add boilerplates and ci jobs for lint (chainguard-dev#102)

* add boilerplates and ci jobs for lint * install deps * install deps * fix lints
tstromberg · Apr 10, 2024 · 0321b58 · 0321b58
1 parent 643ad29
commit 0321b58
Show file tree

Hide file tree

Showing 24 changed files with 300 additions and 51 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,13 +1,26 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+---
 version: 2
 updates:
-- package-ecosystem: gomod
- directory: "/"
- schedule:
- interval: weekly
- open-pull-requests-limit: 10
+ - package-ecosystem: gomod
+ directory: "/"
+ schedule:
+ interval: weekly
+ open-pull-requests-limit: 10
+ groups:
+ all:
+ update-types:
+ - "patch"
 
-- package-ecosystem: "github-actions"
- directory: "/"
- schedule:
- interval: weekly
- open-pull-requests-limit: 10
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: weekly
+ open-pull-requests-limit: 10
+ groups:
+ all:
+ update-types:
+ - "minor"
+ - "patch"
diff --git a/.github/workflows/boilerplate.yaml b/.github/workflows/boilerplate.yaml
@@ -0,0 +1,40 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Boilerplate
+
+on:
+ pull_request:
+ branches:
+ - 'main'
+
+jobs:
+
+ check:
+ permissions:
+ contents: read
+
+ name: Boilerplate Check
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false # Keep running if one leg fails.
+ matrix:
+ extension:
+ - go
+ - sh
+
+ # Map between extension and human-readable name.
+ include:
+ - extension: go
+ language: Go
+ - extension: sh
+ language: Bash
+
+ steps:
+ - name: Check out code
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+ - uses: chainguard-dev/actions/boilerplate@main
+ with:
+ extension: ${{ matrix.extension }}
+ language: ${{ matrix.language }}
diff --git a/.github/workflows/go-tests.yaml b/.github/workflows/go-tests.yaml
@@ -1,10 +1,15 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
 name: Go Tests
 
 on:
  push:
- branches: [ "main" ]
+ branches:
+ - "main"
  pull_request:
- branches: [ "main" ]
+ branches:
+ - "main"
 
 jobs:
  test:
@@ -28,5 +33,15 @@ jobs:
 
  - uses: chainguard-dev/actions/goimports@main
 
+ - name: install libyara-dev
+ run: |
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-updates main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://security.ubuntu.com/ubuntu mantic-security main restricted universe multiverse"
+
+ sudo apt update && sudo apt install libyara-dev -y
+
  - name: Test
- run: make test
+ run: |
+ make test
diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml
@@ -0,0 +1,119 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+name: Code Style
+
+on:
+ pull_request:
+ branches:
+ - 'main'
+ push:
+ branches:
+ - 'main'
+
+jobs:
+
+ gofmt:
+ name: check gofmt
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out code
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+ - name: Set up Go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ with:
+ go-version: '1.21'
+ check-latest: true
+
+ - uses: chainguard-dev/actions/gofmt@main
+ with:
+ args: -s
+
+ goimports:
+ name: check goimports
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check out code
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+ - name: Set up Go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ with:
+ go-version: '1.21'
+ check-latest: true
+
+ - uses: chainguard-dev/actions/goimports@main
+
+ golangci-lint:
+ name: golangci-lint
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+ - name: Set up Go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ with:
+ go-version: '1.21'
+ check-latest: true
+
+ - name: install libyara-dev
+ run: |
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-updates main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://archive.ubuntu.com/ubuntu/ mantic-backports main restricted universe multiverse"
+ sudo add-apt-repository -n -y "deb http://security.ubuntu.com/ubuntu mantic-security main restricted universe multiverse"
+
+ sudo apt update && sudo apt install libyara-dev -y
+
+ - name: golangci-lint
+ uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v3.7.1
+ with:
+ version: v1.57
+ args: --timeout=5m
+
+ lint:
+ name: Lint
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Check out code
+ uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+
+ - name: Set up Go
+ uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+ with:
+ go-version: '1.21'
+ check-latest: true
+
+ - uses: chainguard-dev/actions/trailing-space@main
+ if: ${{ always() }}
+
+ - uses: chainguard-dev/actions/eof-newline@main
+ if: ${{ always() }}
+
+ - uses: reviewdog/action-tflint@master
+ if: ${{ always() }}
+ with:
+ github_token: ${{ secrets.github_token }}
+ fail_on_error: true
+
+ - uses: reviewdog/action-misspell@5bd7be2fc7ae56a517184f5c4bbcf2fd7afe3927 # v1.17.0
+ if: ${{ always() }}
+ with:
+ github_token: ${{ secrets.github_token }}
+ fail_on_error: true
+ locale: "US"
+ exclude: |
+ **/go.sum
+ **/third_party/**
+ ./*.yml
+
+ - uses: get-woke/woke-action-reviewdog@d71fd0115146a01c3181439ce714e21a69d75e31 # v0
+ if: ${{ always() }}
+ with:
+ github-token: ${{ secrets.github_token }}
+ reporter: github-pr-check
+ level: error
+ fail-on-error: true
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,6 +1,6 @@
 run:
  # The default runtime timeout is 1m, which doesn't work well on Github Actions.
- timeout: 4m
+ timeout: 10m
 
