From a3e46197b86e928aeb80ec6f0643c272cc064b37 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 08:31:32 +0100 Subject: [PATCH 1/7] Reusable analysis workflow --- .github/workflows/analysis.yml | 76 ++++++++++++++++++ .github/workflows/codeql-analysis.yml | 109 -------------------------- 2 files changed, 76 insertions(+), 109 deletions(-) create mode 100644 .github/workflows/analysis.yml delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml new file mode 100644 index 0000000..6d8007e --- /dev/null +++ b/.github/workflows/analysis.yml @@ -0,0 +1,76 @@ +# Copyright 2023 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. + +name: "Analysis" + +on: + push: + branches: + - main + - develop + pull_request: + branches: [ main ] + schedule: + - cron: '33 23 * * 4' + +# Declare default permissions as read only. +permissions: read-all + +jobs: + scorecards: + name: Scorecards + uses: wabarc/.github/.github/workflows/reusable-scorecards.yml@main + if: | + github.event_name == 'pull_request' || + github.ref == 'refs/heads/main' + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Used to receive a badge. (Upcoming feature) + id-token: write + actions: read + contents: read + + codeql: + name: CodeQL + permissions: + security-events: write + actions: read + contents: read + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + uses: wabarc/.github/.github/workflows/reusable-codeql.yml@main + with: + language: ${{ matrix.language }} + config-file: './.github/codeql/codeql-config.yml' + + nancy: + name: Sonatype Nancy + uses: wabarc/.github/.github/workflows/reusable-nancy.yml@main + + semgrep: + name: Semgrep Scan + if: github.actor != 'dependabot[bot]' + uses: wabarc/.github/.github/workflows/reusable-semgrep.yml@main + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + actions: read + contents: read + + fossa: + if: github.event_name != 'pull_request' + name: FOSSA + uses: wabarc/.github/.github/workflows/reusable-fossa.yml@main + secrets: + fossa-apikey: ${{ secrets.FOSSA_APIKEY }} + + dependency-review: + name: Dependency Review + uses: wabarc/.github/.github/workflows/reusable-dependency-review.yml@main diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 2aeb7da..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,109 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# ******** NOTE ******** - -name: "CodeQL" - -on: - push: - branches: [ main ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ main ] - schedule: - - cron: '33 23 * * 4' - -permissions: write-all -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'go' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Check out code base - if: github.event_name == 'push' || github.event_name == 'schedule' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 - - nancy: - name: Sonatype Nancy - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' || github.event_name == 'schedule' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Set up Go 1.x - uses: actions/setup-go@v2 - with: - go-version: ^1.17 - - - name: Write Go module list - run: go list -json -m all > go.list - - - name: Perform Nancy - uses: sonatype-nexus-community/nancy-github-action@main - continue-on-error: true - From b52a7b9fb0b62e03b4603c61f367de817fcaa035 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 08:32:24 +0100 Subject: [PATCH 2/7] Reusable linter workflow --- .github/workflows/linter.yml | 127 +++++++---------------------------- 1 file changed, 26 insertions(+), 101 deletions(-) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 77b759a..db17a99 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -1,3 +1,7 @@ +# Copyright 2023 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. +# name: Linter on: @@ -9,115 +13,36 @@ on: - '**' types: [ opened, synchronize, reopened ] -permissions: write-all -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Lint Code Base - uses: github/super-linter@v4 - env: - DEFAULT_BRANCH: 'main' - VALIDATE_MARKDOWN: true - VALIDATE_DOCKERFILE: true - VALIDATE_BASH: true - VALIDATE_BASH_EXEC: true - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} +permissions: + contents: read - go: - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} +jobs: + super-linter: + name: Super Linter + uses: wabarc/.github/.github/workflows/reusable-super-linter.yml@main - - name: Golang linter - uses: golangci/golangci-lint-action@v2 + golangci: + name: golangci-lint + uses: wabarc/.github/.github/workflows/reusable-golangci.yml@main shellcheck: - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Run shellcheck with reviewdog - uses: reviewdog/action-shellcheck@v1 + name: ShellCheck + uses: wabarc/.github/.github/workflows/reusable-shellcheck.yml@main misspell: - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - - name: Run misspell with reviewdog - uses: reviewdog/action-misspell@v1 + name: Misspell + uses: wabarc/.github/.github/workflows/reusable-misspell.yml@main