diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml new file mode 100644 index 000000000..e54765bb0 --- /dev/null +++ b/.github/workflows/analysis.yml @@ -0,0 +1,29 @@ +name: "Static Analysis" +on: ["push", "pull_request"] +jobs: + Static-Check: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + - name: Static Code Analysis + uses: dominikh/staticcheck-action@v1 + + Go-Sec: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v3 + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + - name: Install gosec + run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin + - name: Run gosec + # Temporary ignoring G301,G302,G306 + run: gosec -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./... diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml new file mode 100644 index 000000000..e36268d86 --- /dev/null +++ b/.github/workflows/cla.yml @@ -0,0 +1,35 @@ +name: "CLA Assistant" +on: + # issue_comment triggers this action on each comment on issues and pull requests + issue_comment: + types: [created] + pull_request_target: + types: [opened,synchronize] + +jobs: + CLAssistant: + runs-on: ubuntu-latest + steps: + - uses: actions-ecosystem/action-regex-match@v2 + id: sign-or-recheck + with: + text: ${{ github.event.comment.body }} + regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheckcla)\s*' + + - name: "CLA Assistant" + if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }} + # Alpha Release + uses: cla-assistant/github-action@v2.1.1-beta + env: + # Generated and maintained by github + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # JFrog organization secret + PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_SIGN_TOKEN }} + with: + path-to-signatures: 'signed_clas.json' + path-to-document: 'https://jfrog.com/cla/' + remote-organization-name: 'jfrog' + remote-repository-name: 'jfrog-signed-clas' + # branch should not be protected + branch: 'master' + allowlist: bot* diff --git a/.github/workflows/frogbot-pull-request.yml b/.github/workflows/frogbot-pull-request.yml deleted file mode 100644 index 36cfc1390..000000000 --- a/.github/workflows/frogbot-pull-request.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: "Frogbot Scan PR" -on: - pull_request_target: - types: [ opened, synchronize ] -jobs: - scan-pull-request: - runs-on: ubuntu-latest - # A pull request needs to be approved, before Frogbot scans it. Any GitHub user who is associated with the - # "frogbot" GitHub environment can approve the pull request to be scanned. - environment: frogbot - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - # Install prerequisites - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.17.x - - - uses: jfrog/frogbot@dev - env: - # [Mandatory] - # JFrog platform URL - JF_URL: ${{ secrets.FROGBOT_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - - # [Manadatory] - # The GitHub token automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/frogbot-push.yml b/.github/workflows/frogbot-push.yml deleted file mode 100644 index 014d74994..000000000 --- a/.github/workflows/frogbot-push.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: "Frogbot Fix" -on: - push: - branches: - - 'frogbot-test' -jobs: - create-fix-pull-requests: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - # Install prerequisites - - name: Setup Go - uses: actions/setup-go@v3 - with: - go-version: 1.17.x - - - uses: jfrog/frogbot@dev - env: - # [Mandatory] - # JFrog platform URL - JF_URL: ${{ secrets.FROGBOT_URL }} - - # [Mandatory if JF_USER and JF_PASSWORD are not provided] - # JFrog access token with 'read' permissions on Xray service - JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - - # [Manadatory] - # The GitHub token automatically generated for the job - JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..167d06e2a --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,158 @@ +name: JFrog Client Go Tests +on: + push: +# Triggers the workflow on labeled PRs only. + pull_request_target: + types: [labeled] +# Ensures that only the latest commit is running for each PR at a time. +# Ignores this rule for push events. +concurrency: + group: ${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true +jobs: + Go-Lint: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + - name: Lint + run: go vet -v ./... + + JFrog-Client-Go-Artifactory-Tests: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + name: ${{ matrix.suite }} ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + suite: [artifactory] + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} + steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + - name: Setup Artifactory + run: | + go install github.com/jfrog/jfrog-testing-infra/local-rt-setup@latest + ~/go/bin/local-rt-setup + env: + RTLIC: ${{secrets.RTLIC}} + GOPROXY: direct + + - name: artifactory tests + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.artifactory=true --rt.url='http://localhost:8081/artifactory/' --rt.user='admin' --rt.password='password' --ci.runId=${{ runner.os }}-${{ matrix.suite }} + + JFrog-Client-Go-Ds-Xr-Access-Tests: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + name: ${{ matrix.suite }} ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + suite: [distribution, xray, access] + os: [ubuntu-latest, macos-latest, windows-latest] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + - name: ${{ matrix.suite }} tests + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }}=true --rt.url=${{ secrets.CLI_RT_URL }} --ds.url=${{ secrets.CLI_DIST_URL }} --xr.url=${{ secrets.CLI_XRAY_URL }} --access.url=${{ secrets.CLI_ACCESS_URL }} --rt.user=${{ secrets.CLI_RT_USER }} --rt.password=${{ secrets.CLI_RT_PASSWORD }} --access.token=${{ secrets.CLI_ACCESS_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} + + JFrog-Client-Go-Pipelines-Tests: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + name: pipelines ubuntu-latest + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: pipelines tests + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.pipelines=true --rt.url=${{ secrets.CLI_RT_URL }} --pipe.url=${{ secrets.CLI_PIPE_URL }} --rt.user=${{ secrets.CLI_RT_USER }} --rt.password=${{ secrets.CLI_RT_PASSWORD }} --pipe.accessToken=${{ secrets.CLI_PIPE_ACCESS_TOKE }} --pipe.vcsToken=${{ secrets.CLI_PIPE_VCS_TOKEN }} --pipe.vcsRepo=${{ secrets.CLI_PIPE_VCS_REPO }} --pipe.vcsBranch=${{ secrets.CLI_PIPE_VCS_BRANCH }} --ci.runId=${{ runner.os }}-pipe + + JFrog-Client-Go-Repositories-Tests: + if: contains(github.event.pull_request.labels.*.name, 'safe to test') || github.event_name == 'push' + name: repositories ubuntu-latest + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.17.x + + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + - name: Setup Artifactory + run: | + go install github.com/jfrog/jfrog-testing-infra/local-rt-setup@latest + ~/go/bin/local-rt-setup + env: + RTLIC: ${{secrets.RTLIC}} + GOPROXY: direct + + - name: Repositories tests + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.repositories=true --rt.url='http://localhost:8081/artifactory/' --rt.user='admin' --rt.password='password' diff --git a/go.mod b/go.mod index 6c754a8b7..6f503d802 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.7.1 github.com/xanzy/ssh-agent v0.3.1 - golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 + golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 ) diff --git a/go.sum b/go.sum index f0364ed0e..fcfbff6ea 100644 --- a/go.sum +++ b/go.sum @@ -129,8 +129,8 @@ golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ= -golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b h1:Qwe1rC8PSniVfAFPFJeyUkB+zcysC3RgJBAGk7eqBEU= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE= @@ -168,6 +168,7 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=