diff --git a/.github/workflows/pr-validation.yaml b/.github/workflows/pr-validation.yaml new file mode 100644 index 000000000..e2d09990d --- /dev/null +++ b/.github/workflows/pr-validation.yaml @@ -0,0 +1,96 @@ +name: PR Validation + +on: pull_request + +env: + NAME: "grafana-operator" + +jobs: + lint: + runs-on: ubuntu-latest + env: + GO111MODULE: on + steps: + - name: Clone repo + uses: actions/checkout@v2.3.4 + - name: Setup go + uses: actions/setup-go@v2 + with: + go-version: "1.16" + - name: golangci-lint + uses: golangci/golangci-lint-action@v2.5.2 + with: + version: "v1.40.1" + + fmt: + runs-on: ubuntu-latest + steps: + - name: Clone repo + uses: actions/checkout@v2.3.4 + - name: Setup go + uses: actions/setup-go@v2 + with: + go-version: "1.16" + - name: Run fmt + run: | + make fmt + - name: Check if working tree is dirty + run: | + if [[ $(git status --porcelain) ]]; then + git diff + echo 'run make fmt and commit changes' + exit 1 + fi + + test: + runs-on: ubuntu-latest + steps: + - name: Clone repo + uses: actions/checkout@v2.3.4 + - name: Setup go + uses: actions/setup-go@v2 + with: + go-version: "1.16" + - name: Run test + run: | + make test + + build-container: + runs-on: ubuntu-latest + steps: + - name: Clone repo + uses: actions/checkout@v2.3.4 + - name: Prepare + id: prep + run: | + VERSION=sha-${GITHUB_SHA::8} + if [[ $GITHUB_REF == refs/tags/* ]]; then + VERSION=${GITHUB_REF/refs\/tags\//} + fi + echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + echo ::set-output name=VERSION::${VERSION} + - uses: brpaz/hadolint-action@v1.5.0 + with: + dockerfile: Dockerfile + - name: Cache container layers + uses: actions/cache@v2.1.6 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1.3.0 + - name: Build and load (current arch) + run: | + docker buildx build --load -t ${{ env.NAME }}:${{ steps.prep.outputs.VERSION }} . + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.NAME }}:${{ steps.prep.outputs.VERSION }} + format: 'table' + exit-code: '1' + ignore-unfixed: true + severity: 'CRITICAL,HIGH' diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 000000000..838316c1b --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,144 @@ +run: + timeout: 4m + +linters: + disable-all: false + enable: + - gocyclo + - misspell + - nilerr + - unparam + - gosec + - unused + - govet + - gosimple + - errorlint + - errcheck + - dogsled + - cyclop + - exhaustive + - funlen + - nestif + - goconst + - gofmt + - revive + - lll + - makezero + - nakedret + - prealloc + - nolintlint + - staticcheck + - thelper + - whitespace + +linters-settings: + gocyclo: + min-complexity: 20 + + misspell: + locale: US + + unused: + go: "1.16" + + unparam: + check-exported: true + + govet: + check-shadowing: false + + gosimple: + go: "1.16" + checks: [ "all" ] + + errorlint: + errorf: true + asserts: true + comparison: true + + errcheck: + check-type-assertions: true + check-blank: true + + dogsled: + max-blank-identifiers: 2 + + cyclop: + max-complexity: 15 + package-average: 0.0 + skip-tests: true + + exhaustive: + check-generated: false + default-signifies-exhaustive: false + + funlen: + lines: 80 + statements: 50 + + nestif: + min-complexity: 5 + + goconst: + min-len: 3 + min-occurrences: 3 + + gofmt: + simplify: true + + revive: + ignore-generated-header: true + severity: warning + + lll: + line-length: 140 + tab-width: 1 + + makezero: + always: false + + nakedret: + max-func-lines: 30 + + prealloc: + simple: true + range-loops: true + for-loops: false + + nolintlint: + allow-unused: false + allow-leading-space: true + allow-no-explanation: [] + require-explanation: true + require-specific: true + + staticcheck: + go: "1.16" + checks: [ "all" ] + + thelper: + test: + first: true + name: true + begin: true + benchmark: + first: true + name: true + begin: true + tb: + first: true + name: true + begin: true + + whitespace: + multi-if: false + multi-func: false + +issues: + exclude-rules: + - path: _test\.go + linters: + - gocyclo + - funlen + - gocognit + - unparam diff --git a/Makefile b/Makefile index efe5de6c9..d5b7a9a55 100644 --- a/Makefile +++ b/Makefile @@ -123,6 +123,9 @@ bundle-build: code/check: fmt vet golint ./... +.PHONY: code/golangci-lint +code/golangci-lint: + golangci-lint run ./... .PHONY: cluster/prepare/local/file cluster/prepare/local/file: