Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add support for go vulncheck #2744

Closed
wants to merge 8 commits into from
Closed

ci: add support for go vulncheck #2744

wants to merge 8 commits into from

Conversation

rach-id
Copy link
Member

@rach-id rach-id commented Oct 20, 2023

Overview

Checklist

  • New and updated code has appropriate documentation
  • New and updated code has new and/or updated testing
  • Required CI checks are passing
  • Visual proof for any user facing features like CLI or documentation updates
  • Linked issues closed with keywords

@rach-id rach-id added the CI item that directly relates to or modify the CI label Oct 20, 2023
@rach-id rach-id self-assigned this Oct 20, 2023
@rach-id rach-id marked this pull request as draft October 20, 2023 22:30
@celestia-bot celestia-bot requested a review from a team October 20, 2023 22:30
@codecov-commenter
Copy link

codecov-commenter commented Oct 21, 2023
edited
Loading

Codecov Report

Merging #2744 (83f26ff) into main (03beaef) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2744   +/-   ##
=======================================
  Coverage   19.62%   19.62%           
=======================================
  Files         139      139           
  Lines       16999    16999           
=======================================
  Hits         3336     3336           
  Misses      13341    13341           
  Partials      322      322

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

rootulp
rootulp reviewed Oct 21, 2023
View reviewed changes
.github/workflows/static-analysis.yml
@@ -69,3 +71,26 @@ jobs:
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"

govulnech:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[typo]

Suggested change
govulnech:
govulncheck:

.github/workflows/static-analysis.yml
@@ -9,9 +9,11 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[optional] if we repurpose this file, IMO we can remove the comment boilerplate from the top of the file.

Alternatively: we keep the boilerplate and move govulncheck to a new file.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, good idea 👍

Originally, I opened this PR to test vulncheck and see what the results it will give and if it's worth it to add it next to codeQL

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I expect go vulncheck will become a best practice for repos so I think we should add it.

This was referenced Dec 28, 2023
Closed
Merged
rootulp added a commit that referenced this pull request Jan 2, 2024
@rootulp
ci: enable govulncheck (#2969)
5400fea 
Closes #2968
Supersedes #2744 

## Description
- CI workflow is inspired by
https://github.com/celestiaorg/celestia-core/blob/main/.github/workflows/govulncheck.yml
- Bumped to Go 1.21.5 to resolve some vulnerabilities identified by
govulncheck
@rootulp
Copy link
Collaborator

rootulp commented Jan 3, 2024

Can close b/c #2969 merged

@rootulp rootulp closed this Jan 3, 2024
rootulp pushed a commit to rootulp/celestia-app that referenced this pull request Jan 11, 2024
@fahimahmedx @rootulp
add initial tests for governance modifiable params
182b05c 
add auth, blob, blobstream, and consensus governance param tests

add governance params tests for distribution

add tests for modifying gov params

add tests for modifying ibc params

add tests for modifying slashing params

add tests for modifying staking params

ci: remove version_bump job (celestiaorg#2962)

Closes celestiaorg#2884

- Remove the version_bump and branch_name jobs
- Extract the goreleaser jobs to a new file

Can still create a release. See
https://github.com/rootulp/celestia-app/actions/runs/7324051789/job/19947265102

docs: add column for governance modifiable params in resource_pricing (celestiaorg#2974)

Addresses celestiaorg#2966 by using the governance modifiable params tests in PR
All four of the params are modifiable by governance, which matches the
specs in
[params.md](https://github.com/celestiaorg/celestia-app/blob/main/specs/src/specs/params.md).

- [x] New and updated code has appropriate documentation
- [x] New and updated code has new and/or updated testing
- [x] Required CI checks are passing
- [x] Visual proof for any user facing features like CLI or
documentation updates
- [ ] Linked issues closed with keywords

chore: remove unnecessary conversions (celestiaorg#2975)

Use linter to detect unnecessary type conversions
https://github.com/mdempsky/unconvert

ci: enable govulncheck (celestiaorg#2969)

Closes celestiaorg#2968
Supersedes celestiaorg#2744

- CI workflow is inspired by
https://github.com/celestiaorg/celestia-core/blob/main/.github/workflows/govulncheck.yml
- Bumped to Go 1.21.5 to resolve some vulnerabilities identified by
govulncheck

improve naming of governance params test suite

fix govHandler and remove test for an unmodifiable param.

remove unneeded minter setup
0xchainlover pushed a commit to celestia-org/celestia-app that referenced this pull request Aug 1, 2024
@rootulp
ci: enable govulncheck (#2969)
f297f6e 
Closes celestiaorg/celestia-app#2968
Supersedes celestiaorg/celestia-app#2744 

## Description
- CI workflow is inspired by
https://github.com/celestiaorg/celestia-core/blob/main/.github/workflows/govulncheck.yml
- Bumped to Go 1.21.5 to resolve some vulnerabilities identified by
govulncheck
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rootulp rootulp rootulp left review comments

@evan-forbes evan-forbes Awaiting requested review from evan-forbes

@cmwaters cmwaters Awaiting requested review from cmwaters

Assignees

@rach-id rach-id

Labels
CI item that directly relates to or modify the CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rach-id @codecov-commenter @rootulp