actions/donotpassgo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

restructuring logic and adding more inputs #2

Merged
jake merged 12 commits from cleanup into main 2026-04-03 20:09:13 +00:00
Conversation 0 Commits 12 Files Changed 6 +128 -77
6 changed files with 128 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4a98d66b24 - Show all commits

37
README.md
View File

@@ -1,34 +1,7 @@
# donotpassgo # donotpassgo
A composite workflow that runs general code checks on Go projects, an optional <b>test</b> input is available to trigger unit tests. See [steps](#steps) for more information on the jobs run donotpassgo is a github/gitea action to run standard go checks in pipelines.
## Usage ## TODO
adding donotpassgo to workflows is simple, just add the following step to your yaml file: explain inputs in readme
```yaml test
- name: "checkpoint" does file naming matter here if the project has install.sh or /src will we overwrite?
uses: https://code.jakeyoungdev.com/actions/donotpassgo@main
```
donotpassgo has optional support for running unit tests, this can be added by setting the <b>test</b> flag to <b>standard</b>
```yaml
- name: "checkpoint"
uses: https://code.jakeyoungdev.com/actions/donotpassgo@main
with:
test: standard
```
running unit tests with ginkgo is also supported by setting the <b>test</b> flag to <b>ginkgo</b>
```yaml
- name: "checkpoint"
uses: https://code.jakeyoungdev.com/actions/donotpassgo@main
with:
test: ginkgo
```
## Steps
donotpassgo runs several workflow jobs to ensure quality and secure go code, these steps may be updated as new tools develop.
### Dependency Scans
[govulncheck](https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck) is installed using golang and is used to scan for vulnerabilities in the project dependencies and standard library.
### Static Code Analysis
[gosec](https://github.com/securego/gosec) inspects source code for security problems
### Unit Tests
donotpassgo supports two unit tests libraries: the standard go library and [ginkgo](https://github.com/onsi/ginkgo)

53
action.yaml
View File

@@ -1,27 +1,46 @@
name: "donotpassgo" name: "donotpassgo"
description: "general go code checks" description: "go security checks and unit tests"
inputs: inputs:
test: test-library: #TEST_LIBRARY
description: "runs unit tests with specified library" description: "if set, tests are run with the specific library (standard|ginkgo)"
required: false required: false
default: "none" default: "none"
test-version: #TEST_VERSION
description: "the test library version, if the version is none or standard this value is ignored"
required: false
default: "latest"
test-fail: #TEST_FAIL
description: "override switch to prevent jobs from failing when unit tests do"
required: false
default: "yes"
static: #STATIC_FLAG
description: "if set, static code checks are ran with gosec (yes|no)"
required: false
default: "yes"
static-fail: #STATIC_FAIL
description: "override switch to prevent jobs from failing when static code analysis does"
required: false
default: "yes"
vulnerability: #VULN_CHECK
description: "if set, dependencies are scanned with govulncheck (yes|no)"
required: false
default: "yes"
vulnerability-fail: #VULN_FAIL
description: "override switch to prevent jobs from failing when vulnerability scan does"
required: false
default: "yes"
runs: runs:
using: "composite" using: "composite"
steps: steps:
- name: "install dependencies"
shell: bash
run: ${{ github.action_path }}/src/install.sh
- name: "run unit tests" - name: "run unit tests"
shell: bash shell: bash
run: ${{ github.action_path }}/test.sh run: ${{ github.action_path }}/src/test.sh
env:
LIBRARY: ${{ inputs.test }}
- name: "install govulncheck" - name: "run security checks"
run: | shell: bash
go install golang.org/x/vuln/cmd/govulncheck@latest run: ${{ github.action_path }}/src/security.sh
- name: "dependency scan"
run: govulncheck ./...
- name: "static code analysis"
uses: securego/gosec@master
with:
args: ./...

16
src/install.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
set -eo pipefail
version=$(go version);
if [[ -z "$version" ]]; then
echo "[FATAL] golang is not installed";
exit 1;
fi
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/securego/gosec/v2/cmd/gosec@latest
if [[ "$TEST_LIBRARY" == "ginkgo" ]]; then
go install github.com/onsi/ginkgo/v2/ginkgo@$TEST_VERSION
fi

34
src/security.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/bin/bash
set -eo pipefail
if [[ "$STATIC_FLAG" == "no" && "$VULN_SCAN" == "no" ]]; then
echo "[INFO] no security flags set, skipping!";
exit 0;
fi
if [[ "$STATIC_FLAG" == "yes" ]]; then
if gosec ./...; then
echo "[INFO] gosec passed!";
else
if [[ "$STATIC_FAIL" == "yes" ]]; then
echo "[FATAL] gosec failed!";
exit 1;
else
echo "[INFO] gosec failed!";
fi
fi
fi
if [[ "$VULN_CHECK" == "yes" ]]; then
if govulncheck ./...; then
echo "[INFO] govulncheck passed!";
else
if [[ "$VULN_FAIL" == "yes" ]]; then
echo "[FATAL] govulncheck failed!"
exit 1;
else
echo "[INFO] govulncheck failed!"
fi
fi
fi

37
src/test.sh Normal file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
set -eo pipefail
if [[ "$TEST_LIBRARY" == "none" ]]; then
echo "[INFO] test-library input not set, skipping unit tests.";
exit 0;
fi
echo "[INFO] running unit tests";
if [[ "$TEST_LIBRARY" == "standard" ]]; then
if go test ./...; then
echo "[INFO] unit tests passed!";
exit 0;
else
if [[ "$TEST_FAIL" == "yes" ]]; then
echo "[FATAL] unit tests failed!";
exit 1;
else
echo "[INFO] unit tests failed!";
fi
fi
fi
if [[ "$TEST_LIBRARY" == "ginkgo" ]]; then
if ginkgo ./...; then
echo "[INFO] unit tests passed!";
exit 0;
else
if [[ "$TEST_FAIL" == "yes" ]]; then
echo "[FATAL] unit tests failed!";
exit 1;
else
echo "[INFO] unit tests failed!";
fi
fi
fi

28
test.sh
View File

@@ -1,28 +0,0 @@
#!/bin/bash
if [[ "$LIBRARY" == "none" ]]; then
echo "Test flag not set, skipping unit tests."
exit 0
fi
if [[ "$LIBRARY" == "standard" ]]; then
echo "Running unit tests with standard library"
if go test ./...; then
echo "Tests passed!"
exit 0
else
echo "Tests failed!"
exit 1
fi
fi
if [[ "$LIBRARY" == "ginkgo" ]]; then
echo "Running unit tests with ginkgo"
go install github.com/onsi/ginkgo/v2/ginkgo@v2.23.4
if ginkgo ./...; then
echo "Tests passed!"
exit 0
else
echo "Tests failed!"
exit 1
fi
fi