Merge pull request 'restructuring logic and adding more inputs' (#2 ) from cleanup into main

Reviewed-on: #2
readme update
2026-04-03 20:09:12 +00:00 · 2026-04-03 16:08:26 -04:00 · 2026-04-03 16:07:28 -04:00 · 2026-04-03 15:58:02 -04:00 · 2026-04-03 15:54:51 -04:00 · 2026-04-03 15:52:18 -04:00
5 changed files with 158 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
 # donotpassgo
+donotpassgo is a github/gitea action to run unit tests and standards/security checks for Go applications. donotpassgo supports running unit tests using the standard go library as well as support for Ginkgo. Static code analysis is ran using gosec and dependencies are scanned using govulncheck

-action to run general go code scans, includes dependency scan with govulncheck and static code analysis from gosec
+## Inputs
+|Input|Required|Values|Default|Description|
+|-----|-----|-----|-----|-----|
+|test-library|false|standard,ginkgo,none|none|unit testing library to use, tests are skipped if set to 'none'|
+|test-version|false|any ginkgo version|latest|the version of the testing library to use (only ginkgo supported atm, value is ignored if using standard lib testing)|
+|test-fail|false|yes,no|yes|does the job fail if unit tests fail|
+|static|false|yes,no|yes|do static code checks run|
+|static-fail|false|yes,no|yes|does the job fail if static code checks fail|
+|vulnerability|false|yes,no|yes|do dependencies get scanned for vulnerabilities|
+|vulnerability-fail|false|yes,no|yes|does the job fail if vulnerabilities are found|
--- a/action.yaml
+++ b/action.yaml
@@ -1,16 +1,57 @@
 name: "donotpassgo"
-description: "general go code checks"
+description: "go security checks and unit tests"
+inputs:
+  test-library: #TEST_LIBRARY
+    description: "if set, tests are run with the specific library (standard|ginkgo)"
+    required: false
+    default: "none"
+  test-version: #TEST_VERSION
+    description: "the test library version, if the library is none or standard this value is ignored"
+    required: false
+    default: "latest"
+  test-fail: #TEST_FAIL
+    description: "override switch to prevent jobs from failing when unit tests do"
+    required: false
+    default: "yes"
+  static: #STATIC_FLAG
+    description: "if set, static code checks are ran with gosec (yes|no)"
+    required: false
+    default: "yes"
+  static-fail: #STATIC_FAIL
+    description: "override switch to prevent jobs from failing when static code analysis does"
+    required: false
+    default: "yes"
+  vulnerability: #VULN_CHECK
+    description: "if set, dependencies are scanned with govulncheck (yes|no)"
+    required: false
+    default: "yes"
+  vulnerability-fail: #VULN_FAIL
+    description: "override switch to prevent jobs from failing when vulnerability scan does"
+    required: false
+    default: "yes"
+  
 runs:
  using: "composite"
  steps:
-    - name: "install go packages"
-      run: |
-        go install golang.org/x/vuln/cmd/govulncheck@latest
-      
-    - name: "dependency scan"
-      run: govulncheck ./...
+    - name: "install dependencies"
+      shell: bash
+      run:  ${{ github.action_path }}/src/install.sh
+      env:
+        TEST_LIBRARY: ${{ inputs.test-library }}
+        TEST_VERSION: ${{ inputs.test-version }}

