Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clean CI jobs, Makefile and go.mod/Dockerfile #350

Merged
merged 4 commits into from
Jul 21, 2023
Merged

clean CI jobs, Makefile and go.mod/Dockerfile #350

merged 4 commits into from
Jul 21, 2023

Commits on Jul 21, 2023

  1. remove old hack/check-format.sh and doc.go content 

    The hack/check-format.sh script is not used anywhere (and there is a
`make fmtcheck` target that accomplishes the same thing). So, removing
that.

Also remove all the duplicative (and out-of-date) documentation from the
`doc.go` file for two reasons:

1) pkg.go.dev now includes the README in its entirety and therefore
   there is not a need to duplicate the information from the README into
   a `doc.go` file.
2) Having two places for examples and docs just meant the information in
   `doc.go` quickly got out of date.

Signed-off-by: Jay Pipes <[email protected]>
    @jaypipes
    jaypipes committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    01428a7 View commit details
    Browse the repository at this point in the history

  2. cleanup Makefile, Dockerfile, go.mod 

    Updates to Go 1.19 in go.mod to get us to a more modern Go release.
Similarly changes the Dockerfile that builds the `ghwc` binary to use Go
1.19 and use a hashed version of the Alpine base image to address
security best practices.

Finally, removes the outdated and unnecessary Make targets and
unnecessarily complicated calls to find Go packages. These targets and
fancy code was left over from before Go modules and when we were using
`dep` and vendoring things.

Adds a `.github/workflows/fmtcheck.yml` that follows GH actions security
best practices and separates the fmtcheck stuff from the other tests in
the main `.github.com/workflows/go.yml`.

Signed-off-by: Jay Pipes <[email protected]>
    @jaypipes
    jaypipes committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    d855436 View commit details
    Browse the repository at this point in the history

  3. separate linter job in Github Actions 

    pulls out the golangci-lint job from the main go.yml Github Action and
into its own workflow that follows security best practices like ensuring
read-only permissions and using SHA-specific Action releases.

Signed-off-by: Jay Pipes <[email protected]>
    @jaypipes
    jaypipes committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    4186cf1 View commit details
    Browse the repository at this point in the history

  4. harden and refactor GH action for unit tests 

    Updates the GH Action workflow for unit testing with security best
practices, including reduce permissions, the step security action
hardener, and using SHA-specific Action releases.

Signed-off-by: Jay Pipes <[email protected]>
    @jaypipes
    jaypipes committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    98dc049 View commit details
    Browse the repository at this point in the history