diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml new file mode 100644 index 0000000..818c128 --- /dev/null +++ b/.github/workflows/analysis.yml @@ -0,0 +1,67 @@ +# Copyright 2020 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. + +name: "Analysis" + +on: + push: + branches: + - main + - develop + pull_request: + branches: [ main ] + schedule: + - cron: '33 23 * * 4' + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecards + uses: wabarc/.github/.github/workflows/reusable-scorecards.yml@main + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Used to receive a badge. (Upcoming feature) + id-token: write + actions: read + contents: read + + codeql: + name: CodeQL + permissions: + security-events: write + actions: read + contents: read + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + uses: wabarc/.github/.github/workflows/reusable-codeql.yml@main + with: + language: ${{ matrix.language }} + #config-file: './.github/codeql/codeql-config.yml' + + nancy: + name: Sonatype Nancy + uses: wabarc/.github/.github/workflows/reusable-nancy.yml@main + + semgrep: + name: Semgrep Scan + if: github.actor != 'dependabot[bot]' + uses: wabarc/.github/.github/workflows/reusable-semgrep.yml@main + + fossa: + name: FOSSA + uses: wabarc/.github/.github/workflows/reusable-fossa.yml@main + secrets: + fossa-apikey: ${{ secrets.FOSSA_APIKEY }} + + dependency-review: + name: Dependency Review + uses: wabarc/.github/.github/workflows/reusable-dependency-review.yml@main diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 8e2385f..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,69 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# ******** NOTE ******** - -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '33 23 * * 4' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 - diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 4a017e7..e100bb8 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -1,3 +1,7 @@ +# Copyright 2022 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. +# name: Linter on: @@ -9,33 +13,34 @@ on: - '**' types: [ opened, synchronize, reopened ] +permissions: + contents: read + jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout default branch - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Lint Code Base - uses: github/super-linter@v4 - env: - DEFAULT_BRANCH: 'main' - VALIDATE_MARKDOWN: true - VALIDATE_SHELL_SHFMT: true - VALIDATE_DOCKERFILE: true - VALIDATE_BASH: true - VALIDATE_BASH_EXEC: true - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - go: - runs-on: ubuntu-latest - steps: - - name: Checkout default branch - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Golang linter - uses: golangci/golangci-lint-action@v2 + super-linter: + name: Super Linter + uses: wabarc/.github/.github/workflows/reusable-super-linter.yml@main + + golangci: + name: golangci-lint + uses: wabarc/.github/.github/workflows/reusable-golangci.yml@main + + shellcheck: + name: ShellCheck + uses: wabarc/.github/.github/workflows/reusable-shellcheck.yml@main + + misspell: + name: Misspell + uses: wabarc/.github/.github/workflows/reusable-misspell.yml@main + + alex: + name: Alex + uses: wabarc/.github/.github/workflows/reusable-alex.yml@main + + urlcheck: + name: URLCheck + uses: wabarc/.github/.github/workflows/reusable-urlcheck.yml@main + + goreportcard: + name: Go Report Card + uses: wabarc/.github/.github/workflows/reusable-goreportcard.yml@main diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 9e40984..dc1e0a9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,19 +1,19 @@ +# Copyright 2020 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. +# name: Stale on: schedule: - cron: "0 3 * * 6" + workflow_dispatch: + +permissions: + issues: write + pull-requests: write jobs: stale: name: Stale - runs-on: ubuntu-latest - steps: - - name: Mark stale issues and pull requests - uses: actions/stale@v4 - with: - repo-token: ${{ github.token }} - stale-issue-message: "This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days" - stale-pr-message: 'It has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days' - days-before-stale: 120 - days-before-close: 5 + uses: wabarc/.github/.github/workflows/reusable-stale.yml@main diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 5ef6b78..5dd4311 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -28,30 +28,56 @@ jobs: os: [ ubuntu-latest, macos-latest, windows-latest ] go: [ "1.13", "1.14", "1.15", "1.16", "1.17", "1.18", "1.19" ] steps: - - name: Set up Go 1.x - uses: actions/setup-go@v2 - with: - go-version: ${{ matrix.go }} - - - name: Check out code into the Go module directory - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Get dependencies - run: | - go get -v -t -d ./... - - - name: Run test - run: | - make test - make test-cover - - - name: Upload coverage - uses: actions/upload-artifact@v2 - with: - name: coverage - path: coverage.* - - - name: Run integration test - run: make test-integration + - name: Harden Runner + uses: step-security/harden-runner@2e205a28d0e1da00c5f53b161f4067b052c61f34 # v1.5.0 + with: + egress-policy: audit + disable-telemetry: true + + - name: Set up Go ${{ matrix.go }}.x + uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1 + with: + go-version: ${{ matrix.go }} + + - name: Check out code base + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + fetch-depth: 0 + + - name: Check out code base + if: github.event_name == 'pull_request' + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + + - name: Cache go module + uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + ~/Library/Caches/go-build + ~\AppData\Local\go-build + ~\go\pkg\mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - name: Get dependencies + run: | + go get -v -t -d ./... + + - name: Run test + run: | + make test + make test-cover + + - name: Upload coverage + uses: actions/upload-artifact@v2 + with: + name: coverage + path: coverage.* + + - name: Run integration test + run: make test-integration