From 1d50ff20acf7f5e48cd6282b49d9dc4b95c101a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Felipe=20=C3=81lvarez?= Date: Thu, 28 Jul 2022 17:26:41 +0200 Subject: [PATCH 1/2] chore: use infra-checkers static analysis settings and bump go to 1.18 --- .github/workflows/push_pr.yml | 7 ++++++- .golangci.yml | 29 ----------------------------- Makefile | 13 ++----------- 3 files changed, 8 insertions(+), 41 deletions(-) delete mode 100644 .golangci.yml diff --git a/.github/workflows/push_pr.yml b/.github/workflows/push_pr.yml index 4ff9438..830a278 100644 --- a/.github/workflows/push_pr.yml +++ b/.github/workflows/push_pr.yml @@ -19,13 +19,18 @@ jobs: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: ${{ env.GO_VERSION }} - uses: newrelic/newrelic-infra-checkers@v1 + with: + golangci-lint-config: golangci-lint-limited - name: Semgrep uses: returntocorp/semgrep-action@v1 with: auditOn: push - name: golangci-lint - uses: golangci/golangci-lint-action@v2 + uses: golangci/golangci-lint-action@v3 continue-on-error: ${{ github.event_name != 'pull_request' }} with: only-new-issues: true diff --git a/.golangci.yml b/.golangci.yml deleted file mode 100644 index 7d1b085..0000000 --- a/.golangci.yml +++ /dev/null @@ -1,29 +0,0 @@ -run: - timeout: 5m - -linters: - enable: - - govet - - golint - - goimports - - unused - - goconst - - errcheck - enable-all: false - disable-all: true - fast: false - -# all available settings of specific linters -linters-settings: - golint: - # minimal confidence for issues, default is 0.8 - min-confidence: 0.3 - -issues: - exclude-use-default: false - -misspell: - locale: US - -lll: - line-length: 100 diff --git a/Makefile b/Makefile index 76e5c92..f8f20a1 100644 --- a/Makefile +++ b/Makefile @@ -8,20 +8,16 @@ IMAGE_NAME ?= newrelic/nri-discovery-kubernetes GOPATH := $(shell go env GOPATH) GORELEASER_VERSION := v0.168.0 GORELEASER_BIN ?= bin/goreleaser -GOLANGCI_LINT_BIN = golangci-lint all: build -build: check-version clean validate test compile +build: check-version clean test compile clean: @echo "=== $(PROJECT) === [ clean ]: Removing binaries and coverage file..." @rm -rfv bin @rm -rfv target -tools: check-version - @which $(GOLANGCI_LINT_BIN) || echo "golangci-lint not found in PATH" >&2 && exit 1 - fmt: @go fmt ./... @@ -29,11 +25,6 @@ deps: @echo "=== $(PROJECT) === [ deps ]: Installing package dependencies required by the project..." @go mod download -validate: deps - @echo "=== $(PROJECT) === [ validate ]: Validating source code running golangci-lint..." - @${GOLANGCI_LINT_BIN} --version - @${GOLANGCI_LINT_BIN} run - compile: deps @echo "=== $(PROJECT) === [ compile ]: Building $(BINARY_NAME)..." @go build -o bin/$(BINARY_NAME) ./cmd/discovery/ @@ -71,4 +62,4 @@ endif include $(CURDIR)/build/ci.mk include $(CURDIR)/build/release.mk -.PHONY: all fmt build clean tools tools-update deps deps-only validate compile compile-only test check-version tools-golangci-lint docker-build release release/deps release/test docker-release +.PHONY: all fmt build clean tools tools-update deps deps-only compile compile-only test check-version docker-build release release/deps release/test snyk snyk/monitor docker-release From 55a8dda4c2cf69402e18e8f1092f796f66a4dedf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Felipe=20=C3=81lvarez?= Date: Tue, 23 Aug 2022 14:29:06 +0200 Subject: [PATCH 2/2] chore: include known vulneravility exception --- .trivyignore | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 0000000..5ee435e --- /dev/null +++ b/.trivyignore @@ -0,0 +1,3 @@ +# We are running the 2.16.0 version of github.com/emicklei/go-restful that had the fix backported, but trivy still points it out as false-positive +# This is going to be fixed by 2.15 of the kubernetes client go, they decided not to backport the fix since they are not using the impacted feature. +CVE-2022-1996 \ No newline at end of file