suyiiyii/yq
1
0
Fork 0
mirror of https://github.com/mikefarah/yq.git synced 2024-11-12 05:38:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added gosec

Browse Source
This commit is contained in:
Mike Farah 2021-03-03 19:44:23 +11:00
parent e93c43f7a0
commit b2186d5404
6 changed files with 20 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore
View File

@ -1 +1 @@
bin bin/*

21
Dockerfile.dev
View File

@ -6,26 +6,5 @@ RUN set -e -x \
&& /opt/devtools.sh && /opt/devtools.sh
ENV PATH=/go/bin:$PATH ENV PATH=/go/bin:$PATH
# install mkdocs
RUN set -ex \
&& buildDeps=' \
build-essential \
python3-dev \
' \
&& apt-get update && apt-get install -y --no-install-recommends \
$buildDeps \
python3 \
python3-setuptools \
python3-wheel \
python3-pip \
&& pip3 install --upgrade \
pip \
'Markdown>=2.6.9' \
'mkdocs>=0.16.3' \
'mkdocs-material>=1.10.1' \
'markdown-include>=0.5.1' \
&& apt-get purge -y --auto-remove $buildDeps \
&& rm -rf /var/lib/apt/lists/*
ENV CGO_ENABLED 0 ENV CGO_ENABLED 0
ENV GOPATH /go:/yq ENV GOPATH /go:/yq

12
Makefile
View File

@ -17,6 +17,7 @@ help:
@echo ' make vendor Install dependencies to vendor directory.' @echo ' make vendor Install dependencies to vendor directory.'
@echo ' make format Run code formatter.' @echo ' make format Run code formatter.'
@echo ' make check Run static code analysis (lint).' @echo ' make check Run static code analysis (lint).'
@echo ' make secure Run gosec.'
@echo ' make test Run tests on project.' @echo ' make test Run tests on project.'
@echo ' make cover Run tests and capture code coverage metrics on project.' @echo ' make cover Run tests and capture code coverage metrics on project.'
@echo ' make clean Clean the directory tree of produced artifacts.' @echo ' make clean Clean the directory tree of produced artifacts.'
@ -48,7 +49,7 @@ tmp/dev_image_id: Dockerfile.dev scripts/devtools.sh
# ---------------------------------------------- # ----------------------------------------------
# build # build
.PHONY: build .PHONY: build
build: build/dev build: build/dev secure
.PHONY: build/dev .PHONY: build/dev
build/dev: test *.go build/dev: test *.go
@ -84,6 +85,10 @@ format: vendor
check: format check: format
${DOCKRUN} bash ./scripts/check.sh ${DOCKRUN} bash ./scripts/check.sh
.PHONY: secure
secure:
${DOCKRUN} bash ./scripts/secure.sh
.PHONY: test .PHONY: test
test: check test: check
${DOCKRUN} bash ./scripts/test.sh ${DOCKRUN} bash ./scripts/test.sh
@ -96,11 +101,6 @@ cover: check
@find cover -type d -exec chmod 755 {} \; || : @find cover -type d -exec chmod 755 {} \; || :
@find cover -type f -exec chmod 644 {} \; || : @find cover -type f -exec chmod 644 {} \; || :
.PHONY: build-docs
build-docs: prepare mkdocs.yml mkdocs/*
${DOCKRUN} mkdocs build
@find docs -type d -exec chmod 755 {} \; || :
@find docs -type f -exec chmod 644 {} \; || :
.PHONY: release .PHONY: release
release: xcompile release: xcompile

9
scripts/check.sh
View File

@ -10,12 +10,3 @@ else
./bin/golangci-lint run --timeout=5m ./bin/golangci-lint run --timeout=5m
fi fi
# ./bin/golangci-lint \
# --tests \
# --vendor \
# --disable=aligncheck \
# --disable=gotype \
# --disable=goconst \
# --disable=gocyclo \
# --deadline=300s \
# ./...

3
scripts/devtools.sh
View File

@ -1,4 +1,5 @@
#!/bin/sh #!/bin/sh
set -ex set -ex
go get golang.org/x/tools/cmd/goimports go get golang.org/x/tools/cmd/goimports
wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.24.0 wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.37.1
wget -O- -nv https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s v2.6.1

11
scripts/secure.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -o errexit
set -o pipefail
if command -v gosec &> /dev/null
then
gosec ${PWD}
else
./bin/gosec ${PWD}
fi