Skip to content
Snippets Groups Projects
Commit 8382f7b8 authored by Lyuben Penkovski's avatar Lyuben Penkovski
Browse files

Merge branch 'ci-vulnerability-check' into 'main' 

Add CI step for Go vulnerability check

See merge request !43
parents 42ceaec3 518265d4
No related branches found
No related tags found
1 merge request!43Add CI step for Go vulnerability check
Pipeline #53651 passed
Stage: test
Stage: build
Stage: manifest
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 15
2
View file @ 8382f7b8
...@@ -16,7 +16,7 @@ include: ...@@ -16,7 +16,7 @@ include:
- template: 'Workflows/Branch-Pipelines.gitlab-ci.yml' - template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
lint: lint:
image: golangci/golangci-lint:v1.44.2 image: golangci/golangci-lint:v1.49.0
stage: test stage: test
tags: tags:
- amd64-docker - amd64-docker
...@@ -28,13 +28,26 @@ lint: ...@@ -28,13 +28,26 @@ lint:
- cd /go/src/code.vereign.com/${CI_PROJECT_PATH} - cd /go/src/code.vereign.com/${CI_PROJECT_PATH}
unit tests: unit tests:
image: golang:1.17.7 image: golang:1.19
extends: .gotest extends: .gotest
stage: test stage: test
tags: tags:
- amd64-docker - amd64-docker
before_script: [] before_script: []
govulncheck:
image: golang:1.19
stage: test
tags:
- amd64-docker
before_script:
- ln -s /builds /go/src/code.vereign.com
- cd /go/src/code.vereign.com/${CI_PROJECT_PATH}
script:
- go version
- go install golang.org/x/vuln/cmd/govulncheck@latest
- govulncheck ./...
amd64: amd64:
extends: .docker-build extends: .docker-build
stage: build stage: build
......
.golangci.yml
+ 1
3
View file @ 8382f7b8
...@@ -12,7 +12,6 @@ linters: ...@@ -12,7 +12,6 @@ linters:
enable: enable:
- megacheck - megacheck
- govet - govet
- deadcode
- errcheck - errcheck
- goconst - goconst
- gocyclo - gocyclo
...@@ -22,10 +21,9 @@ linters: ...@@ -22,10 +21,9 @@ linters:
- ineffassign - ineffassign
- nakedret - nakedret
- staticcheck - staticcheck
- structcheck
- unconvert - unconvert
- varcheck
- vet - vet
- vetshadow - vetshadow
- misspell - misspell
- staticcheck - staticcheck
- unused
cmd/policy/main.go
+ 7
6
View file @ 8382f7b8
...@@ -166,11 +166,12 @@ func main() { ...@@ -166,11 +166,12 @@ func main() {
var handler http.Handler = mux var handler http.Handler = mux
srv := &http.Server{ srv := &http.Server{
Addr: cfg.HTTP.Host + ":" + cfg.HTTP.Port, Addr: cfg.HTTP.Host + ":" + cfg.HTTP.Port,
Handler: handler, Handler: handler,
IdleTimeout: cfg.HTTP.IdleTimeout, ReadHeaderTimeout: cfg.HTTP.ReadTimeout,
ReadTimeout: cfg.HTTP.ReadTimeout, IdleTimeout: cfg.HTTP.IdleTimeout,
WriteTimeout: cfg.HTTP.WriteTimeout, ReadTimeout: cfg.HTTP.ReadTimeout,
WriteTimeout: cfg.HTTP.WriteTimeout,
} }
g, ctx := errgroup.WithContext(context.Background()) g, ctx := errgroup.WithContext(context.Background())
...@@ -236,7 +237,7 @@ func exposeMetrics(addr string, logger *zap.Logger) { ...@@ -236,7 +237,7 @@ func exposeMetrics(addr string, logger *zap.Logger) {
promMux := http.NewServeMux() promMux := http.NewServeMux()
promMux.Handle("/metrics", promhttp.Handler()) promMux.Handle("/metrics", promhttp.Handler())
logger.Info(fmt.Sprintf("exposing prometheus metrics at %s/metrics", addr)) logger.Info(fmt.Sprintf("exposing prometheus metrics at %s/metrics", addr))
if err := http.ListenAndServe(addr, promMux); err != nil { if err := http.ListenAndServe(addr, promMux); err != nil { //nolint:gosec
logger.Error("error exposing prometheus metrics", zap.Error(err)) logger.Error("error exposing prometheus metrics", zap.Error(err))
} }
} }
deployment/ci/Dockerfile
+ 1
1
View file @ 8382f7b8
FROM golang:1.17.8-alpine3.15 as builder FROM golang:1.19-alpine3.15 as builder
ENV GOPRIVATE=code.vereign.com ENV GOPRIVATE=code.vereign.com
......
deployment/compose/Dockerfile
+ 1
1
View file @ 8382f7b8
FROM golang:1.17.8 FROM golang:1.19
ENV GO111MODULE=on ENV GO111MODULE=on
ENV GOPRIVATE=code.vereign.com ENV GOPRIVATE=code.vereign.com
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment