From 867ac594bcfa30fe66de7a97ca26a1b4b5f5f872 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Fri, 1 Nov 2024 05:55:45 +0100 Subject: [PATCH 1/2] build: Use golang-action v0.9.4 --- .github/workflows/golang.yml | 20 ++++++++++++++++---- .gitignore | 1 + .trivyignore | 0 README.md | 21 +++++++++++++++++---- Taskfile.yml | 17 +++++++++++++++++ 5 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 .trivyignore create mode 100644 Taskfile.yml diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index f329e8a..e7d019d 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -10,14 +10,26 @@ permissions: contents: read packages: read jobs: - mcvs-golang-action: + MCVS-golang-action: + env: + TASK_X_REMOTE_TASKFILES: 1 runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4.2.1 - - uses: schubergphilis/mcvs-golang-action@v0.8.3 + - uses: actions/checkout@v4.2.2 + - uses: schubergphilis/mcvs-golang-action@v0.9.4 with: - code_coverage_expected: 62.3 + code-coverage-expected: 62.3 gci: "false" golang-unit-tests-exclusions: |- \(cmd\/prolayout\) golangci-lint-version: v1.61.0 + testing-type: ${{ matrix.testing-type }} + strategy: + matrix: + testing-type: + - coverage + - lint + - security-golang-modules + - security-grype + - security-trivy + - unit diff --git a/.gitignore b/.gitignore index a6932ab..b5b4faa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +.task .vscode reports diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index 8a0ae9d..abb3a03 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,25 @@ # ProLayout -Pro(ject) layout is a static analysis tool that allow you to lint the project structure of your go project. +Pro(ject) layout is a static analysis tool that allow you to lint the project +structure of your go project. -# Why +## Development -Since Go does not enforce any real project structure, we wanted to have a static analysis tool, to help us to ensure projects are structured in a similar fashion. +Either use `make` or `task`: -# Example configuration file +### Task + +```zsh +TASK_X_REMOTE_TASKFILES=1 task test-all --yes +``` + +## Why + +Since Go does not enforce any real project structure, we wanted to have a +static analysis tool, to help us to ensure projects are structured in a similar +fashion. + +## Example configuration file ```YAML module: "github.com/wimspaargaren/prolayout" diff --git a/Taskfile.yml b/Taskfile.yml new file mode 100644 index 0000000..9a6ce98 --- /dev/null +++ b/Taskfile.yml @@ -0,0 +1,17 @@ +--- +version: 3 + +vars: + REMOTE_URL: https://raw.githubusercontent.com + REMOTE_URL_REF: v0.9.4 + REMOTE_URL_REPO: schubergphilis/mcvs-golang-action + +includes: + remote: >- + {{.REMOTE_URL}}/{{.REMOTE_URL_REPO}}/{{.REMOTE_URL_REF}}/Taskfile.yml + +tasks: + test-all: + deps: + - task: remote:golangci-lint + - task: remote:test From 1e4f05c8b8042628c2c0d56441277b2461dd9a06 Mon Sep 17 00:00:00 2001 From: sbp-bvanb Date: Mon, 11 Nov 2024 14:26:12 +0100 Subject: [PATCH 2/2] build: Use golang-action v0.10.1 that uses the public preserved TrivyDBs to prevent rate limiting issues --- .github/workflows/golang.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golang.yml b/.github/workflows/golang.yml index e7d019d..9762eff 100644 --- a/.github/workflows/golang.yml +++ b/.github/workflows/golang.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v4.2.2 - - uses: schubergphilis/mcvs-golang-action@v0.9.4 + - uses: schubergphilis/mcvs-golang-action@v0.10.1 with: code-coverage-expected: 62.3 gci: "false"