-    - name: "static code analysis"
-      uses: securego/gosec@master
-      with:
-        args: ./...
+    - name: "run unit tests"
+      shell: bash
+      run:  ${{ github.action_path }}/src/test.sh
+      env:
+        TEST_LIBRARY: ${{ inputs.test-library }}
+        TEST_FAIL: ${{ inputs.test-fail }}
+
+    - name: "run security checks"
+      shell: bash
+      run:  ${{ github.action_path }}/src/security.sh
+      env:
+        STATIC_FLAG: ${{ inputs.static }}
+        STATIC_FAIL: ${{ inputs.static-fail }}
+        VULN_CHECK: ${{ inputs.vulnerability }}
+        VULN_FAIL: ${{ inputs.vulnerability-fail }}
--- a/src/install.sh
+++ b/src/install.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eo pipefail
+
+version=$(go version);
+if [[ ! -n "$version" ]]; then
+    echo "[FATAL] golang is not installed";
+    exit 1;
+fi
+
+go install golang.org/x/vuln/cmd/govulncheck@latest
+go install github.com/securego/gosec/v2/cmd/gosec@latest
+
+if [[ "$TEST_LIBRARY" == "ginkgo" ]]; then
+    go install github.com/onsi/ginkgo/v2/ginkgo@$TEST_VERSION
+fi
--- a/src/security.sh
+++ b/src/security.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -eo pipefail
+
+if [[ "$STATIC_FLAG" == "no" && "$VULN_CHECK" == "no" ]]; then
+    echo "[INFO] no security flags set, skipping!";
+    exit 0;
+fi
+
+toolchain=$(go mod edit -json go.mod | jq -r ".Toolchain // empty");
+version=$(go env -json | jq -r ".GOVERSION // empty");
+
+if [[ -n "$toolchain" ]]; then
+    echo "[DEBUG] overwriting version with toolchain";
+    version=$toolchain;
+fi
+
+if [[ "$STATIC_FLAG" == "yes" ]]; then
+    if GOTOOLCHAIN=$version gosec ./...; then
+        echo "[INFO] gosec passed!";
+    else
+        if [[ "$STATIC_FAIL" == "yes" ]]; then
+            echo "[FATAL] gosec failed!";
+            exit 1;
+        else
+            echo "[INFO] gosec failed!";
+        fi
+    fi
+fi
+
+if [ "$VULN_CHECK" == "yes" ]; then
+    if GOTOOLCHAIN=$version govulncheck ./...; then
+        echo "[INFO] govulncheck passed!";
+    else
+        if [ "$VULN_FAIL" == "yes" ]; then
+            echo "[FATAL] govulncheck failed!"
+            exit 1;
+        else
+            echo "[INFO] govulncheck failed!"
+        fi
+    fi
+fi
--- a/src/test.sh
+++ b/src/test.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -eo pipefail
+
+if [[ "$TEST_LIBRARY" == "none" ]]; then
+    echo "[INFO] test-library input not set, skipping unit tests.";
+    exit 0;
+fi
+
+echo "[INFO] running unit tests";
+if [[ "$TEST_LIBRARY" == "standard" ]]; then
+    if go test ./...; then
+        echo "[INFO] unit tests passed!";
+        exit 0;
+    else
+        if [[ "$TEST_FAIL" == "yes" ]]; then
+            echo "[FATAL] unit tests failed!";
+            exit 1;
+        else
+            echo "[INFO] unit tests failed!";
+        fi
+    fi
+fi
+
+if [[ "$TEST_LIBRARY" == "ginkgo" ]]; then
+    if ginkgo ./...; then
+        echo "[INFO] unit tests passed!";
+        exit 0;
+    else
+        if [[ "$TEST_FAIL" == "yes" ]]; then
+            echo "[FATAL] unit tests failed!";
+            exit 1;
+        else
+            echo "[INFO] unit tests failed!";
+        fi
+    fi
+fi
Author	SHA1	Message	Date
jake	f4c5242cec	Merge pull request 'restructuring logic and adding more inputs' (#2 ) from cleanup into main Reviewed-on: #2	2026-04-03 20:09:12 +00:00
jake	7ee2fdee0e	readme update	2026-04-03 16:08:26 -04:00
jake	5d04db9a89	readme update	2026-04-03 16:07:28 -04:00
jake	46528033ed	remove debug lines	2026-04-03 15:58:02 -04:00
jake	407582719c	forgot jq empty	2026-04-03 15:54:51 -04:00
jake	2887531b19	improving bash - i shouldve read thru it	2026-04-03 15:52:18 -04:00
jake	7c5206e9da	bash syntax fixes	2026-04-03 15:41:13 -04:00
jake	d54c42045a	fixing mod commands and jq outputs	2026-04-03 15:33:31 -04:00
jake	1aff578a13	bugfixes	2026-04-03 15:28:01 -04:00
jake	e38f00fe69	file permission fix	2026-04-03 15:16:01 -04:00
jake	f83527aa2d	ready to test	2026-04-03 15:11:33 -04:00
jake	f8222f2953	adding todo and saving spot, its late	2026-04-03 00:27:33 -04:00
jake	4a98d66b24	restructure and adding functionality	2026-04-03 00:22:36 -04:00
jake	d26348d065	new/unit-tests (#1 ) Reviewed-on: #1 Co-authored-by: jake <jake.young.dev@gmail.com> Co-committed-by: jake <jake.young.dev@gmail.com>	2025-05-17 15:47:24 +00:00
jake	bf4bc77079	update readme	2025-05-17 01:34:28 -04:00
jake	170b11b99d	update readme	2025-05-17 01:32:56 -04:00
jake	fe9e86bdef	readme update	2025-05-11 00:38:58 -04:00
jake	10b0a0439f	README update	2025-05-10 14:39:30 -04:00