Skip to content

Commit

Permalink
Revert "Add vuln (#590)"
Browse files Browse the repository at this point in the history
This reverts commit 1d8b6ac.
  • Loading branch information
eyalbe4 committed May 26, 2022
1 parent 1d8b6ac commit b2f3881
Show file tree
Hide file tree
Showing 7 changed files with 226 additions and 69 deletions.
29 changes: 29 additions & 0 deletions .github/workflows/analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: "Static Analysis"
on: ["push", "pull_request"]
jobs:
Static-Check:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x
- name: Static Code Analysis
uses: dominikh/staticcheck-action@v1

Go-Sec:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x
- name: Install gosec
run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
- name: Run gosec
# Temporary ignoring G301,G302,G306
run: gosec -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./...
35 changes: 35 additions & 0 deletions .github/workflows/cla.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: "CLA Assistant"
on:
# issue_comment triggers this action on each comment on issues and pull requests
issue_comment:
types: [created]
pull_request_target:
types: [opened,synchronize]

jobs:
CLAssistant:
runs-on: ubuntu-latest
steps:
- uses: actions-ecosystem/action-regex-match@v2
id: sign-or-recheck
with:
text: ${{ github.event.comment.body }}
regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheckcla)\s*'

- name: "CLA Assistant"
if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
# Alpha Release
uses: cla-assistant/[email protected]
env:
# Generated and maintained by github
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# JFrog organization secret
PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_SIGN_TOKEN }}
with:
path-to-signatures: 'signed_clas.json'
path-to-document: 'https://jfrog.com/cla/'
remote-organization-name: 'jfrog'
remote-repository-name: 'jfrog-signed-clas'
# branch should not be protected
branch: 'master'
allowlist: bot*
34 changes: 0 additions & 34 deletions .github/workflows/frogbot-pull-request.yml

This file was deleted.

32 changes: 0 additions & 32 deletions .github/workflows/frogbot-push.yml

This file was deleted.

158 changes: 158 additions & 0 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,158 @@
name: JFrog Client Go Tests
on:
push:
# Triggers the workflow on labeled PRs only.
pull_request_target:
types: [labeled]
# Ensures that only the latest commit is running for each PR at a time.
# Ignores this rule for push events.
concurrency:
group: ${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
Go-Lint:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x

- name: Go Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-

- name: Lint
run: go vet -v ./...

JFrog-Client-Go-Artifactory-Tests:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
name: ${{ matrix.suite }} ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
suite: [artifactory]
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x

- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Go Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-

- name: Setup Artifactory
run: |
go install github.com/jfrog/jfrog-testing-infra/local-rt-setup@latest
~/go/bin/local-rt-setup
env:
RTLIC: ${{secrets.RTLIC}}
GOPROXY: direct

- name: artifactory tests
run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.artifactory=true --rt.url='http://localhost:8081/artifactory/' --rt.user='admin' --rt.password='password' --ci.runId=${{ runner.os }}-${{ matrix.suite }}

JFrog-Client-Go-Ds-Xr-Access-Tests:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
name: ${{ matrix.suite }} ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
suite: [distribution, xray, access]
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x

- name: Go Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-

- name: ${{ matrix.suite }} tests
run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }}=true --rt.url=${{ secrets.CLI_RT_URL }} --ds.url=${{ secrets.CLI_DIST_URL }} --xr.url=${{ secrets.CLI_XRAY_URL }} --access.url=${{ secrets.CLI_ACCESS_URL }} --rt.user=${{ secrets.CLI_RT_USER }} --rt.password=${{ secrets.CLI_RT_PASSWORD }} --access.token=${{ secrets.CLI_ACCESS_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }}

JFrog-Client-Go-Pipelines-Tests:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
name: pipelines ubuntu-latest
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x

- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: pipelines tests
run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.pipelines=true --rt.url=${{ secrets.CLI_RT_URL }} --pipe.url=${{ secrets.CLI_PIPE_URL }} --rt.user=${{ secrets.CLI_RT_USER }} --rt.password=${{ secrets.CLI_RT_PASSWORD }} --pipe.accessToken=${{ secrets.CLI_PIPE_ACCESS_TOKE }} --pipe.vcsToken=${{ secrets.CLI_PIPE_VCS_TOKEN }} --pipe.vcsRepo=${{ secrets.CLI_PIPE_VCS_REPO }} --pipe.vcsBranch=${{ secrets.CLI_PIPE_VCS_BRANCH }} --ci.runId=${{ runner.os }}-pipe

JFrog-Client-Go-Repositories-Tests:
if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push'
name: repositories ubuntu-latest
runs-on: ubuntu-latest
steps:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: 1.17.x

- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}

- name: Go Cache
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-go-

- name: Setup Artifactory
run: |
go install github.com/jfrog/jfrog-testing-infra/local-rt-setup@latest
~/go/bin/local-rt-setup
env:
RTLIC: ${{secrets.RTLIC}}
GOPROXY: direct

- name: Repositories tests
run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.repositories=true --rt.url='http://localhost:8081/artifactory/' --rt.user='admin' --rt.password='password'
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.7.1
github.com/xanzy/ssh-agent v0.3.1
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
)

Expand Down
5 changes: 3 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,8 @@ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnf
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU=
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE=
Expand Down Expand Up @@ -168,6 +168,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

0 comments on commit b2f3881

Please sign in to comment.