From 669292a9dff286cb8c4f8fa16f9aa6c9c1735249 Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Wed, 20 Sep 2023 17:59:40 +0100 Subject: [PATCH] coverage references --- .checkov.yaml | 22 ++++++++ .github/workflows/ci.yml | 40 ++++++++------ .github/workflows/codeql-analysis.yml | 54 +++++++++---------- .github/workflows/pr.yml | 78 ++++++++++++++------------- .github/workflows/release.yml | 14 ++--- .github/workflows/stale.yml | 2 +- .goreleaser.yml | 6 +-- .pre-commit-config.yaml | 18 ++++--- src/see/lookup.go | 4 ++ 9 files changed, 136 insertions(+), 102 deletions(-) create mode 100644 .checkov.yaml diff --git a/.checkov.yaml b/.checkov.yaml new file mode 100644 index 0000000..af0c4a4 --- /dev/null +++ b/.checkov.yaml @@ -0,0 +1,22 @@ +block-list-secret-scan: [ ] +branch: master +directory: + - . +download-external-modules: false +evaluate-variables: true +external-modules-download-path: .external_modules +framework: + - secrets + - github_configuration + - github_actions + - json + - yaml + - sca_package + - sca_image +mask: [ ] +secrets-history-timeout: 12h +secrets-scan-file-type: [ ] +skip-path: + - terraform + - venv +summary-position: top diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d02e6f2..b02254d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,7 +5,8 @@ on: name: CI permissions: read-all - +env: + GITHUB_TOKEN: ${{ github.token }} jobs: test: ## We want to define a strategy for our job @@ -13,8 +14,8 @@ jobs: ## this will contain a matrix of all the combinations ## we wish to test again: matrix: - go-version: [1.20.x] - platform: [ubuntu-latest, macos-latest, windows-latest] + go-version: [ 1.21.x ] + platform: [ ubuntu-latest, macos-latest, windows-latest ] ## Defines the platform for each test run runs-on: ${{ matrix.platform }} @@ -22,20 +23,25 @@ jobs: ## the steps that will be run through for each version and platform ## combination steps: - ## sets up go based on the version - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: ${{ matrix.go-version }} + ## sets up go based on the version + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: ${{ matrix.go-version }} + + ## checks out our code locally, so we can work with the files + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - ## checks out our code locally, so we can work with the files - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + ## runs go test ./... + - name: Build + run: go build ./... - ## runs go test ./... - - name: Build - run: go build ./... + ## runs go test ./... + - name: Test + run: go test ./... -coverprofile=./cover.out - ## runs go test ./... - - name: Test - run: go test ./... + - name: Upload coverage reports to Codecov + uses: codecov/codecov-action@3444e47d45411c1e34e39245eb914e9d557d2305 # v3.1.4 + env: + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9eb10bc..7462d7b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ "master" ] + branches: [ "main" ] pull_request: # The branches below must be a subset of the branches above - branches: [ "master" ] + branches: [ "main" ] schedule: - cron: '36 4 * * 0' permissions: read-all @@ -38,36 +38,32 @@ jobs: # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - - name: Checkout repository - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - name: Checkout repository + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@f9a7c6738f28efb36e31d49c53a201a9c5d6a476 # codeql-bundle-v2.14.2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@f9a7c6738f28efb36e31d49c53a201a9c5d6a476 # codeql-bundle-v2.14.2 + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f9a7c6738f28efb36e31d49c53a201a9c5d6a476 # codeql-bundle-v2.14.2 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@c6c77c8c2d62cfd5b2e8d548817fd3d1582ac744 # codeql-bundle-v2.14.5 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index f3a696b..52ec3e4 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -1,53 +1,55 @@ on: pull_request name: Pull request permissions: read-all +env: + GITHUB_TOKEN: ${{ github.token }} jobs: lint: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: 1.20.x - - name: Restore cache - uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-mod- - - name: gofumpt - uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: 1.21.x + - name: Restore cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-mod- + - name: gofumpt + uses: iamnotaturtle/auto-gofmt@3934ab53013ffb44d3db33bbd1c271279b5925d5 # v2.1.0 test: strategy: matrix: - go-version: [1.20.x] - platform: [ubuntu-latest, macos-latest, windows-latest] + go-version: [ 1.21.x ] + platform: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.platform }} steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: ${{ matrix.go-version }} - - name: Restore cache - uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1.2.1 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go-mod- - - name: Test - run: make test + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: ${{ matrix.go-version }} + - name: Restore cache + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-mod- + - name: Test + run: make test docs: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Install Go - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 - with: - go-version: 1.20.x + - name: Checkout code + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + - name: Install Go + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 + with: + go-version: 1.21.x diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 76c7e84..e3fb304 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,5 @@ --- -name: release +name: Release on: push: tags: @@ -11,21 +11,21 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Unshallow run: git fetch --prune --unshallow - name: Set up Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: - go-version: 1.19 + go-version: 1.21 - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@72b6676b71ab476b77e676928516f6982eef7a41 # v5.3.0 + uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0 with: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@3fa32b8bb5620a2c1afe798654bbad59f9da4906 # v4.4.0 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: version: latest args: release --clean @@ -41,7 +41,7 @@ jobs: needs: - goreleaser steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - name: Publish to Registry uses: elgohr/Publish-Docker-Github-Action@219613003b08f4d049f34cb56c92e84345e1bb3f # v5 with: @@ -64,7 +64,7 @@ jobs: - goreleaser steps: - name: Repository Dispatch - uses: peter-evans/repository-dispatch@26b39ed245ab8f31526069329e112ab2fb224588 # v2.1.1 + uses: peter-evans/repository-dispatch@bf47d102fdb849e755b0b0023ea3e81a44b6f570 # v2.1.2 with: token: ${{ secrets.PAT }} repository: jameswoolfenden/scoop diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8c8bf4e..d75d877 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/stale@a20b814fb01b71def3bd6f56e7494d667ddf28da # v4.1.1 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.' days-before-stale: 30 diff --git a/.goreleaser.yml b/.goreleaser.yml index 6bb2175..c9177b4 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -10,13 +10,13 @@ builds: - linux - windows goarch: - - 386 + - "386" - amd64 - arm64 goarm: - - 7 + - "7" ignore: - - goarch: 386 + - goarch: "386" goos: darwin archives: - format_overrides: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9817897..60999a6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -30,7 +30,7 @@ repos: hooks: - id: shell-lint - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.35.0 + rev: v0.36.0 hooks: - # noinspection SpellCheckingInspection id: markdownlint @@ -39,13 +39,12 @@ repos: rev: v0.1.50 hooks: - id: terraform-fmt - language_version: python3.10 + language_version: python3.11 - repo: https://github.com/gruntwork-io/pre-commit rev: v0.1.22 hooks: - id: gofmt - id: goimports - - id: golint - repo: https://github.com/syntaqx/git-hooks rev: v0.0.18 hooks: @@ -58,19 +57,24 @@ repos: hooks: - id: golangci-lint - repo: https://github.com/bridgecrewio/checkov - rev: 2.4.18 + rev: 2.4.47 hooks: - id: checkov language_version: python3.11 - args: ["-d", "."] - repo: https://github.com/jameswoolfenden/ghat - rev: v0.0.24 + rev: v0.1.0 hooks: - id: ghat-go name: ghat description: upgrade action dependencies language: golang - entry: ghat swot -d . --stable 14 + entry: ghat swot -d . --continue-on-error true --stable 14 always_run: true pass_filenames: false types: [ yaml ] + - repo: https://github.com/dnephin/pre-commit-golang + rev: v0.5.1 + hooks: + - id: validate-toml + - id: no-go-testing + - id: go-mod-tidy diff --git a/src/see/lookup.go b/src/see/lookup.go index fbd1fd3..901b03f 100644 --- a/src/see/lookup.go +++ b/src/see/lookup.go @@ -166,6 +166,10 @@ func Lookup(resource string, reverse bool) (*string, error) { "microsoft.servicebus/namespaces/queues": "azurerm_servicebus_queue", "microsoft.storage/storageaccounts": "azurerm_storage_account", "microsoft.compute/availabilitysets": "azurerm_availability_set", + "microsoft.compute/virtualmachinescalesets": "azurerm_linux_virtual_machine_scale_set", + "microsoft.documentdb/databaseaccounts": "azurerm_cosmosdb_account", + "microsoft.cognitiveservices/accounts": "azurerm_cognitive_account", + "": "azurerm_mssql_server", } if reverse {