diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 65fa9232..79214790 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,6 +17,7 @@ jobs: with: config_file: .yamllint.yml strict: true + shellcheck: name: shellcheck runs-on: ubuntu-latest @@ -24,8 +25,9 @@ jobs: - uses: actions/checkout@v2 - name: shellcheck uses: fkautz/shell-linter@v1.0.1 + build: - name: build and test + name: build runs-on: ${{ matrix.os }} strategy: matrix: @@ -38,7 +40,8 @@ jobs: with: go-version: 1.15 - name: Build - run: go build -race ./... + run: go build -race ./... + golangci-lint: name: golangci-lint runs-on: ubuntu-latest @@ -72,10 +75,10 @@ jobs: env: ALLOWED_REPOSITORIES: "sdk, api, sdk-k8s, sdk-vppagent, sdk-sriov" run: | - for i in $(grep github.com/networkservicemesh/ go.mod |grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[a-zA-z\/]*\).*;\1;g' | sort -u);do - if ! [ "$(echo ${ALLOWED_REPOSITORIES}| grep ${i#github.com/networkservicemesh/})" ]; then - echo Dependency on "${i}" is forbidden - exit 1 + for i in $(grep github.com/networkservicemesh/ go.mod | grep -v '^module' | sed 's;.*\(github.com\/networkservicemesh\/[^ ]*\).*;\1;g');do + if ! [ "$(echo ${ALLOWED_REPOSITORIES} | grep ${i#github.com/networkservicemesh/})" ]; then + echo Dependency on "${i}" is forbidden + exit 1 fi; done @@ -125,6 +128,7 @@ jobs: run: | grep ^replace go.mod || exit 0 exit 1 + docker: name: Docker Build & Test runs-on: ubuntu-latest @@ -144,7 +148,6 @@ jobs: id: findPr with: github-token: ${{ github.token }} - - name: Publish Image if: github.event_name == 'push' && github.ref == 'refs/heads/master' && success() && steps.findPr.outputs.number uses: matootie/github-docker@v3.0.0 @@ -154,6 +157,7 @@ jobs: pr-${{ steps.findPr.outputs.pr }} commit-${{ github.sha }} latest + pushImage: name: Push docker image runs-on: ubuntu-latest diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..292e6fd2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,72 @@ +--- +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + schedule: + - cron: '0 5 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # Override automatic language detection by changing the below list + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] + language: ['go'] + # Learn more... + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + # - run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/update-cmd-repositories.yaml b/.github/workflows/update-cmd-repositories.yaml index 332d6f9a..9a63d55a 100644 --- a/.github/workflows/update-cmd-repositories.yaml +++ b/.github/workflows/update-cmd-repositories.yaml @@ -9,7 +9,7 @@ jobs: update-dependent-repositories: strategy: matrix: - repository: [cmd-registry-proxy-dns, cmd-nsc, cmd-registry-memory, cmd-nsmgr, cmd-forwarder-vppagent, cmd-exclude-prefixes-k8s] + repository: [cmd-registry-proxy-dns, cmd-nsc, cmd-registry-memory, cmd-nsmgr, cmd-forwarder-vppagent, cmd-exclude-prefixes-k8s, cmd-forwarder-sriov] name: Update ${{ matrix.repository }} runs-on: ubuntu-latest if: github.repository == 'networkservicemesh/cmd-template' @@ -55,12 +55,14 @@ jobs: git fetch cmd_template git diff cmd_template/master -R | git apply git add $(git ls-tree --name-only -r cmd_template/master | grep ".*\.yml\|.*\.yaml\|.*\.md\|.*\.txt\|.*.\.conf") - if ! [ "$(git restore --staged -- .templateignore)" ]; then + { + git restore --staged -- .templateignore && git restore -- .templateignore - fi - if ! [ "$(git restore --staged -- $(cat .templateignore))" ]; then - git restore -- $(cat .templateignore) - fi + } || { + git add .templateignore + } + git restore --staged -- $(cat .templateignore) + git restore -- $(cat .templateignore) if ! [ -n "$(git diff --cached --exit-code)" ]; then exit 0; fi