diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 51afde8c1..63e057028 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -4,36 +4,59 @@ on: pull_request: jobs: - golang_lint: + golang_lint_ops: name: Golang Lint runs-on: ubuntu-latest steps: - name: Checkout sources - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - - uses: smartcontractkit/tool-versions-to-env-action@v1.0.8 - id: tool-versions - - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Install Nix + uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20 with: - go-version-file: "go.mod" - check-latest: true + nix_path: nixpkgs=channel:nixos-unstable - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + run: nix develop -c make lint-go-ops + - name: Store lint report artifact + if: always() + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: v${{ steps.tool-versions.outputs.golangci-lint_version }} + name: golangci-lint-ops-report + path: ./ops/golangci-lint-ops-report.xml - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. - args: --enable=gofmt --tests=false --exclude-use-default --timeout=5m0s - - # Optional: show only new issues if it's a pull request. The default value is `false`. - only-new-issues: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true + golang_lint_integration_tests: + name: Golang Lint Integration Tests + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Install Nix + uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20 + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: golangci-lint + run: nix develop -c make lint-go-integration-tests + - name: Store lint report artifact + if: always() + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: golangci-lint-integration-tests-report + path: ./integration-tests/golangci-lint-integration-tests-report.xml - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true + golang_lint_relay: + name: Golang Lint Relay tests + runs-on: ubuntu-latest + steps: + - name: Checkout sources + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Install Nix + uses: cachix/install-nix-action@29bd9290ef037a3ecbdafe83cbd2185e9dd0fa0a # v20 + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: golangci-lint + run: nix develop -c make lint-go-relay + - name: Store lint report artifact + if: always() + uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + with: + name: golangci-lint-relay-report + path: ./pkg/golangci-lint-relay-report.xml \ No newline at end of file diff --git a/.github/workflows/relay.yml b/.github/workflows/relay.yml index aab772234..92bb3c762 100644 --- a/.github/workflows/relay.yml +++ b/.github/workflows/relay.yml @@ -25,6 +25,14 @@ jobs: - name: Build run: go build -v ./pkg/... - name: Test - run: go test ./pkg/... -v -tags integration + run: go test ./pkg/... -v -tags integration -covermode=atomic -coverpkg=./... -coverprofile=integration_coverage.txt - name: Test with the race detector enabled - run: go test ./pkg/... -v -race -count=10 -timeout=15m + run: go test ./pkg/... -v -race -count=10 -timeout=15m -covermode=atomic -coverpkg=./... -coverprofile=race_coverage.txt + - name: Upload Go test results + if: always() + uses: actions/upload-artifact@v3 + with: + name: go-relay-test-results + path: | + ./race_coverage.txt + ./integration_coverage.txt \ No newline at end of file diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml new file mode 100644 index 000000000..5d6dcd0c1 --- /dev/null +++ b/.github/workflows/sonar-scan.yml @@ -0,0 +1,112 @@ +name: Static analysis + +on: + push: + branches: + - develop + pull_request: + +jobs: + wait_for_workflows: + name: Wait for workflows + runs-on: ubuntu-latest + if: always() + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }} + + - name: Wait for Workflows + id: wait + uses: smartcontractkit/chainlink-github-actions/utils/wait-for-workflows@main + with: + max-timeout: "1200" + polling-interval: "30" + exclude-workflow-names: "Lint GH Workflows,e2e_tests_custom_cl" + exclude-workflow-ids: "" + github-token: ${{ secrets.GITHUB_TOKEN }} + env: + DEBUG: "true" + tools: + name: Get tool-versions + runs-on: ubuntu-latest + steps: + - name: Check out Code + uses: actions/checkout@v3 + - name: Parse tool-versions file + uses: smartcontractkit/tool-versions-to-env-action@v1.0.8 + id: tool-versions + outputs: + go-version: ${{ steps.tool-versions.outputs.golang_version }} + golangci-lint-version: ${{ steps.tool-versions.outputs.golangci-lint_version }} + + sonarqube: + name: SonarQube Scan + needs: [wait_for_workflows] + runs-on: ubuntu-latest + if: ${{ always() }} + steps: + - name: Fetch blame information + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + fetch-depth: 0 # fetches all history for all tags and branches to provide more metadata for sonar reports + + - name: Download Golangci ops reports + uses: dawidd6/action-download-artifact@v2.27.0 + with: + workflow: golangci-lint.yml + workflow_conclusion: "" + name_is_regexp: true + name: golangci-lint-ops-report + if_no_artifact_found: warn + + - name: Download Golangci integration tests reports + uses: dawidd6/action-download-artifact@v2.27.0 + with: + workflow: golangci-lint.yml + workflow_conclusion: "" + name_is_regexp: true + name: golangci-lint-integration-tests-report + if_no_artifact_found: warn + + - name: Download Golangci relay reports + uses: dawidd6/action-download-artifact@v2.27.0 + with: + workflow: golangci-lint.yml + workflow_conclusion: "" + name_is_regexp: true + name: golangci-lint-relay-report + if_no_artifact_found: warn + + - name: Download Relayer unit tests report + uses: dawidd6/action-download-artifact@v2.27.0 + with: + workflow: relay.yml + workflow_conclusion: "" + name_is_regexp: true + name: go-relay-test-results + if_no_artifact_found: warn + + - name: Set SonarQube Report Paths + id: sonarqube_report_paths + shell: bash + run: | + { + echo "sonarqube_tests_report_paths=$(find . -type f -name output.txt | paste -sd "," -)" + echo "sonarqube_coverage_report_paths=$(find . -type f -name '*coverage.txt' | paste -sd "," -)" + echo "sonarqube_golangci_report_paths=$(find . -type f -name 'golangci-*-report.xml' -printf "%p,")" + } >> "$GITHUB_OUTPUT" + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@a6ba0aafc293e03de5437af7edbc97f7d3ebc91a # v1.2.0 + with: + args: > + -Dsonar.go.tests.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_tests_report_paths }} + -Dsonar.go.coverage.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_coverage_report_paths }} + -Dsonar.go.golangci-lint.reportPaths=${{ steps.sonarqube_report_paths.outputs.sonarqube_golangci_report_paths }} + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + + \ No newline at end of file diff --git a/.gitignore b/.gitignore index 5354b62c1..eabeb68e7 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,9 @@ tests/e2e/smoke/contracts-chaos-state.json tmp-manifest-* tests-smoke-report.xml .env.test* + +# Test & linter reports +*report.xml +*report.json +*.out +*coverage* diff --git a/.tool-versions b/.tool-versions index 685beb4c5..1de53f440 100644 --- a/.tool-versions +++ b/.tool-versions @@ -2,7 +2,7 @@ nodejs 16.13.2 yarn 1.22.19 rust 1.59.0 golang 1.20.1 -golangci-lint 1.51.1 +golangci-lint 1.52.1 pulumi 3.40.1 ginkgo 2.5.1 actionlint 1.6.22 diff --git a/Makefile b/Makefile index 7ca729aa9..998e59554 100644 --- a/Makefile +++ b/Makefile @@ -92,3 +92,15 @@ gomodtidy: go mod tidy cd ./integration-tests && go mod tidy cd ./ops && go mod tidy + +.PHONY: lint-go-ops +lint-go-ops: + cd ./ops && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-ops-report.xml run || true + +.PHONY: lint-go-integration-tests +lint-go-integration-tests: + cd ./integration-tests && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-integration-tests-report.xml run || true + +.PHONY: lint-go-relay +lint-go-relay: + cd ./pkg && golangci-lint --color=always --exclude=dot-imports --timeout 10m --out-format checkstyle:golangci-lint-relay-report.xml run || true \ No newline at end of file diff --git a/flake.lock b/flake.lock index 0e0ff110b..5aacf0d5e 100644 --- a/flake.lock +++ b/flake.lock @@ -1,12 +1,15 @@ { "nodes": { "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", "type": "github" }, "original": { @@ -16,12 +19,15 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -32,11 +38,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1664871473, - "narHash": "sha256-1LzbW6G6Uz8akWiOdlIi435GAm1ct5jF5tovw/9to0o=", + "lastModified": 1694183432, + "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b7a6fde153d9470afdb6aa1da51c4117f03b84ed", + "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b", "type": "github" }, "original": { @@ -48,11 +54,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1659102345, - "narHash": "sha256-Vbzlz254EMZvn28BhpN8JOi5EuKqnHZ3ujFYgFcSGvk=", + "lastModified": 1681358109, + "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "11b60e4f80d87794a2a4a8a256391b37c59a1ea7", + "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", "type": "github" }, "original": { @@ -75,11 +81,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1665024572, - "narHash": "sha256-b6Tnu74VzdMaJgKHM9iJ6fVf9svzYI+ktfzMGoDt/Og=", + "lastModified": 1694398298, + "narHash": "sha256-Hi904+2V5DJhFdEy9DcARSRrGJOlYSILHUC6CgTtuZU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "fb4d8ee5220b76d1ffb4b4e1fedcf3cbc93ead1a", + "rev": "6c520f2e31f4bebeb29cc4563543de7187013575", "type": "github" }, "original": { @@ -87,6 +93,36 @@ "repo": "rust-overlay", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index fe56fb1ca..339966756 100644 --- a/flake.nix +++ b/flake.nix @@ -5,24 +5,13 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; rust-overlay.url = "github:oxalica/rust-overlay"; - # saber-overlay.url = "github:saber-hq/saber-overlay"; - # saber-overlay.inputs.rust-overlay.follows = "rust-overlay"; - # naersk.url = "github:nmattia/naersk"; }; outputs = inputs@{ self, nixpkgs, rust-overlay, flake-utils, ... }: flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; overlays = [ rust-overlay.overlays.default ]; }; - # naerskLib = pkgs.callPackage naersk { - # inherit (pkgs.rust-bin.nightly.latest) rustc cargo; - # }; in rec { - # packages.program = naerskLib.buildPackage { - # pname = "program"; - # root = ./.; - # }; - # defaultPackage = packages.program; devShell = pkgs.callPackage ./shell.nix {}; }); } diff --git a/shell.nix b/shell.nix index 392180622..83369d06f 100644 --- a/shell.nix +++ b/shell.nix @@ -7,7 +7,6 @@ pkgs.mkShell { llvm_11 stdenv.cc.cc.lib pkg-config - udev openssl # Solana @@ -26,15 +25,20 @@ pkgs.mkShell { # NodeJS + TS nodePackages.typescript nodePackages.typescript-language-server + nodePackages.npm # Keep this nodejs version in sync with the version in .tool-versions please - nodejs-16_x - (yarn.override { nodejs = nodejs-16_x; }) + nodejs-18_x + (yarn.override { nodejs = nodejs-18_x; }) python3 - ]; + ] ++ lib.optionals stdenv.isLinux [ + # ledger specific packages + libudev-zero + libusb1 + ]; RUST_BACKTRACE = "1"; - # https://github.com/rust-lang/rust/issues/55979 - LD_LIBRARY_PATH = lib.makeLibraryPath (with pkgs; [ stdenv.cc.cc.lib ]); - GOROOT="${pkgs.go_1_20}/share/go"; + + LD_LIBRARY_PATH = lib.makeLibraryPath [pkgs.zlib stdenv.cc.cc.lib]; # lib64 + # Avoids issues with delve CGO_CPPFLAGS="-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0"; diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 000000000..7f64da7db --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,13 @@ +# required (may be found under "Project Information" in SonarQube) +sonar.projectKey=smartcontractkit_chainlink-solana +sonar.sources=. + +# Full exclusions from the static analysis +sonar.exclusions=**/node_modules/**/*, **/contracts/artifacts/**/*, **/generated/**/*, **/docs/**/*, **/*.config.ts, **/*.config.js, **/*.txt +# Coverage exclusions +sonar.coverage.exclusions=**/*.test.ts, **/*_test.go, **/contracts/tests/**/*, **/integration-tests/**/* + +# Tests' root folder, inclusions (tests to check and count) and exclusions +sonar.tests=. +sonar.test.inclusions=**/*_test.go, **/contracts/tests/**/* +sonar.test.exclusions=**/integration-tests/*, **/gauntlet/* \ No newline at end of file