Merge branch 'main-gb' into add-upstream-changes

greenbone · Jul 16, 2024 · 3138d03 · 3138d03
2 parents 1e531de + 948b457
commit 3138d03
Show file tree

Hide file tree

Showing 41 changed files with 629 additions and 279 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,6 @@
+# default reviewers
+*                   @greenbone/vulnerability-intelligence-maintainers
+
+# github actions & settings
+/.github/           @greenbone/devops @greenbone/vulnerability-intelligence-maintainers
+
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,23 @@
+version: 2
+updates:
+  - package-ecosystem: gomod
+    directory: "/"
+    schedule:
+      interval: weekly
+      time: "04:00"
+    groups:
+      go-modules:
+        patterns:
+          - "*"
+    allow:
+    - dependency-type: direct
+    - dependency-type: indirect
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,43 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '30 5 * * 0' # 5:30h on Sundays
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: './go.mod'
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
@@ -0,0 +1,16 @@
+name: Conventional Commits
+
+on:
+  pull_request:
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  conventional-commits:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - name: Report Conventional Commits
+        uses: greenbone/actions/conventional-commits@v3
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -0,0 +1,12 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Dependency Review'
+        uses: greenbone/actions/dependency-review@v3
diff --git a/.github/workflows/generate-markdown.yml b/.github/workflows/generate-markdown.yml
@@ -13,8 +13,8 @@ jobs:
   auto-update-readme:
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v2
+        - uses: actions/checkout@v4
         - name: Markdown autodocs
-          uses: dineshsonachalam/[email protected].4
+          uses: dineshsonachalam/[email protected].7
           with:
             output_file_paths: '[./README.md, ./docs/*.md]'
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -2,11 +2,10 @@ name: Go
 
 on:
   push:
-    paths:
-      - "**.go"
+    branches:
+      - main
   pull_request:
-    paths:
-      - "**.go"
+  workflow_dispatch:
 
 jobs:
   build:
@@ -15,26 +14,12 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: 'stable'
 
       - name: Build
         run: go build -v ./cmd/...
 
-      - name: vet
-        run: go vet ./...
-
-      - name: gofmt
-        uses: Jerome1337/[email protected]
-        with:
-          gofmt-flags: "-l -d"
-
-      - name: golint
-        uses: Jerome1337/[email protected]
-
-      - name: Revive Action
-        uses: morphy2k/[email protected]
-
       - name: Tests
         run: go test -v ./...
diff --git a/.github/workflows/go_legacy.yml b/.github/workflows/go_legacy.yml
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
@@ -0,0 +1,19 @@
+name: govulncheck
+
+# check for vulnerabilities using `govulncheck`, compared to dependabot it only alerts if the affected code is actually called
+
+on:
+  pull_request: # make sure there is no vulnerability added with a new feature
+  schedule: # check if used code of existing dependencies is vulnerable
+    - cron: '37 4 * * *' # daily 4:37h
+  workflow_dispatch: # on demand
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: ./go.mod
diff --git a/.github/workflows/itest.yml b/.github/workflows/itest.yml
@@ -7,17 +7,17 @@ jobs:
     steps:
 
       - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
         with:
           go-version: 1.21.0
 
       - name: Set up Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 16
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Execute the scripts
         run: |
@@ -36,7 +36,7 @@ jobs:
         shell: bash
 
       - name: Upload test results
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
             name: checker-results
             path: |

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -0,0 +1,16 @@
+name: Lint
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+      - uses: golangci/golangci-lint-action@v6
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,28 +1,27 @@
-name: Publish Go binaries to github release
+name: Release
+# with pontos
 
 on:
-  release:
-    types: [created]
+  pull_request:
+    types: [closed]
+  workflow_dispatch:
+    inputs:
+      release-type:
+        type: choice
+        description: What kind of release do you want to do (pontos --release-type argument)?
+        options:
+          - patch
+          - minor
+          - major
+      release-version:
+        type: string
+        description: Set an explicit version, that will overwrite release-type. Fails if version is not compliant.
 
 jobs:
-  releases-matrix:
-    name: Release Go binaries
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set up Go
-        uses: actions/setup-go@v3
-        with:
-            go-version: '^1.21.0'
-
-      - name: Build
-        run: make dist
-
-      - name: Upload release assets
-        uses: softprops/action-gh-release@v1
-        with:
-            files: |
-                dist/csaf_distribution-*.zip
-                dist/csaf_distribution-*.tar.gz
+  release:
+    name: csaf_distribution
+    uses: greenbone/workflows/.github/workflows/release-generic.yml@main
+    with:
+      release-type: ${{ inputs.release-type }}
+      release-version: ${{ inputs.release-version }}
+    secrets: inherit
diff --git a/cmd/csaf_aggregator/config.go b/cmd/csaf_aggregator/config.go
@@ -23,8 +23,8 @@ import (
 	"github.com/csaf-poc/csaf_distribution/v3/csaf"
 	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
 	"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/models"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/options"
 	"github.com/csaf-poc/csaf_distribution/v3/util"
 	"golang.org/x/time/rate"
 )

diff --git a/cmd/csaf_aggregator/main.go b/cmd/csaf_aggregator/main.go
@@ -15,8 +15,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
-
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/options"
 	"github.com/gofrs/flock"
 )
 

diff --git a/cmd/csaf_checker/config.go b/cmd/csaf_checker/config.go
@@ -15,8 +15,8 @@ import (
 
 	"github.com/csaf-poc/csaf_distribution/v3/internal/certs"
 	"github.com/csaf-poc/csaf_distribution/v3/internal/filter"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/models"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/options"
 )
 
 type outputFormat string

diff --git a/cmd/csaf_checker/main.go b/cmd/csaf_checker/main.go
@@ -12,7 +12,7 @@ package main
 import (
 	"log"
 
-	"github.com/csaf-poc/csaf_distribution/v3/internal/options"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/options"
 )
 
 // run uses a processor to check all the given domains or direct urls

diff --git a/cmd/csaf_checker/report.go b/cmd/csaf_checker/report.go
@@ -19,7 +19,7 @@ import (
 	"time"
 
 	"github.com/csaf-poc/csaf_distribution/v3/csaf"
-	"github.com/csaf-poc/csaf_distribution/v3/internal/models"
+	"github.com/csaf-poc/csaf_distribution/v3/pkg/models"
 )
 
 // MessageType is the kind of the message.