Skip to content

[engine] Accept None for optional args to ctx.emit.finding #292

[engine] Accept None for optional args to ctx.emit.finding

[engine] Accept None for optional args to ctx.emit.finding #292

Workflow file for this run

# Copyright 2023 The Shac Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
on: [push, pull_request]
name: Run tests
jobs:
# Runs go test both with code coverage sent to codecov, race detector and
# benchmarks. At the end do a quick check to ensure the tests to not leave
# files in the tree.
test:
name: "test: go${{matrix.gover}}.x/${{matrix.os}}"
runs-on: "${{matrix.os}}"
continue-on-error: true
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
# Do not forget to bump every 6 months!
gover: ["1.21"]
env:
PYTHONDONTWRITEBYTECODE: x
steps:
- name: Turn off git core.autocrlf
if: matrix.os == 'windows-latest'
run: git config --global core.autocrlf false
- uses: actions/checkout@v3
with:
fetch-depth: 2
- uses: actions/setup-go@v4
with:
go-version: "~${{matrix.gover}}.0"
- name: 'go install necessary tools'
if: always()
run: |
go install github.com/maruel/pat/cmd/ba@latest
- name: 'Check: go test -cover'
if: always()
run: go test -timeout=5m -covermode=count -coverprofile coverage.txt -bench=. -benchtime=1x ./...
# Don't send code coverage if anything failed to reduce spam.
- uses: codecov/codecov-action@v3
- name: 'Cleanup'
if: always()
run: rm coverage.txt
- name: 'Check: go test -race'
run: go test -timeout=5m -race -bench=. -benchtime=1x ./...
- name: 'Check: benchmark 📈'
run: ba -against HEAD~1
- name: 'Check: go test -short (CGO_ENABLED=0)'
env:
CGO_ENABLED: 0
run: go test -timeout=5m -short -bench=. -benchtime=1x ./...
- name: 'Check: go test -short (32 bits)'
if: matrix.os != 'macos-latest'
env:
GOARCH: 386
run: go test -timeout=5m -short -bench=. -benchtime=1x ./...
- name: 'Install shac'
if: always()
run: go install .
- name: 'Check: shac check'
if: always()
run: shac check
- name: "Check: tree is clean"
if: always()
run: |
# Nothing should have changed in the tree up to that point and no
# unsuspected file was created.
# TODO(olivernewman): Add --ignored flag once go tools are installed
# outside the checkout instead of in the .tools directory.
TOUCHED=$(git status --porcelain)
if ! test -z "$TOUCHED"; then
echo "Oops, something touched these files, please cleanup:"
echo "$TOUCHED"
git diff
false
fi
# Run linters. This workflow can be merged with the test_all one if desired
# to cut on runtime, at the cost of latency. I dislike waiting for results
# so I prefer to run them in parallel.
lint:
name: "lint: go${{matrix.gover}}.x/${{matrix.os}}"
runs-on: "${{matrix.os}}"
continue-on-error: true
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
# You may want to run only on linux to save on cost. Projects with
# OS-specific code benefits from explicitly linting on macOS and
# Windows.
os: [ubuntu-latest, macos-latest, windows-latest]
# Do not forget to bump every 6 months!
gover: ["1.21"]
env:
PYTHONDONTWRITEBYTECODE: x
steps:
- name: Turn off git core.autocrlf
if: matrix.os == 'windows-latest'
run: git config --global core.autocrlf false
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: "~${{matrix.gover}}.0"
- name: "Debug"
run: |
echo HOME = $HOME
echo GITHUB_WORKSPACE = $GITHUB_WORKSPACE
echo PATH = $PATH
echo ""
echo $ ls -l $HOME/go/bin
ls -la $HOME/go/bin
- name: Install protoc
# See https://github.com/arduino/setup-protoc/issues/33
if: ${{ false }}
uses: arduino/setup-protoc@v1
with:
version: '21.12'
- name: 'go install necessary tools (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
go install github.com/client9/misspell/cmd/misspell@latest
go install github.com/google/addlicense@latest
- name: 'Check: go vet'
if: always()
run: go vet -unsafeptr=false ./...
# run them on ubuntu-latest since it's the fastest one.
- name: 'Check: no executable was committed (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
if find . -path '*.sh' -prune -o \
-path ./.git -prune -o \
-path './internal/sandbox/nsjail-linux-*' -prune -o \
-type f -executable -print | grep -e . ; then
echo 'Do not commit executables beside shell scripts'
false
fi
- name: 'Check: addlicense; all sources have a license header (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: addlicense -check -ignore 'vendor/**' .
- name: "Check: misspelling; code doesn't contain misspelling (ubuntu)"
if: always() && matrix.os == 'ubuntu-latest'
run: |
ERR=$(find . -type f | grep -v vendor/ | xargs misspell)
if ! test -z "$ERR"; then
echo "$ERR"
echo "## ⚠ misspell Failed" >> ../_comments.txt
echo "" >> ../_comments.txt
echo "$ERR" >> ../_comments.txt
echo "" >> ../_comments.txt
false
fi
- name: 'Send comments'
if: failure()
run: |
if [ -f ../_comments.txt ]; then
URL="${{github.event.issue.pull_request.url}}"
if test -z "$URL"; then
URL="${{github.api_url}}/repos/${{github.repository}}/commits/${{github.sha}}/comments"
fi
echo "Sending $(cat ../_comments.txt|wc -l) lines of comments to ${URL}"
curl -sS --request POST \
--header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \
--header "Content-Type: application/json" \
--data "$(cat ../_comments.txt | jq -R --slurp '{body: .}')" \
"${URL}" > /dev/null
rm ../_comments.txt
fi
- name: "Check: go generate doesn't modify files"
# See https://github.com/arduino/setup-protoc/issues/33
if: ${{ false }}
#if: always()
run: |
go generate ./...
# Also test for untracked files. go generate should not generate ignored
# files either.
TOUCHED=$(git status --porcelain --ignored)
if ! test -z "$TOUCHED"; then
echo "go generate created these files, please fix:"
echo "$TOUCHED"
false
fi
- name: "Check: go mod tidy doesn't modify files"
if: always()
run: |
go mod tidy
TOUCHED=$(git status --porcelain --ignored)
if ! test -z "$TOUCHED"; then
echo "go mod tidy was not clean, please update:"
git diff
false
fi
codeql:
name: "codeql: go${{matrix.gover}}.x/${{matrix.os}}"
runs-on: "${{matrix.os}}"
continue-on-error: true
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
# Do not forget to bump every 6 months!
gover: ["1.21"]
permissions:
security-events: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: "~${{matrix.gover}}.0"
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2