diff --git a/.codecov.yml b/.codecov.yml index 5a9bdf017..6b0ecc629 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -1,24 +1,13 @@ -# See http://docs.codecov.io/docs/coverage-configuration coverage: - precision: 2 # 2 = xx.xx%, 0 = xx% - round: down - # For example: 20...60 would result in any coverage less than 20% - # would have a red background. The color would gradually change to - # green approaching 60%. Any coverage over 60% would result in a - # solid green color. - range: "20...60" - status: - # project will give us the diff in the total code coverage between a commit - # and its parent - project: yes - # Patch gives just the coverage of the patch - patch: yes - # changes tells us if there are unexpected code co verage changes in other files - # which were not changed by the diff - changes: yes + # allow test coverage to drop by 0.1%, assume that it's typically due to CI problems + patch: + default: + threshold: 0.1 + project: + default: + threshold: 0.1 - # See http://docs.codecov.io/docs/ignoring-paths ignore: - "build/*" - "hack/*" @@ -26,11 +15,6 @@ coverage: - "Makefile" - ".travis.yml" -# See http://docs.codecov.io/docs/pull-request-comments-1 comment: layout: "diff, files" behavior: "" - # default = posts once then update, posts new if delete - # once = post once then updates - # new = delete old, post new - # spammy = post new \ No newline at end of file diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 000000000..6217b0d1e --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,63 @@ +name: Go +on: + push: + branches: + - "master" + pull_request: + branches: + - "master" +env: + # Golang version to use across CI steps + GOLANG_VERSION: '1.20' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + event_file: + name: "Event File" + runs-on: ubuntu-latest + steps: + - name: Upload + uses: actions/upload-artifact@v4 + with: + name: Event File + path: ${{ github.event_path }} + + build: + name: Build + runs-on: ubuntu-latest + steps: + - name: Set up Go + uses: actions/setup-go@v5.0.0 + with: + go-version: ${{ env.GOLANG_VERSION }} + id: go + + - name: Check out code into the Go module directory + uses: actions/checkout@v4 + + - name: Restore go build cache + uses: actions/cache@v4 + with: + path: ~/.cache/go-build + key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} + + - name: Download all Go modules + run: | + go mod download + + - name: Generate code coverage artifacts + uses: actions/upload-artifact@v4 + with: + name: code-coverage + path: coverage.out + + - name: Upload code coverage information to codecov.io + uses: codecov/codecov-action@v3.1.4 + with: + file: coverage.out diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml new file mode 100644 index 000000000..ee786730b --- /dev/null +++ b/.github/workflows/gosec.yaml @@ -0,0 +1,27 @@ +--- +name: Go Test on Pull Requests +on: # yamllint disable-line rule:truthy + pull_request: + types: + - opened + - synchronize + - reopened + paths: + - '**.go' + workflow_dispatch: +jobs: + gosec: + name: Check GO security + runs-on: ubuntu-20.04 + steps: + - name: Check out code + uses: actions/checkout@v3 + with: + fetch-depth: 1 + ref: ${{ github.event.pull_request.head.sha }} + - name: Run Gosec Security Scanner + uses: securego/gosec@master + with: + args: -exclude-generated ./... + env: + GOROOT: "" diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr.yml similarity index 57% rename from .github/workflows/pr-checks.yml rename to .github/workflows/pr.yml index 00772a248..ad4c9e3d7 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr.yml @@ -4,7 +4,18 @@ on: pull_request: branches: - master - - 'v*.*' + - 'release-v**.x' + +env: + GO111MODULE: on + SDK_VERSION: "1.17.0" + MINIKUBE_WANTUPDATENOTIFICATION: false + MINIKUBE_WANTREPORTERRORPROMPT: false + K8S_VERSION: "1.21.3" + MINIKUBE_VERSION: "1.26.0" + OLM_VERSION: "0.22.0" + TEST_ACCEPTANCE_CLI: "kubectl" + TEST_RESULTS: "out/acceptance-tests" jobs: lint: @@ -26,12 +37,8 @@ jobs: - name: Checkout repo uses: actions/checkout@v4 - - name: Run linters - run: make lint - - unit: - name: Unit Tests with Code coverage + name: Code coverage runs-on: ubuntu-20.04 steps: @@ -43,30 +50,9 @@ jobs: - name: Checkout Git Repository uses: actions/checkout@v4 - - name: Unit Tests with Code Coverage - run: | - make test - - name: Upload Code Coverage Report uses: codecov/codecov-action@v3 with: file: cover.out verbose: true fail_ci_if_error: true - - source-scan: - name: Gosec code scanning - runs-on: ubuntu-20.04 - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Run gosec - uses: securego/gosec@v2.18.2 - with: - args: '-no-fail -fmt sarif -out gosec.sarif ./...' - - - name: Upload gosec scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'gosec.sarif' diff --git a/Makefile b/Makefile index 3e2efd82b..0b280ded7 100644 --- a/Makefile +++ b/Makefile @@ -267,3 +267,156 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) + + + + + + + + + + +##@ Development +.PHONY: go-mod-vendor +go-mod-vendor: ## downloads vendor files needed by tools.go (i.e. go_install) + go mod tidy + go mod vendor + +.PHONY: lint +lint: go-mod-vendor ## run all linters + golangci-lint run --fix + +.PHONY: install-go-tools-local +install-go-tools-local: go-mod-vendor ## install all go tools + ./hack/installers/install-codegen-go-tools.sh + +.PHONY: install-protoc-local +install-protoc-local: ## install protoc tool + ./hack/installers/install-protoc.sh + +.PHONY: install-devtools-local +install-devtools-local: ## install dev tools + ./hack/installers/install-dev-tools.sh + +# Installs all tools required to build and test locally +.PHONY: install-tools-local +install-tools-local: install-go-tools-local install-protoc-local install-devtools-local + + +.PHONY: install-toolchain +install-toolchain: install-go-tools-local install-protoc-local + +##@ Code Generation + +# generates all auto-generated code +.PHONY: codegen +codegen: go-mod-vendor gen-proto gen-k8scodegen gen-openapi gen-mocks gen-crd manifests docs + + +# generates ui related proto files +.PHONY: ui-proto +ui-proto: ## generate ui protobuf files + yarn --cwd ui run protogen + +# generates k8s client, informer, lister, deepcopy from types.go +.PHONY: gen-k8scodegen +gen-k8scodegen: go-mod-vendor ## generate kubernetes codegen files + ./hack/update-codegen.sh + +# generates ./manifests/crds/ +.PHONY: gen-crd +gen-crd: install-go-tools-local ## generate crd manifests + go run ./hack/gen-crd-spec/main.go + +# generates mock files from interfaces +.PHONY: gen-mocks +gen-mocks: install-go-tools-local ## generate mock files + ./hack/update-mocks.sh + +# Build sample plugin with debug info +# https://www.jetbrains.com/help/go/attach-to-running-go-processes-with-debugger.htmls +.PHONY: build-sample-metric-plugin-debug +build-sample-metric-plugin-debug: ## build sample metric plugin with debug info + go build -gcflags="all=-N -l" -o metric-plugin test/cmd/metrics-plugin-sample/main.go + +.PHONY: build-sample-traffic-plugin-debug +build-sample-traffic-plugin-debug: ## build sample traffic plugin with debug info + go build -gcflags="all=-N -l" -o traffic-plugin test/cmd/trafficrouter-plugin-sample/main.go + + +##@ Test + +.PHONY: test +test: test-kustomize ## run all tests + @make test-unit + +.PHONY: test-kustomize +test-kustomize: ## run kustomize tests + ./test/kustomize/test.sh + +.PHONY: test-e2e +test-e2e: install-devtools-local + ${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=junit.xml --format=testname --packages="./test/e2e" --rerun-fails=5 -- -timeout 60m -count 1 --tags e2e -p ${E2E_PARALLEL} -parallel ${E2E_PARALLEL} -v --short ./test/e2e ${E2E_TEST_OPTIONS} + +.PHONY: test-unit + test-unit: install-devtools-local ## run unit tests + ${DIST_DIR}/gotestsum --junitfile=junit.xml --format=testname -- -covermode=count -coverprofile=coverage.out `go list ./... | grep -v ./test/cmd/metrics-plugin-sample` + + +.PHONY: coverage +coverage: test ## run coverage tests + go tool cover -html=coverage.out -o coverage.html + open coverage.html + +.PHONY: manifests +manifests: ## generate manifests e.g. CRD, RBAC etc. + ./hack/update-manifests.sh + +.PHONY: clean +clean: ## clean up build artifacts + -rm -rf ${CURRENT_DIR}/dist + -rm -rf ${CURRENT_DIR}/ui/dist + +.PHONY: precheckin +precheckin: test lint + +##@ Docs + +# convenience target to run `mkdocs serve` using a docker container +.PHONY: serve-docs +serve-docs: docs ## serve docs locally + docker run --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8000 + +.PHONY: docs +docs: ## build docs + go run ./hack/gen-docs/main.go + +##@ Release + +.PHONY: release-docs +release-docs: docs ## build and deploy docs + docker run --rm -it \ + -v ~/.ssh:/root/.ssh \ + -v ${CURRENT_DIR}:/docs \ + -v ~/.gitconfig:/root/.gitconfig \ + squidfunk/mkdocs-material gh-deploy -r ${GIT_REMOTE_REPO} + +.PHONY: release-precheck +release-precheck: manifests ## precheck release + @if [ "$(GIT_TREE_STATE)" != "clean" ]; then echo 'git tree state is $(GIT_TREE_STATE)' ; exit 1; fi + @if [ -z "$(GIT_TAG)" ]; then echo 'commit must be tagged to perform release' ; exit 1; fi + @if [ "$(GIT_TAG)" != "v`cat VERSION`" ]; then echo 'VERSION does not match git tag'; exit 1; fi + +.PHONY: release-plugins +release-plugins: ## build and push plugins + ./hack/build-release-plugins.sh + +.PHONY: release +release: release-precheck precheckin image plugin-image release-plugins + +.PHONY: trivy +trivy: ## run trivy scan + @trivy fs --clear-cache + @trivy fs . +