diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 00000000..296b22bc --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,10 @@ +version = 1 +[[analyzers]] +name = "test-coverage" +enabled = true +[[analyzers]] +name = "go" + [analyzers.meta] + import_root = "goa.design/model" +[[analyzers]] +name = "secrets" \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..ad7f69f4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,66 @@ +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '23 12 * * 4' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version-file: 'go.mod' + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + #- name: Autobuild + # uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + - run: make depend; make build + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..4e751977 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,20 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v3 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 9456c68b..00000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: CI -on: [push, pull_request] -jobs: - Linux: - name: Linux - runs-on: ubuntu-latest - steps: - - - name: Collect Workflow Telemetry - uses: runforesight/foresight-workflow-kit-action@v1 - if: success() || failure() - - - name: Set up Go 1.20 - uses: actions/setup-go@v4 - with: - go-version: '1.20' - id: go - - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - - name: Build - run: make ci - - - name: Compute code coverage - run: go test -v -json -coverprofile=coverage.out ./...> ./test-report.json || true - - - name: Analyze Test and/or Coverage Results - uses: runforesight/foresight-test-kit-action@v1 - if: success() || failure() - with: - test_format: JSON - test_framework: GOLANG - test_path: "./test-report.json" - coverage_format: GOLANG - coverage_path: ./coverage.out - - Windows: - name: Windows - runs-on: windows-latest - steps: - - - name: Set up Go 1.20 - uses: actions/setup-go@v4 - with: - go-version: '1.20' - id: go - - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - - - name: Build - run: make ci diff --git a/.github/workflows/report-coverage.yml b/.github/workflows/report-coverage.yml new file mode 100644 index 00000000..c4dfce1f --- /dev/null +++ b/.github/workflows/report-coverage.yml @@ -0,0 +1,32 @@ +name: Report Test Coverage + +on: + workflow_run: + workflows: + - Run Static Checks and Tests + types: [completed] + +jobs: + report: + runs-on: ubuntu-latest + if: github.event.workflow_run.conclusion == 'success' + + steps: + - name: Check out code + uses: actions/checkout@v4 + with: + repository: ${{ github.event.workflow_run.head_repository.full_name }} + ref: ${{ github.event.workflow_run.head_branch }} + + - name: Download test coverage + uses: dawidd6/action-download-artifact@v2 + with: + workflow: test.yml + name: coverage + + - name: Report analysis to DeepSource + run: | + curl https://deepsource.io/cli | sh + ./bin/deepsource report --analyzer test-coverage --key go --value-file ./cover.out + env: + DEEPSOURCE_DSN: ${{ secrets.DEEPSOURCE_DSN }} \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 00000000..eaeb00f9 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,38 @@ +name: Run Static Checks and Tests + +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + ci: + strategy: + fail-fast: true + matrix: + go: ['1.20', '1.21'] + os: ['ubuntu-latest', 'windows-latest'] + runs-on: ${{ matrix.os }} + + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go ${{ matrix.go }} + uses: actions/setup-go@v4 + with: + go-version: ${{ matrix.go }} + id: go + + - name: Build + run: make ci + + - name: Upload test coverage for deep source + if: matrix.go == '1.21' && matrix.os == 'ubuntu-latest' + uses: actions/upload-artifact@v3 + with: + name: coverage + path: cover.out diff --git a/Makefile b/Makefile index 2e663d13..e48dedba 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ DEPEND=\ github.com/golangci/golangci-lint/cmd/golangci-lint@latest \ github.com/mjibson/esc@latest -all: lint check-generated test +all: lint test build ci: depend all @@ -46,15 +46,17 @@ ifneq ($(GOOS),windows) fi endif -check-generated: generate - @if ! git diff -s --exit-code cmd/mdl/webapp.go; then \ - echo 'cmd/mdl/webapp.go is different, run `make generate` before commit!'; \ - fi - test: - go test ./... + go test ./... --coverprofile=cover.out + +build: + @cd cmd/mdl && go install + @cd cmd/stz && go install -release: +serve: build + @cmd/mdl/mdl serve + +release: build # First make sure all is clean @git diff-index --quiet HEAD @go mod tidy @@ -67,10 +69,6 @@ release: @sed 's/model@v.*\/\(.*\)tab=doc/model@v$(MAJOR).$(MINOR).$(BUILD)\/\1tab=doc/' README.md > _tmp && mv _tmp README.md @sed 's/model@v.*\/\(.*\)tab=doc/model@v$(MAJOR).$(MINOR).$(BUILD)\/\1tab=doc/' DSL.md > _tmp && mv _tmp DSL.md -# Make sure mdl and stz build - @cd cmd/mdl && go install - @cd cmd/stz && go install - # Commit and push @git add . @git commit -m "Release v$(MAJOR).$(MINOR).$(BUILD)"