 # NOTE: This file is populated by the lint-install tool. Local adjustments may be overwritten.
 linters-settings:

diff --git a/Makefile b/Makefile
@@ -1,3 +1,6 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
 # BEGIN: lint-install ../bincapz
 # http://github.com/tinkerbell/lint-install
 
@@ -42,4 +45,8 @@ _lint: $(LINTERS)
 .PHONY: fix $(FIXERS)
 fix: $(FIXERS)
 
+.PHONY: test
+test:
+ go test ./... -v
+
 # END: lint-install ../bincapz
diff --git a/README.md b/README.md
@@ -26,9 +26,9 @@ Enumerates program capabilities and malicious behaviors using fragment analysis.
 
 * go 1.21+
 * yara 4.3+ library - you can use this one-liner to install it if necessary:
- 
+
 ```shell
-brew install yara || sudo apt install libyara-devel \
+brew install yara || sudo apt install libyara-dev \
  || sudo dnf install yara-devel || sudo pacman -S yara
 ```
 

diff --git a/bincapz.go b/bincapz.go
@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 // bincapz returns information about a binaries capabilities
 package main
 
@@ -29,8 +32,8 @@ func main() {
  allFlag := flag.Bool("all", false, "Ignore nothing, show all")
 
  klog.InitFlags(nil)
- flag.Set("logtostderr", "false")
- flag.Set("alsologtostderr", "false")
+ _ = flag.Set("logtostderr", "false")
+ _ = flag.Set("alsologtostderr", "false")
  flag.Parse()
  args := flag.Args()
 
@@ -77,14 +80,12 @@ func main() {
  } else {
  res, err = action.Scan(bc)
  }
-
  if err != nil {
  fmt.Fprintf(os.Stderr, "failed: %v\n", err)
  os.Exit(3)
  }
 
- renderer.Full(*res)
-
+ err = renderer.Full(*res)
  if err != nil {
  klog.Errorf("failed: %v", err)
  os.Exit(1)

diff --git a/bincapz_test.go b/bincapz_test.go
@@ -1,10 +1,12 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package main
 
 import (
  "bytes"
  "encoding/json"
  "io/fs"
- "log"
  "os"
  "path/filepath"
  "strings"
@@ -27,9 +29,9 @@ func TestJSON(t *testing.T) {
 
  fileSystem := os.DirFS(testDataRoot)
 
- fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+ fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
  if err != nil {
- log.Fatal(err)
+ t.Fatal(err)
  }
  if !strings.HasSuffix(path, ".json") {
  return nil
@@ -83,7 +85,7 @@ func TestSimple(t *testing.T) {
 
  fileSystem := os.DirFS(testDataRoot)
 
- fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+ fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
  if err != nil {
  t.Fatal(err)
  }
@@ -197,9 +199,9 @@ func TestMarkdown(t *testing.T) {
 
  fileSystem := os.DirFS(testDataRoot)
 
- fs.WalkDir(fileSystem, ".", func(path string, d fs.DirEntry, err error) error {
+ fs.WalkDir(fileSystem, ".", func(path string, _ fs.DirEntry, err error) error {
  if err != nil {
- log.Fatal(err)
+ t.Fatal(err)
  }
  if !strings.HasSuffix(path, ".md") {
  return nil

diff --git a/pkg/action/action.go b/pkg/action/action.go
@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package action
 
 import (

diff --git a/pkg/action/diff.go b/pkg/action/diff.go
@@ -1,3 +1,6 @@
+// Copyright 2024 Chainguard, Inc.
+// SPDX-License-Identifier: Apache-2.0
+
 package action
 
 import (