-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile.precommit
More file actions
91 lines (75 loc) · 3.5 KB
/
Makefile.precommit
File metadata and controls
91 lines (75 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
export ROOTDIR ?= $(shell git rev-parse --show-toplevel)
default: precommit
precommit: ensure format generate test check addlicense
@echo "ready to commit"
ensure:
go mod tidy
go mod verify
rm -rf vendor
format:
find . -type f -name 'go.mod' -not -path './vendor/*' -exec go run -mod=mod github.com/shoenig/go-modtool -w fmt "{}" \;
find . -type f -name '*.go' -not -path './vendor/*' -exec gofmt -w "{}" +
go run -mod=mod github.com/incu6us/goimports-reviser/v3 -project-name github.com/bborbe/agent -format -excludes vendor ./...
find . -type d -name vendor -prune -o -type f -name '*.go' -print0 | xargs -0 -n 10 go run -mod=mod github.com/segmentio/golines --max-len=100 -w
generate:
rm -rf mocks avro
mkdir -p mocks
echo "package mocks" > mocks/mocks.go
go generate -mod=mod ./...
.PHONY: test
test:
go test -mod=mod -p=$${GO_TEST_PARALLEL:-1} -cover -race $(shell go list -mod=mod ./... | grep -v /vendor/)
check: lint vet vulncheck osv-scanner trivy
lint:
go run -mod=mod github.com/golangci/golangci-lint/v2/cmd/golangci-lint run --config $(ROOTDIR)/.golangci.yml ./...
vet:
go vet -mod=mod $(shell go list -mod=mod ./... | grep -v /vendor/)
# errcheck removed — embedded in golangci-lint (see .golangci.yml).
# Standalone errcheck fatals under Go 1.26+ due to missing NeedDeps in package loader.
GOVULNCHECK_VERSION ?= v1.3.0
VULNCHECK_IGNORE ?= GO-2026-4923 GO-2026-4514 GO-2022-0470 GO-2026-4772 GO-2026-4771
.PHONY: vulncheck
vulncheck:
@PKGS="$(shell go list -mod=mod ./... | grep -v /vendor/)"; \
IGNORE_JSON=$$(printf '%s\n' $(VULNCHECK_IGNORE) | jq -R . | jq -s .); \
REMAIN=$$(go run golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION) -format json $$PKGS 2>/dev/null | \
jq -rs --argjson ignore "$$IGNORE_JSON" \
'(map(select(.osv != null)) | map({key: .osv.id, value: (.osv.summary // "")}) | from_entries) as $$sum | \
map(select(.finding != null) | .finding) | \
map(select(.osv as $$o | $$ignore | index($$o) | not)) | \
map("\(.osv)\t\(.trace[-1].module)@\(.trace[-1].version) -> \(.fixed_version)\t\($$sum[.osv] // "")") | \
unique | .[]'); \
if [ -n "$$REMAIN" ]; then \
echo "Unexpected vulnerabilities (ignored: $(VULNCHECK_IGNORE)):"; \
printf '%s\n' "$$REMAIN" | column -t -s "$$(printf '\t')"; \
exit 1; \
else \
echo "No unignored vulnerabilities found"; \
fi
.PHONY: osv-scanner
osv-scanner:
@if [ -f .osv-scanner.toml ]; then \
echo "Using .osv-scanner.toml"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --config .osv-scanner.toml --recursive .; \
elif [ -f $(ROOTDIR)/.osv-scanner.toml ]; then \
echo "Using $(ROOTDIR)/.osv-scanner.toml"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --config $(ROOTDIR)/.osv-scanner.toml --recursive .; \
else \
echo "No config found, running default scan"; \
go run -mod=mod github.com/google/osv-scanner/v2/cmd/osv-scanner --recursive .; \
fi
# gosec removed — embedded in golangci-lint (see .golangci.yml).
# Standalone gosec fatals under Go 1.26+ with the same NeedDeps issue as errcheck.
.PHONY: trivy
trivy:
trivy fs \
--db-repository ghcr.io/aquasecurity/trivy-db \
$(if $(wildcard .trivyignore),--ignorefile .trivyignore,$(if $(wildcard $(ROOTDIR)/.trivyignore),--ignorefile $(ROOTDIR)/.trivyignore,)) \
--scanners vuln,secret \
--skip-dirs vendor \
--quiet \
--no-progress \
--disable-telemetry \
--exit-code 1 .
addlicense:
go run -mod=mod github.com/google/addlicense -c "Benjamin Borbe" -y $$(date +'%Y') -l bsd $$(find . -name "*.go" -not -path './vendor/*')