diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 00000000..0b109f61 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,65 @@ +name: 'CI' + +on: + pull_request: + branches: + - main + +jobs: + golangci: + name: lint + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version-file: 'go.mod' + cache: false + - name: golangci-lint + uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc + with: + version: v1.55 + unit: + name: unit tests + runs-on: ubuntu-22.04 + env: + GOPRIVATE: github.com/opentdf/opentdf-v2-poc/* + steps: + - name: Generate a token + id: generate_token + uses: actions/create-github-app-token@v1.5.0 + with: + app-id: '416599' + private-key: '${{ secrets.GH_APP_PRIVATE_KEY }}' + owner: ${{ github.repository_owner }} + repositories: 'opentdf-v2-poc' + - run: git config --global url.https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/.insteadOf https://github.com/ + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version-file: 'go.mod' + cache: false + - name: Unit Tests with the Go CLI + run: go test ./... -short -race -cover + end-to-end: + name: e2e tests + runs-on: ubuntu-22.04 + env: + GOPRIVATE: github.com/opentdf/opentdf-v2-poc/* + steps: + - name: Generate a token + id: generate_token + uses: actions/create-github-app-token@v1.5.0 + with: + app-id: '416599' + private-key: '${{ secrets.GH_APP_PRIVATE_KEY }}' + owner: ${{ github.repository_owner }} + repositories: 'opentdf-v2-poc' + - run: git config --global url.https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/.insteadOf https://github.com/ + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 + with: + go-version-file: 'go.mod' + cache: false + - name: e2e Tests + run: echo "No e2e tests yet." && exit 0 diff --git a/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml similarity index 92% rename from workflows/pr-lint.yaml rename to .github/workflows/pr-lint.yaml index 1e5d63ea..df1e20bb 100644 --- a/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,4 +1,4 @@ -name: "Lint PR" +name: '๐Ÿงน Lint PR Title' on: pull_request_target: types: diff --git a/.github/workflows/security-check.yaml b/.github/workflows/security-check.yaml new file mode 100644 index 00000000..f38ae74e --- /dev/null +++ b/.github/workflows/security-check.yaml @@ -0,0 +1,29 @@ +name: '๐Ÿ” Security Check' + +on: + pull_request: + branches: + - main + +jobs: + govulncheck_job: + runs-on: ubuntu-latest + name: Run govulncheck + env: + GOPRIVATE: github.com/opentdf/opentdf-v2-poc/* + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - name: Generate a token + id: generate_token + uses: actions/create-github-app-token@v1.5.0 + with: + app-id: '416599' + private-key: '${{ secrets.GH_APP_PRIVATE_KEY }}' + owner: ${{ github.repository_owner }} + repositories: 'opentdf-v2-poc' + - run: git config --global url.https://x-access-token:${{ steps.generate_token.outputs.token }}@github.com/.insteadOf https://github.com/ + - id: govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-file: go.mod + go-package: ./... diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 00000000..466ddf69 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,12 @@ +issues: + # Show only new issues: if there are unstaged changes or untracked files, + # only those changes are analyzed, else only changes in HEAD~ are analyzed. + # It's a super-useful option for integration of golangci-lint into existing large codebase. + # It's not practical to fix all existing issues at the moment of integration: + # much better don't allow issues in new code. + # + # Default: false + new: true + # Show only new issues created after git revision `REV`. + # Default: "" + new-from-rev: HEAD