From 0415af9be1bdce1b206e75e90aa3413bdff2d980 Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Wed, 3 Jul 2024 13:39:41 -0700 Subject: [PATCH] Add missing workflows --- .github/workflows/ci.yml | 20 ++++--- .github/workflows/codeql.yml | 60 ++++++++++---------- .github/workflows/dependabot-auto-merge.yml | 23 ++++++++ .github/workflows/fossa.yml | 30 ++++++++++ .github/workflows/scorecards.yml | 61 +++++++++++++++++++++ .yamllint.yaml | 33 ++--------- README.md | 6 +- tests/collector.yaml | 6 +- 8 files changed, 168 insertions(+), 71 deletions(-) create mode 100644 .github/workflows/dependabot-auto-merge.yml create mode 100644 .github/workflows/fossa.yml create mode 100644 .github/workflows/scorecards.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7eb7a08..31671d1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: Continuous Integration +name: CI on: push: @@ -7,6 +7,8 @@ on: tags: - "v[0-9]+.[0-9]+.[0-9]+*" pull_request: + branches: + - "**" defaults: run: @@ -73,16 +75,16 @@ jobs: name: Functional Tests runs-on: ubuntu-22.04 steps: - - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - - name: Setup Golang Environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: stable + - name: Setup Golang Environment + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version: stable - - name: Run Functional Tests - run: make functional-test + - name: Run Functional Tests + run: make functional-test release-notes: name: Release Notes diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 95d3373..4ab0ef6 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -10,33 +10,54 @@ on: schedule: - cron: "30 15 * * 0" # run every Sunday at 15:30 UTC +concurrency: + group: ${{ github.ref_name }}-codeql + cancel-in-progress: true + +permissions: + contents: read + jobs: analyze: - permissions: - security-events: write - actions: read - contents: read name: Analyze runs-on: ubuntu-22.04 + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report + packages: read # required to fetch internal or private CodeQL packs strategy: fail-fast: false matrix: - language: ["go"] - # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] - # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + include: + - language: go + build-mode: autobuild + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Setup Golang Environment + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version: stable + if: matrix.language == 'go' + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. @@ -44,27 +65,6 @@ jobs: # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality - - name: Setup Golang Environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 - with: - go-version: stable - if: matrix.language == 'go' - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..00cf5b0 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,23 @@ +name: Dependabot auto-merge +on: pull_request_target + +permissions: + contents: read + +jobs: + dependabot: + runs-on: ubuntu-22.04 + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + permissions: + pull-requests: write + contents: write + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@5e5f99653a5b510e8555840e80cbf1514ad4af38 # v2.1.0 + + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 0000000..5d919de --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,30 @@ +name: Fossa + +on: + push: + branches: + - main + paths-ignore: + - "**.md" + - "LICENSE" + +concurrency: + group: ${{ github.ref_name }}-fossa + cancel-in-progress: true + +permissions: + contents: read + +jobs: + scan: + name: Fossa + runs-on: ubuntu-22.04 + if: ${{ github.event.repository.fork == false }} + steps: + - name: Checkout Repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - name: Scan + uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # v1.3.3 + with: + api-key: ${{ secrets.FOSSA_TOKEN }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 0000000..9432d7d --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,61 @@ +name: OpenSSF Scorecards +on: + branch_protection_rule: # yamllint disable-line rule:empty-values + schedule: + - cron: "31 0 * * 5" # Run every Friday at 00:31 UTC + push: + branches: + - main + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-22.04 + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{ secrets.SCORECARD_READ_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + with: + sarif_file: results.sarif diff --git a/.yamllint.yaml b/.yamllint.yaml index 45d6293..7d0320c 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -3,43 +3,20 @@ yaml-files: - "*.yaml" - "*.yml" -ignore: - - .github/workflows/ +ignore-from-file: .gitignore + +extends: default rules: - braces: enable - brackets: enable - colons: enable - commas: enable comments: - require-starting-space: true - ignore-shebangs: true min-spaces-from-content: 1 comments-indentation: enable - document-end: disable document-start: disable - empty-lines: enable empty-values: enable - float-values: disable - hyphens: enable - indentation: - spaces: consistent - indent-sequences: consistent - check-multi-line-strings: true - key-duplicates: enable - key-ordering: disable line-length: max: 120 - allow-non-breakable-words: true - allow-non-breakable-inline-mappings: true ignore: | - .github/workflows/ .goreleaser.yml - new-line-at-end-of-file: enable - new-lines: enable - octal-values: disable - quoted-strings: disable - trailing-spaces: enable + .github/ truthy: - ignore: | - .github/workflows/ + check-keys: false diff --git a/README.md b/README.md index b4020c4..27079bf 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,11 @@ + +[![OpenSSFScorecard](https://api.securityscorecards.dev/projects/github.com/nginxinc/telemetry-exporter/badge)](https://api.securityscorecards.dev/projects/github.com/nginxinc/telemetry-exporter) +[![CI](https://github.com/nginxinc/telemetry-exporter/actions/workflows/ci.yml/badge.svg)](https://github.com/nginxinc/telemetry-exporter/actions/workflows/ci.yml) +[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Ftelemetry-exporter.svg?type=shield)](https://app.fossa.com/projects/custom%2B5618%2Fgithub.com%2Fnginxinc%2Ftelemetry-exporter?ref=badge_shield) [![Go Reference](https://pkg.go.dev/badge/github.com/nginxinc/telemetry-exporter.svg)](https://pkg.go.dev/github.com/nginxinc/telemetry-exporter) -[![Continuous Integration](https://github.com/nginxinc/telemetry-exporter/actions/workflows/ci.yml/badge.svg)](https://github.com/nginxinc/telemetry-exporter/actions/workflows/ci.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/nginxinc/telemetry-exporter)](https://goreportcard.com/report/github.com/nginxinc/telemetry-exporter) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/nginxinc/telemetry-exporter?logo=go) +[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active) # Telemetry Exporter diff --git a/tests/collector.yaml b/tests/collector.yaml index 670b41f..660d563 100644 --- a/tests/collector.yaml +++ b/tests/collector.yaml @@ -19,10 +19,10 @@ receivers: endpoint: 0.0.0.0:4317 service: extensions: - - health_check + - health_check pipelines: traces: exporters: - - debug + - debug receivers: - - otlp + - otlp