diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 17:39:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-16 17:39:05 +0000 |
commit | d3911883df1e317b23fa12be7e1c7b45f74d630a (patch) | |
tree | 154cebf32f39b26b8a88e9bb359c57288d629e3b /.github | |
parent | Initial commit. (diff) | |
download | golang-github-theupdateframework-go-tuf-d3911883df1e317b23fa12be7e1c7b45f74d630a.tar.xz golang-github-theupdateframework-go-tuf-d3911883df1e317b23fa12be7e1c7b45f74d630a.zip |
Adding upstream version 0.6.1.upstream/0.6.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github')
-rw-r--r-- | .github/PULL_REQUEST_TEMPLATE.md | 18 | ||||
-rw-r--r-- | .github/dependabot.yml | 32 | ||||
-rw-r--r-- | .github/workflows/changelog.yml | 18 | ||||
-rw-r--r-- | .github/workflows/ci.yml | 25 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 70 | ||||
-rw-r--r-- | .github/workflows/release.yml | 32 | ||||
-rw-r--r-- | .github/workflows/specification-version-check.yml | 14 | ||||
-rw-r--r-- | .github/workflows/tests.yml | 74 |
8 files changed, 283 insertions, 0 deletions
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..56186b3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,18 @@ +Please fill in the fields below to submit a pull request. The more information that is provided, the better. + +Fixes #<Issue> + +Release Notes: <!-- What comments/remarks should we include in the release notes for this change? --> + +**Types of changes**: +<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: --> +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected). **Please ensure that your PR title** is a [Conventional Commit](https://www.conventionalcommits.org/en/v1.0.0/) breaking change (with a `!`, as in `feat!: change foo`). + +**Description of the changes being introduced by the pull request**: + +**Please verify and check that the pull request fulfills the following requirements**: + +- [ ] Tests have been added for the bug fix or new feature +- [ ] Docs have been added for the bug fix or new feature diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..840da33 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,32 @@ +version: 2 +updates: + # Monitor Go dependencies + - package-ecosystem: "gomod" + directory: "/" + schedule: + interval: "weekly" + time: "10:00" + commit-message: + prefix: "chore" + include: "scope" + open-pull-requests-limit: 10 + # Monitor Github Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + time: "10:00" + commit-message: + prefix: "chore" + include: "scope" + open-pull-requests-limit: 10 + # Monitor Python test dependencies + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + time: "10:00" + commit-message: + prefix: "chore" + include: "scope" + open-pull-requests-limit: 10 diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml new file mode 100644 index 0000000..3d43051 --- /dev/null +++ b/.github/workflows/changelog.yml @@ -0,0 +1,18 @@ +name: "Changelog checks" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + conventional-commits-lint-check: + name: "Lint PR title" + runs-on: "ubuntu-latest" + steps: + - name: + uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..295923e --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,25 @@ +on: + pull_request: + push: + branches: + - "master" + tags: + - "v*" +name: CI +permissions: + contents: write +jobs: + tests: + uses: ./.github/workflows/tests.yml + tuf: + needs: tests + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + uses: ./.github/workflows/release.yml + with: + cli-name: tuf + tuf-client: + needs: tests + if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') + uses: ./.github/workflows/release.yml + with: + cli-name: tuf-client diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..056a925 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,70 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '25 14 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://git.io/codeql-language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # âšī¸ Command-line programs to run using the OS shell. + # đ https://git.io/JvXDl + + # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0b87659 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,32 @@ +on: + workflow_call: + inputs: + cli-name: + required: true + type: string +name: Release +jobs: + release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Get Go version + uses: arnested/go-version-action@13d01fa2f867e8a08e9f8197def5f2da5a11ab6d + id: go-version + - name: Set up Go + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + with: + go-version: ${{ steps.go-version.outputs.minimal }} + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 + with: + distribution: goreleaser + version: "v1.7.0" + args: release --config ./.goreleaser/${{ inputs.cli-name }}.yml --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/specification-version-check.yml b/.github/workflows/specification-version-check.yml new file mode 100644 index 0000000..523e455 --- /dev/null +++ b/.github/workflows/specification-version-check.yml @@ -0,0 +1,14 @@ +on: + schedule: + - cron: "0 13 * * *" + workflow_dispatch: +name: Specification version check +jobs: + # Get the latest TUF specification release and open an issue (if needed) + specification-bump-check: + permissions: + contents: read + issues: write + uses: theupdateframework/specification/.github/workflows/check-latest-spec-version.yml@master + with: + tuf-version: "v1.0.32" # Should be updated to the according version either manually or extracted automatically as how it's done in python-tuf diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..d1ae975 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,74 @@ +on: + workflow_call: +name: Tests +jobs: + get-go-versions: + name: Collect available Go versions + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.versions.outputs.matrix }} + steps: + - uses: actions/checkout@v3 + - uses: arnested/go-version-action@13d01fa2f867e8a08e9f8197def5f2da5a11ab6d + id: versions + + run: + strategy: + fail-fast: false # Keep running if one leg fails. + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + go-version: ${{ fromJSON(needs.get-go-versions.outputs.matrix) }} + runs-on: ${{ matrix.os }} + needs: get-go-versions + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup - Go ${{ matrix.go-version }} + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + with: + go-version: ${{ matrix.go-version }} + + - name: Setup - Python + uses: actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1 + with: + python-version: "3.10" + cache: "pip" + cache-dependency-path: "requirements-test.txt" + + - name: Install Python dependencies + run: | + python3 -m pip install --upgrade pip + python3 -m pip install --upgrade -r requirements-test.txt + + - name: Run tests + run: go test -race -covermode atomic -coverprofile='profile.cov' ./... + + - name: Send coverage + uses: shogo82148/actions-goveralls@df920a6a2468668dfcf71a0b43817f89eaa5ea04 + with: + path-to-profile: profile.cov + flag-name: Go-${{ matrix.go-version }} + parallel: true + + checks: + strategy: + matrix: + go-version: ${{ fromJSON(needs.get-go-versions.outputs.matrix) }} + runs-on: ubuntu-latest + needs: get-go-versions + steps: + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 + with: + go-version: ${{ matrix.go-version }} + - uses: actions/checkout@v3 + - name: golangci-lint + uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 + with: + version: v1.51 # has to be pinned and thus manually updated due to https://github.com/golangci/golangci-lint-action/blob/6a290f7d5d488e1e423b0b37fe802c822ca2c08c/README.md?plain=1#L108 + args: --timeout 5m --verbose + - name: govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-input: ${{ matrix.go-version }} + go-package: -json ./... |