Merge "Add Zuul Job to test operator's code vulnerabilities"

softwarefactory-project · Jul 15, 2024 · 4504dec · 4504dec
2 parents cc91461 + 4b5a755
commit 4504dec
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/playbooks/run-golang-vuln.yaml b/playbooks/run-golang-vuln.yaml
@@ -0,0 +1,23 @@
+---
+- hosts: "{{ hostname | default('controller') }}"
+  tasks:
+    - name: Add golang to PATH
+      ansible.builtin.copy:
+        dest: /etc/profile.d/golang-path.sh
+        content: "export PATH=$PATH:/usr/local/go/bin/"
+        mode: "0644"
+      become: true
+
+    - name: Installing golang vulnerability tool
+      ansible.builtin.command:
+        cmd: go install golang.org/x/vuln/cmd/govulncheck@latest
+      environment:
+        GOPATH: /usr/local/go/
+      become: true
+      become_flags: "-i"
+
+    - name: Running golang vulnerability test
+      ansible.builtin.command:
+        cmd: govulncheck -show verbose ./...
+        chdir: "{{ zuul.project.src_dir }}"
+      no_log: false
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
@@ -123,3 +123,20 @@
       nodes:
         - name: controller
           label: cloud-centos-9-small
+
+- job:
+    name: sf-operator-golang-env
+    parent: golang-go
+    vars:
+      go_command: "install golang.org/x/vuln/cmd/govulncheck@latest"
+      go_version: 1.22.2
+    nodeset:
+      nodes:
+        - name: controller
+          label: cloud-centos-9
+
+- job:
+    name: sf-operator-golang-vulnerability-test
+    parent: sf-operator-golang-env
+    voting: false
+    run: playbooks/run-golang-vuln.yaml
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
@@ -1,6 +1,7 @@
 - project:
     check:
       jobs:
+        - sf-operator-golang-vulnerability-test
         - sf-operator-olm
         - sf-operator-upgrade
         - sf-operator-standalone