diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..48ee185 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +# This file is managed by the repo-content-updater project. Manual changes here will result in a PR to bring back +# inline with the upstream template, unless you remove the go-dependabot managed file property from the repo +version: 2 +updates: + - package-ecosystem: gomod + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 10 + groups: + global: + patterns: + - "*" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..3bc3e1a --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,24 @@ +# Managed by repo-content-updater +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: "🚨 Dependency Review" +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: "Checkout Repository" + uses: actions/checkout@v4 + + - name: "Dependency Review" + uses: actions/dependency-review-action@v4 + with: + deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml new file mode 100644 index 0000000..0a8cb06 --- /dev/null +++ b/.github/workflows/go-test.yml @@ -0,0 +1,19 @@ +name: Go Test +on: + push: + branches: + - main + pull_request: + +jobs: + test: + runs-on: ubuntu-latest + container: golang:1 + steps: + - name: Mark git directory safe + uses: Chia-Network/actions/git-mark-workspace-safe@main + + - uses: actions/checkout@v4 + + - name: Test + run: make test diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b98ab8c --- /dev/null +++ b/Makefile @@ -0,0 +1,99 @@ +MODULE = $(shell env GO111MODULE=on $(GO) list -m) +DATE ?= $(shell date +%FT%T%z) +PKGS = $(or $(PKG),$(shell env GO111MODULE=on $(GO) list ./...)) +TESTPKGS = $(shell env GO111MODULE=on $(GO) list -f \ + '{{ if or .TestGoFiles .XTestGoFiles }}{{ .ImportPath }}{{ end }}' \ + $(PKGS)) +BIN = $(CURDIR)/bin + +GO = go +TIMEOUT = 15 +V = 0 +Q = $(if $(filter 1,$V),,@) +M = $(shell printf "\033[34;1m▶\033[0m") + +binext="" +ifeq ($(GOOS),windows) + binext=".exe" +endif + +export GO111MODULE=on + +.PHONY: all +all: fmt lint vet build + +.PHONY: build +build: $(BIN) ; $(info $(M) building executable…) @ ## Build program binary + $Q CGO_ENABLED=0 $(GO) build \ + -ldflags "-X main.gitVersion=$$(git describe --tags) -X $(MODULE)/cmd.gitVersion=$$(git describe --tags) -X \"main.buildTime=$$(date -u '+%Y-%m-%d %H:%M:%S %Z')\" -X \"$(MODULE)/cmd.buildTime=$$(date -u '+%Y-%m-%d %H:%M:%S %Z')\"" \ + -tags release \ + -o $(BIN)/$(notdir $(basename $(MODULE)))$(binext) +# Tools + +$(BIN): + @mkdir -p $@ +$(BIN)/%: | $(BIN) ; $(info $(M) building $(PACKAGE)…) + $Q env GOBIN=$(BIN) $(GO) install $(PACKAGE) \ + || ret=$$?; \ + exit $$ret + +GOLINT = $(BIN)/golint +$(BIN)/golint: PACKAGE=golang.org/x/lint/golint@latest + +STATICCHECK = $(BIN)/staticcheck +$(BIN)/staticcheck: PACKAGE=honnef.co/go/tools/cmd/staticcheck@latest + +ERRCHECK = $(BIN)/errcheck +$(BIN)/errcheck: PACKAGE=github.com/kisielk/errcheck@latest + +VULNCHECK = $(BIN)/govulncheck +$(BIN)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck@latest + +# Tests + +TEST_TARGETS := test-default test-bench test-short test-verbose test-race +.PHONY: $(TEST_TARGETS) check test tests +test-bench: ARGS=-run=__absolutelynothing__ -bench=. ## Run benchmarks +test-short: ARGS=-short ## Run only short tests +test-verbose: ARGS=-v ## Run tests in verbose mode +test-race: ARGS=-race ## Run tests with race detector +$(TEST_TARGETS): NAME=$(MAKECMDGOALS:test-%=%) +$(TEST_TARGETS): test +check test tests: fmt lint vet staticcheck errcheck vulncheck; $(info $(M) running $(NAME:%=% )tests…) @ ## Run tests + $Q $(GO) test -timeout $(TIMEOUT)s $(ARGS) $(TESTPKGS) + +.PHONY: lint +lint: | $(GOLINT) ; $(info $(M) running golint…) @ ## Run golint + $Q $(GOLINT) -set_exit_status $(PKGS) + +.PHONY: fmt +fmt: ; $(info $(M) running gofmt…) @ ## Run gofmt on all source files + $Q $(GO) fmt $(PKGS) + +.PHONY: vet +vet: ; $(info $(M) running go vet…) @ ## Run go vet on all source files + $Q $(GO) vet $(PKGS) + +.PHONY: staticcheck +staticcheck: | $(STATICCHECK) ; $(info $(M) running staticcheck…) @ + $Q $(STATICCHECK) $(PKGS) + +.PHONY: errcheck +errcheck: | $(ERRCHECK) ; $(info $(M) running errcheck…) @ + $Q $(ERRCHECK) $(PKGS) + +.PHONY: vulncheck +vulncheck: | $(VULNCHECK) ; $(info $(M) running vulncheck…) @ + $Q $(VULNCHECK) $(PKGS) + +# Misc + +.PHONY: clean +clean: ; $(info $(M) cleaning…) @ ## Cleanup everything + @rm -rf $(BIN) + @rm -rf test/tests.* + +.PHONY: help +help: + @grep -hE '^[ a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ + awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-17s\033[0m %s\n", $$1, $$2}'