + #schedule: + # - cron: '44 23 * * 5' # Run CodeQL scan every Friday at 11:44 PM UTC + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + timeout-minutes: 30 # Set timeout to 30 minutes; Change if your project takes longer to scan + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["go"] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # queries: security-extended,security-and-quality + # debug: true # Only use this for debugging. It will increase the runtime of the action and take up storage + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/codeql-complete.yml b/.github/workflows/codeql-complete.yml new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..4814ce6 --- /dev/null +++ b/Makefile @@ -0,0 +1,34 @@ +# Go related variables. +GOBASE=$(shell pwd) +export GOBIN=$(GOBASE)/bin +export GOPRIVATE=github.com/deliveroo/* +export GOPROXY=https://proxy.golang.org,off + +# Ensure that we use vendored binaries before consulting the system. +GOBIN=$(shell pwd)/bin +export PATH := $(GOBIN):$(PATH) + +MODULE = $(shell env GO111MODULE=on go list -m) + +# allows passing specific tags to go build (for example musl) +ifdef GO_BUILD_TAGS +GO_BUILD_TAGS_ARG += -tags $(GO_BUILD_TAGS) +endif + +gocoverstats=$(GOBIN)/gocoverstats +$(gocoverstats): + GOBIN=$(GOBIN) go install $(GO_BUILD_TAGS_ARG) gitlab.com/fgmarand/gocoverstats@latest + +.PHONY: test +test: ## Run tests + APP_ENV=test go test -race ./... + +.PHONY: test-ci +test-ci: $(go-junit-report) $(gocoverstats) ## Run tests and output as junit-xml + mkdir -p /tmp/artifacts + mkdir -p /tmp/test-results + touch /tmp/test-results/go-test.out + trap "$(GOBIN)/go-junit-report /tmp/test-results/go-test-report.xml" EXIT; \ + APP_ENV=test go test ${GO_TEST_ARGS} $(GO_BUILD_TAGS_ARG) -coverprofile=/tmp/artifacts/coverage.txt -race ./... 2>&1 | tee /tmp/test-results/go-test.out + $(GOBIN)/gocoverstats -f /tmp/artifacts/coverage.txt > /tmp/artifacts/test_coverage_stats + go tool cover -html=/tmp/artifacts/coverage.txt -o /tmp/artifacts/coverage.html \ No newline at end of file