From 763b735dbbf3c38b683f87cdda7839e491821ee2 Mon Sep 17 00:00:00 2001 From: Mirah Gary Date: Wed, 7 Sep 2022 17:34:17 +0200 Subject: [PATCH] Add govulncheck to makefile and github actions. --- .github/workflows/pr.yml | 9 ++++++++- Makefile | 13 +++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6f98df06..1db57573 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -4,6 +4,9 @@ on: pull_request: branches: [ main ] +env: + GO_VERSION: '^1.19.0' # Require Go 1.19 and above, but lower than Go 2.0.0 + jobs: unit_tests: @@ -11,6 +14,10 @@ jobs: runs-on: ubuntu-latest container: us.gcr.io/cf-rabbitmq-for-k8s-bunny/rabbitmq-for-kubernetes-ci steps: + - name: Install Go + uses: actions/setup-go@v2 + with: + go-version: ${{ env.GO_VERSION }} - name: Check out code into the Go module directory uses: actions/checkout@v2 - name: Unit tests @@ -29,7 +36,7 @@ jobs: uses: actions/checkout@v2 - uses: actions/setup-go@v2 with: - go-version: '^1.19.0' # Require Go 1.16 and above, but lower than Go 2.0.0 + go-version: ${{ env.GO_VERSION }} - name: System tests env: K8S_VERSION: ${{ matrix.k8s }} diff --git a/Makefile b/Makefile index c5b5ccfb..f5fec3b1 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,7 @@ install-tools: @echo "Install all tools..." @awk -F '"' '/_/ && !/k8s.io\/code-generator/ { system("go install " $$2) }' tools/tools.go @$(get_mod_code_generator) + go install golang.org/x/vuln/cmd/govulncheck@latest ENVTEST_K8S_VERSION = 1.22.1 ARCHITECTURE = amd64 @@ -49,11 +50,11 @@ $(KUBEBUILDER_ASSETS): ### Targets .PHONY: unit-tests -unit-tests: install-tools $(KUBEBUILDER_ASSETS) generate fmt vet manifests ## Run unit tests +unit-tests: install-tools $(KUBEBUILDER_ASSETS) generate fmt vet vuln manifests ## Run unit tests ginkgo -r --randomize-all api/ internal/ rabbitmqclient/ .PHONY: integration-tests -integration-tests: install-tools $(KUBEBUILDER_ASSETS) generate fmt vet manifests ## Run integration tests +integration-tests: install-tools $(KUBEBUILDER_ASSETS) generate fmt vet vuln manifests ## Run integration tests ginkgo -r --randomize-all controllers/ just-integration-tests: $(KUBEBUILDER_ASSETS) vet @@ -65,7 +66,7 @@ system-tests: ## run end-to-end tests against Kubernetes cluster defined in ~/.k NAMESPACE="rabbitmq-system" ginkgo --randomize-all -r system_tests/ # Build manager binary -manager: generate fmt vet +manager: generate fmt vet vuln go build -o bin/manager main.go # Run against the configured Kubernetes cluster in ~/.kube/config @@ -75,7 +76,7 @@ manager: generate fmt vet # https://github.com/telepresenceio/telepresence is one way to do this (just run # `telepresence connect` and services like `test-service.test-namespace.svc.cluster.local` # will resolve properly). -run: generate fmt vet manifests just-run +run: generate fmt vet vuln manifests just-run just-run: ## Just runs 'go run main.go' without regenerating any manifests or deploying RBACs KUBE_CONFIG=${HOME}/.kube/config OPERATOR_NAMESPACE=rabbitmq-system ENABLE_WEBHOOKS=false go run ./main.go @@ -134,6 +135,10 @@ fmt: vet: go vet ./... +# Run govulncheck +vuln: + govulncheck ./... + # Generate code & docs generate: install-tools api-reference controller-gen object:headerFile="hack/NOTICE.go.txt" paths="./..."