alihan/fn-serverless
1
0
Fork 0
mirror of https://github.com/fnproject/fn.git synced 2022-10-28 21:29:17 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d85fadb1423f77ead8441b4aeab0375ef1e5de85
fn-serverless/.circleci/config.yml
Reed Allman d85fadb142 add gosec scanning to ci (#1349) 
gosec severity=medium passes, all severity=low errors are from unhandled
errors, we have 107 of them. tbh it doesn't look worth it to me, but maybe
there are a few assholes even itchier than mine out there. medium has some
good stuff in it, and of course high makes sense if we're gonna do this at
all.

this adds some nosec annotations for some things like sql sprintfs where we
know it's clean (we're constructing the strings with variables in them). fixed
up other spots where we were sprinting without need.

some stuff like filepath.Clean when opening a file from a variable, and file
permissions, easy stuff...

I can't get the CI build to shut up, but I can locally get it to be pretty
quiet about imports and it just outputs the gosec output. fortunately, it
still works as expected even when it's noisy. I got it to shut up by unsetting
some of the go mod flags locally, but that doesn't seem to quite do it in
circle, printed the env out and don't see them, so idk... i give up, this
works

closes #1303
2018-12-13 17:57:25 -08:00

76 lines
2.7 KiB
YAML
Raw Blame History

version: 2
jobs:
build:
machine:
image: circleci/classic:201708-01
working_directory: ~/go/src/github.com/fnproject/fn
environment: # apparently expansion doesn't work here yet: https://discuss.circleci.com/t/environment-variable-expansion-in-working-directory/11322
- GOPATH=/home/circleci/go
- GOVERSION=1.11.2
- OS=linux
- ARCH=amd64
- FN_LOG_LEVEL=debug
steps:
- checkout
# install Go
- run: |
go version
go env GOROOT
mkdir tmp
cd tmp
sudo rm -rf /usr/local/go
wget https://storage.googleapis.com/golang/go$GOVERSION.$OS-$ARCH.tar.gz
sudo tar -C /usr/local -xzf go$GOVERSION.$OS-$ARCH.tar.gz
- run: go version
# install latest Docker
- run: |
sudo rm -rf /var/cache/apt/archives && sudo ln -s ~/.apt-cache /var/cache/apt/archives && mkdir -p ~/.apt-cache/partial
sudo service docker stop
curl -fsSL https://get.docker.com/ | sudo sh
docker version
- run: docker version
- run: nproc
# fixes git-diff warning: "warning: inexact rename detection was skipped due to too many files.""
- run: git config diff.renamelimit 65535
# NOTE: if GOFLAGS and GOMODULE are set, gosec will be noisy. unset them (run this before any 'make' command)
- run: |
wget -O - -q https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s 1.2.0
./bin/gosec -quiet -severity medium ./...
- run: make clear-images
# Work out what needs rebuilding and what has changed
- run: |
( ./changed-since-last.sh
echo "export DIND_NEEDED DIND_TAG DIND_PREV"
echo "export FN_NEEDED FN_TAG FN_PREV"
) >> $BASH_ENV
# Rebuild the build tools if necessary
# This leaves local docker images around
- run: |
if [[ -n "$DIND_NEEDED" ]]; then
make build-dind
fi
# Rebuild fnserver if necessary
- run: |
if [[ -n "$FN_NEEDED" ]]; then
make test -j $(nproc)
fi
- deploy:
command: |
if [[ "${CIRCLE_BRANCH}" == "master" && -z "${CIRCLE_PR_REPONAME}" ]]; then
printenv DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
git config --global user.email "ci@fnproject.com"
git config --global user.name "CI"
git branch --set-upstream-to=origin/${CIRCLE_BRANCH} ${CIRCLE_BRANCH}
if [[ -n "$DIND_NEEDED" ]]; then
make release-dind
fi
if [[ -n "$FN_NEEDED" ]]; then
make release-fnserver
fi
fi
Reference in New Issue View Git Blame Copy Permalink