From 4b5a755277c3fb217be5105ef67b48ce123c21cd Mon Sep 17 00:00:00 2001
From: fserucas <fserucas@redhat.com>
Date: Mon, 8 Jul 2024 17:06:24 +0100
Subject: [PATCH] Add Zuul Job to test operator's code vulnerabilities

Change-Id: I3c5e780d583d641162562cc5cfb5feb91e59e13b
---
 playbooks/run-golang-vuln.yaml | 23 +++++++++++++++++++++++
 zuul.d/jobs.yaml               | 17 +++++++++++++++++
 zuul.d/project.yaml            |  1 +
 3 files changed, 41 insertions(+)
 create mode 100644 playbooks/run-golang-vuln.yaml

diff --git a/playbooks/run-golang-vuln.yaml b/playbooks/run-golang-vuln.yaml
new file mode 100644
index 00000000..2ac06694
--- /dev/null
+++ b/playbooks/run-golang-vuln.yaml
@@ -0,0 +1,23 @@
+---
+- hosts: "{{ hostname | default('controller') }}"
+  tasks:
+    - name: Add golang to PATH
+      ansible.builtin.copy:
+        dest: /etc/profile.d/golang-path.sh
+        content: "export PATH=$PATH:/usr/local/go/bin/"
+        mode: "0644"
+      become: true
+
+    - name: Installing golang vulnerability tool
+      ansible.builtin.command:
+        cmd: go install golang.org/x/vuln/cmd/govulncheck@latest
+      environment:
+        GOPATH: /usr/local/go/
+      become: true
+      become_flags: "-i"
+
+    - name: Running golang vulnerability test
+      ansible.builtin.command:
+        cmd: govulncheck -show verbose ./...
+        chdir: "{{ zuul.project.src_dir }}"
+      no_log: false
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 93c93e9e..6d68af96 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -123,3 +123,20 @@
       nodes:
         - name: controller
           label: cloud-centos-9-small
+
+- job:
+    name: sf-operator-golang-env
+    parent: golang-go
+    vars:
+      go_command: "install golang.org/x/vuln/cmd/govulncheck@latest"
+      go_version: 1.22.2
+    nodeset:
+      nodes:
+        - name: controller
+          label: cloud-centos-9
+
+- job:
+    name: sf-operator-golang-vulnerability-test
+    parent: sf-operator-golang-env
+    voting: false
+    run: playbooks/run-golang-vuln.yaml
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 48237e9c..c1fd6cb4 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -1,6 +1,7 @@
 - project:
     check:
       jobs:
+        - sf-operator-golang-vulnerability-test
         - sf-operator-olm
         - sf-operator-upgrade
         - sf-operator-standalone