-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile.precommit
More file actions
95 lines (77 loc) · 3.79 KB
/
Makefile.precommit
File metadata and controls
95 lines (77 loc) · 3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
export ROOTDIR ?= $(shell git rev-parse --show-toplevel)
RACE ?= true
include $(ROOTDIR)/tools.env
default: precommit
precommit: ensure format generate test check addlicense
@echo "ready to commit"
ensure:
go mod tidy
go mod verify
rm -rf vendor
format:
find . -type f -name 'go.mod' -not -path './vendor/*' -exec go run github.com/shoenig/go-modtool@$(GO_MODTOOL_VERSION) -w fmt "{}" \;
find . -type f -name '*.go' -not -path './vendor/*' -exec gofmt -w "{}" +
go run github.com/incu6us/goimports-reviser/v3@$(GOIMPORTS_REVISER_VERSION) -project-name github.com/bborbe/maintainer -format -excludes vendor ./...
find . -type d -name vendor -prune -o -type f -name '*.go' -print0 | xargs -0 -n 10 go run github.com/segmentio/golines@$(GOLINES_VERSION) --max-len=100 -w
generate:
rm -rf mocks avro
mkdir -p mocks
echo "package mocks" > mocks/mocks.go
go generate -mod=mod ./...
.PHONY: test
test:
go test -mod=mod -p=$${GO_TEST_PARALLEL:-1} -cover $(if $(filter true,$(RACE)),-race) $(shell go list -mod=mod ./... | grep -v /vendor/)
check: lint vet errcheck vulncheck osv-scanner gosec trivy
lint:
go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION) run --config $(ROOTDIR)/.golangci.yml ./...
vet:
go vet -mod=mod $(shell go list -mod=mod ./... | grep -v /vendor/)
errcheck:
go run github.com/kisielk/errcheck@$(ERRCHECK_VERSION) -ignore '(Close|Write|Fprint)' $(shell go list -mod=mod ./... | grep -v /vendor/ | grep -v k8s/client)
VULNCHECK_IGNORE ?= GO-2026-4923 GO-2026-4514 GO-2022-0470 GO-2026-4772 GO-2026-4771
.PHONY: vulncheck
vulncheck:
@PKGS="$(shell go list -mod=mod ./... | grep -v /vendor/)"; \
IGNORE_JSON=$$(printf '%s\n' $(VULNCHECK_IGNORE) | jq -R . | jq -s .); \
REMAIN=$$(go run golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION) -format json $$PKGS 2>/dev/null | \
jq -rs --argjson ignore "$$IGNORE_JSON" \
'(map(select(.osv != null)) | map({key: .osv.id, value: (.osv.summary // "")}) | from_entries) as $$sum | \
map(select(.finding != null) | .finding) | \
map(select(.osv as $$o | $$ignore | index($$o) | not)) | \
map("\(.osv)\t\(.trace[-1].module)@\(.trace[-1].version) -> \(.fixed_version)\t\($$sum[.osv] // "")") | \
unique | .[]'); \
if [ -n "$$REMAIN" ]; then \
echo "Unexpected vulnerabilities (ignored: $(VULNCHECK_IGNORE)):"; \
printf '%s\n' "$$REMAIN" | column -t -s "$$(printf '\t')"; \
exit 1; \
else \
echo "No unignored vulnerabilities found"; \
fi
.PHONY: osv-scanner
osv-scanner:
@if [ -f .osv-scanner.toml ]; then \
echo "Using .osv-scanner.toml"; \
go run github.com/google/osv-scanner/v2/cmd/osv-scanner@$(OSV_SCANNER_VERSION) --config .osv-scanner.toml --recursive .; \
elif [ -f $(ROOTDIR)/.osv-scanner.toml ]; then \
echo "Using $(ROOTDIR)/.osv-scanner.toml"; \
go run github.com/google/osv-scanner/v2/cmd/osv-scanner@$(OSV_SCANNER_VERSION) --config $(ROOTDIR)/.osv-scanner.toml --recursive .; \
else \
echo "No config found, running default scan"; \
go run github.com/google/osv-scanner/v2/cmd/osv-scanner@$(OSV_SCANNER_VERSION) --recursive .; \
fi
gosec:
go run github.com/securego/gosec/v2/cmd/gosec@$(GOSEC_VERSION) -exclude=G104 ./...
.PHONY: trivy
trivy:
trivy fs \
--db-repository ghcr.io/aquasecurity/trivy-db \
$(if $(wildcard .trivyignore),--ignorefile .trivyignore,$(if $(wildcard $(ROOTDIR)/.trivyignore),--ignorefile $(ROOTDIR)/.trivyignore,)) \
$(if $(wildcard .trivy-secret.yaml),--secret-config .trivy-secret.yaml,$(if $(wildcard $(ROOTDIR)/.trivy-secret.yaml),--secret-config $(ROOTDIR)/.trivy-secret.yaml,)) \
--scanners vuln,secret \
--skip-dirs vendor \
--quiet \
--no-progress \
--disable-telemetry \
--exit-code 1 .
addlicense:
go run github.com/google/addlicense@$(ADDLICENSE_VERSION) -c "Benjamin Borbe" -y $$(date +'%Y') -l bsd $$(find . -name "*.go" -not -path './vendor/*')