alex: - runs-on: ubuntu-latest - steps: - - name: Check out code base - if: github.event_name == 'push' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Check out code base - if: github.event_name == 'pull_request' - uses: actions/checkout@v3 - with: - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} + name: Alex + uses: wabarc/.github/.github/workflows/reusable-alex.yml@main - - name: Run alex with reviewdog - uses: reviewdog/action-alex@v1 + urlcheck: + name: URLCheck + uses: wabarc/.github/.github/workflows/reusable-urlcheck.yml@main + with: + exclude-patterns: ${{ vars.URLCHECH_EXCLUDE }} goreportcard: - if: ${{ github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest - steps: - - name: Run Go report card - run: | - path=$(curl -sf -X POST -F "repo=github.com/$GITHUB_REPOSITORY" https://goreportcard.com/checks | jq -r '.redirect') - echo -e "\nSee report for https://goreportcard.com${path}" + name: Go Report Card + uses: wabarc/.github/.github/workflows/reusable-goreportcard.yml@main From 31e556e366ef430f1e431db163bb3843f484899f Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 08:32:49 +0100 Subject: [PATCH 3/7] Reusable stale workflow --- .github/workflows/stale.yml | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index fa9979f..dc1e0a9 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,24 +1,19 @@ +# Copyright 2020 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. +# name: Stale on: schedule: - cron: "0 3 * * 6" + workflow_dispatch: permissions: issues: write pull-requests: write + jobs: stale: name: Stale - runs-on: ubuntu-latest - steps: - - name: Mark stale issues and pull requests - uses: actions/stale@v4 - with: - repo-token: ${{ github.token }} - exempt-issue-labels: "enhancement,question,help wanted,bug" - exempt-pr-labels: "need-help,WIP" - stale-issue-message: "This issue is stale because it has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days" - stale-pr-message: 'It has been open 120 days with no activity. Remove stale label or comment or this will be closed in 5 days' - days-before-stale: 120 - days-before-close: 5 + uses: wabarc/.github/.github/workflows/reusable-stale.yml@main From 0a2a4d22887bee1593c5ef54ed50c8198169358a Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 08:33:56 +0100 Subject: [PATCH 4/7] Min permissions for testing workflow --- .github/workflows/testing.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 94b0dff..656fd9e 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -21,7 +21,9 @@ on: - "Makefile" workflow_dispatch: -permissions: write-all +permissions: + contents: read + jobs: test: name: Testing From 6393db1028a762270cb48c6b5a711d8a4aaeabde Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 17:41:29 +0100 Subject: [PATCH 5/7] Add codeql-config.yml --- .github/codeql/codeql-config.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/codeql/codeql-config.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 0000000..9c1b9c3 --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,16 @@ +# Copyright 2020 Wayback Archiver. All rights reserved. +# Use of this source code is governed by the GNU GPL v3 +# license that can be found in the LICENSE file. +# +name: "CodeQL config" +queries: + # Run all extra query suites, both because we want to + # and because it'll act as extra testing. This is why + # we include both even though one is a superset of the + # other, because we're testing the parsing logic and + # that the suites exist in the codeql bundle. + - uses: security-extended + - uses: security-and-quality +paths-ignore: + - tests + - lib From f048d391c6ad2864cf1157412ec15e6a3f502b25 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 17:35:49 +0100 Subject: [PATCH 6/7] Fix linter --- pkg/ipfs-cluster/cluster.go | 3 +-- pkg/ipfs-cluster/doc.go | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/pkg/ipfs-cluster/cluster.go b/pkg/ipfs-cluster/cluster.go index a7884b4..24bc4e2 100644 --- a/pkg/ipfs-cluster/cluster.go +++ b/pkg/ipfs-cluster/cluster.go @@ -1,6 +1,5 @@ -package ipfsCluster +package cluster -// // func PinFile() {} // // func PinHash() {} diff --git a/pkg/ipfs-cluster/doc.go b/pkg/ipfs-cluster/doc.go index 5ef0cc6..a28e330 100644 --- a/pkg/ipfs-cluster/doc.go +++ b/pkg/ipfs-cluster/doc.go @@ -1,2 +1,2 @@ // https://cluster.ipfs.io/documentation/guides/pinning/ -package ipfsCluster +package cluster From 13ed51a773c97f97b10a995a930c083cce26a1e7 Mon Sep 17 00:00:00 2001 From: Wayback Archiver <66856220+waybackarchiver@users.noreply.github.com> Date: Tue, 2 May 2023 17:51:38 +0100 Subject: [PATCH 7/7] Update .golangci.yml --- .golangci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 856845f..e5c373c 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -33,12 +33,11 @@ linters: - bodyclose - misspell - rowserrcheck - - structcheck - stylecheck - typecheck - - varcheck - unconvert - unparam + - unused - whitespace linters-settings: errcheck: