-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile.precommit
More file actions
76 lines (61 loc) · 3.03 KB
/
Makefile.precommit
File metadata and controls
76 lines (61 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
export ROOTDIR ?= $(shell git rev-parse --show-toplevel)
default: precommit
precommit: ensure format generate test check addlicense
@echo "ready to commit"
ensure:
go mod tidy
go mod verify
rm -rf vendor
format:
find . -type f -name 'go.mod' -not -path './vendor/*' -exec go run -mod=mod github.com/shoenig/go-modtool -w fmt "{}" \;
find . -type f -name '*.go' -not -path './vendor/*' -exec gofmt -w "{}" +
go run -mod=mod github.com/incu6us/goimports-reviser/v3 -project-name github.com/bborbe/agent -format -excludes vendor ./...
find . -type d -name vendor -prune -o -type f -name '*.go' -print0 | xargs -0 -n 10 go run -mod=mod github.com/segmentio/golines --max-len=100 -w
generate:
rm -rf mocks avro
mkdir -p mocks
echo "package mocks" > mocks/mocks.go
go generate -mod=mod ./...
.PHONY: test
test:
go test -mod=mod -p=$${GO_TEST_PARALLEL:-1} -cover -race $(shell go list -mod=mod ./... | grep -v /vendor/)
check: lint vet errcheck vulncheck osv-scanner gosec trivy
lint:
go run -mod=mod github.com/golangci/golangci-lint/v2/cmd/golangci-lint run --config $(ROOTDIR)/.golangci.yml ./...
vet:
go vet -mod=mod $(shell go list -mod=mod ./... | grep -v /vendor/)
errcheck:
go run -mod=mod github.com/kisielk/errcheck -ignore '(Close|Write|Fprint)' $(shell go list -mod=mod ./... | grep -v /vendor/ | grep -v k8s/client)
.PHONY: vulncheck
vulncheck:
@go run -mod=mod golang.org/x/vuln/cmd/govulncheck -format json $(shell go list -mod=mod ./... | grep -v /vendor/) 2>&1 | \
jq -e 'select(.finding != null and .finding.osv != "GO-2026-4923" and .finding.osv != "GO-2026-4514" and .finding.osv != "GO-2022-0470" and .finding.osv != "GO-2026-4772" and .finding.osv != "GO-2026-4771")' > /dev/null 2>&1 && \
{ echo "Unexpected vulnerabilities found"; go run -mod=mod golang.org/x/vuln/cmd/govulncheck $(shell go list -mod=mod ./... | grep -v /vendor/); exit 1; } || \
echo "No unignored vulnerabilities found"
.PHONY: osv-scanner
osv-scanner:
@if [ -f .osv-scanner.toml ]; then \
echo "Using .osv-scanner.toml"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --config .osv-scanner.toml --recursive .; \
elif [ -f $(ROOTDIR)/.osv-scanner.toml ]; then \
echo "Using $(ROOTDIR)/.osv-scanner.toml"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --config $(ROOTDIR)/.osv-scanner.toml --recursive .; \
else \
echo "No config found, running default scan"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --recursive .; \
fi
gosec:
go run -mod=mod github.com/securego/gosec/v2/cmd/gosec -exclude=G104 ./...
.PHONY: trivy
trivy:
trivy fs \
--db-repository ghcr.io/aquasecurity/trivy-db \
$(if $(wildcard .trivyignore),--ignorefile .trivyignore,$(if $(wildcard $(ROOTDIR)/.trivyignore),--ignorefile $(ROOTDIR)/.trivyignore,)) \
--scanners vuln,secret \
--skip-dirs vendor \
--quiet \
--no-progress \
--disable-telemetry \
--exit-code 1 .
addlicense:
go run -mod=mod github.com/google/addlicense -c "Benjamin Borbe" -y $$(date +'%Y') -l bsd $$(find . -name "*.go" -not -path './vendor/*')