Skip to content

Commit

Permalink
build: add gosec linter checks to project ci pipeline
Browse files Browse the repository at this point in the history 
Signed-off-by: Niki Dokovski <nickytd@gmail.com>
  • Loading branch information
@nickytd
nickytd committed Nov 5, 2024
1 parent 4366382 commit a2fb3d5
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 9 deletions.
24 changes: 20 additions & 4 deletions .ci/pipeline_definitions
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
oidc-apps-controller:
base_definition:
repo:
source_labels:
- name: cloud.gardener.cnudie/dso/scanning-hints/source_analysis/v1
value:
policy: skip
comment: |
We use gosec for sast scanning, see attached log.
steps:
verify:
image: 'golang:1.23.2'
traits:
version:
preprocess: "inject-commit-hash"
Expand All @@ -15,10 +25,6 @@ oidc-apps-controller:
image: europe-docker.pkg.dev/gardener-project/snapshots/gardener/extensions/oidc-apps-controller
dockerfile: "Dockerfile"
resource_labels:
- name: "cloud.gardener.cnudie/responsibles"
value:
- type: "githubUser"
username: "nickytd"
- name: "gardener.cloud/cve-categorisation"
value:
network_exposure: "protected"
Expand Down Expand Up @@ -53,6 +59,16 @@ oidc-apps-controller:
nextversion: "bump_minor"
next_version_callback: ".ci/prepare_release"
release_callback: ".ci/prepare_release"
assets:
- type: build-step-log
step_name: verify
purposes:
- lint
- sast
- gosec
comment: |
We use gosec (linter) for SAST scans, see: https://github.com/securego/gosec.
Enabled by https://github.com/gardener/oidc-apps-controller/pull/77
slack:
default_channel: "internal_scp_workspace"
channel_cfgs:
Expand Down
5 changes: 0 additions & 5 deletions .ci/verify
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,4 @@ cd "$(dirname $0)/.."
git config --global user.email "gardener@sap.com"
git config --global user.name "Gardener CI/CD"

# Required due to https://github.com/kubernetes/kubernetes/issues/86753 - can be removed once the issue is fixed.
mkdir -p /go/src/github.com/gardener/oidc-apps-controller
cp -r . /go/src/github.com/gardener/oidc-apps-controller
cd /go/src/github.com/gardener/oidc-apps-controller

make verify
2 changes: 2 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ check: format $(GO_LINT)
format:
@gofmt -l -w $(REPO_ROOT)/cmd $(REPO_ROOT)/pkg $(REPO_ROOT)/test

verify: check test sast

generate-controller-registration:
@go generate $(REPO_ROOT)/charts/...

Expand Down

0 comments on commit a2fb3d5

Please sign in to comment.