d85fadb142
gosec severity=medium passes, all severity=low errors are from unhandled errors, we have 107 of them. tbh it doesn't look worth it to me, but maybe there are a few assholes even itchier than mine out there. medium has some good stuff in it, and of course high makes sense if we're gonna do this at all. this adds some nosec annotations for some things like sql sprintfs where we know it's clean (we're constructing the strings with variables in them). fixed up other spots where we were sprinting without need. some stuff like filepath.Clean when opening a file from a variable, and file permissions, easy stuff... I can't get the CI build to shut up, but I can locally get it to be pretty quiet about imports and it just outputs the gosec output. fortunately, it still works as expected even when it's noisy. I got it to shut up by unsetting some of the go mod flags locally, but that doesn't seem to quite do it in circle, printed the env out and don't see them, so idk... i give up, this works closes #1303
Migrations How-To
All migration files should be of the format:
[0-9]+_[add|remove]_model[_field]*.go
The number at the beginning of the file name should be monotonically
increasing, from the last highest file number in this directory. E.g. if there
is 11_add_foo_bar.go, your new file should be 12_add_bar_baz.go.
Each migration file have to contain both up and down function:
package migrations
import (
"context"
"github.com/fnproject/fn/api/datastore/sql/migratex"
"github.com/jmoiron/sqlx"
)
func up1(ctx context.Context, tx *sqlx.Tx) error {
_, err := tx.ExecContext(ctx, "ALTER TABLE routes ADD created_at text;")
return err
}
func down1(ctx context.Context, tx *sqlx.Tx) error {
_, err := tx.ExecContext(ctx, "ALTER TABLE routes DROP COLUMN created_at;")
return err
}
func init() {
Migrations = append(Migrations, &migratex.MigFields{
VersionFunc: vfunc(1),
UpFunc: up1,
DownFunc: down1,
})
}
Each migration must initialize a migratex.Migration with corresponding
version and up/down function.
We have elected to expose fn's specific sql migrations as an exported global
list migrations.Migrations from this package, you must simply add your
migration and append it to this list.
Please note that every database change should be considered as 1 individual migration (new table, new column, column type change, etc.)