Update common workflow (#98)

* Update go-common.yml * fix unexpected input error * move malware scan to quality checks and add gosec inputs * set defaults as empty for gosec * change to env * set default dir
dell · Nov 13, 2024 · c4690a9 · c4690a9
1 parent 4882273
commit c4690a9
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 16 deletions.
diff --git a/.github/workflows/go-common.yml b/.github/workflows/go-common.yml
@@ -12,10 +12,22 @@ name: Common Workflows
 on:
   workflow_call:
 
+# Set defaults
 env:
+  # unit test action
   CODE_COVERAGE_TARGET: ${{ vars.CODE_COVERAGE_TARGET || 90 }}
+  CODE_COVERAGE_DIR: ${{ vars.CODE_COVERAGE_DIR || '.' }}
+  SKIP_LIST: ${{ vars.PACKAGE_SKIP_LIST || '' }}
+  RACE_DETECTOR: ${{ vars.RACE_DETECTOR || true }}
+  SKIP_TEST: ${{ vars.SKIP_TEST || '' }}
+  RUN_TEST: ${{ vars.RUN_TEST || '' }}
+
+  # gosec action
+  GOSEC_EXCLUDES: ${{ vars.GOSEC_EXCLUDES || '' }}
+  GOSEC_EXCLUDE_DIR: ${{ vars.GOSEC_EXCLUDE_DIR || '' }}
 
 jobs:
+  # Run unit tests
   gocoverage:
     name: Unit tests and package coverage
     runs-on: ubuntu-latest
@@ -27,8 +39,13 @@ jobs:
         uses: dell/common-github-actions/go-code-tester@main
         with:
           threshold: ${{ env.CODE_COVERAGE_TARGET }}
-          test-folder: ${{ vars.CODE_COVERAGE_DIR }}
+          test-folder: ${{ env.CODE_COVERAGE_DIR }}
+          skip-list: ${{ env.SKIP_LIST }}
+          race-detector: ${{ env.RACE_DETECTOR }}
+          skip-test: ${{ env.SKIP_TEST }}
+          run-test: ${{ env.RUN_TEST }}
 
+  # Check sources for security vulnerabilities
   security:
     name: GoSec
     runs-on: ubuntu-latest
@@ -38,7 +55,11 @@ jobs:
 
       - name: gosec
         uses: dell/common-github-actions/gosec-runner@main
+        with:
+          excludes: ${{ env.GOSEC_EXCLUDES }}
+          exclude-dir: ${{ env.GOSEC_EXCLUDE_DIR }}
 
+  # Check sources for formatting and vetting
   formatter_vetter:
     name: Go Formatter and Vetter
     runs-on: ubuntu-latest
@@ -48,3 +69,16 @@ jobs:
 
       - name: gofmt and go vet
         uses: dell/common-github-actions/go-code-formatter-vetter@main
+
+  # Check sources files for malware
+  malware_security_scan:
+    name: Malware Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v4
+      - name: Run malware scan
+        uses: dell/common-github-actions/malware-scanner@main
+        with:
+          directories: .
+          options: -ri
diff --git a/.github/workflows/go-static-analysis.yaml b/.github/workflows/go-static-analysis.yaml
@@ -56,19 +56,6 @@ jobs:
           skip-cache: true
           args: --config=golangci.yaml
 
-  # Check sources files for malware
-  malware_security_scan:
-    name: Malware Scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the code
-        uses: actions/checkout@v4
-      - name: Run malware scan
-        uses: dell/common-github-actions/malware-scanner@main
-        with:
-          directories: .
-          options: -ri
-
   # Check yaml for syntax validity, line length, trailing spaces, indentation, etc.
   yaml_lint_scan:
     name: Yaml Lint

diff --git a/README.md b/README.md
@@ -55,7 +55,6 @@ In addition to the actions mentioned above, the repository contains workflows th
 This workflow runs static analysis checks against repositories that utilize Golang as the primary development language. The jobs that are run include:
 
 - golanci-lint with gofumpt (stricter version of gofmt), gosec, govet, and revive (replacement for golint). The configuration file for this job can be found at [.github/configs/golangci-lint/golangci.yaml](.github/configs/golangci-lint/golangci.yaml)
-- malware_security_scan, which is the malware-scanner mentioned above
 - yaml_lint_scan which validates yaml files. The yamllint config file for this job is at [.github/configs/yamllint/yamllint.yaml](.github/configs/yamllint/yamllint.yaml)
 
 The workflow does not accept any parameters and can be used from any repo by creating a workflow that resembles the following
@@ -124,7 +123,7 @@ jobs:
 
 ### go-common
 
-This workflow runs multiple checks against repositories that utilize Golang as the primary development language. Currently, this workflow will run unit tests, check package coverage, gosec, and go formatter and vetter.
+This workflow runs multiple checks against repositories that utilize Golang as the primary development language. Currently, this workflow will run unit tests, check package coverage, gosec, go formatter and vetter, and malware scan.
 
 ```
 name: Common Workflows

diff --git a/go-code-tester/action.yml b/go-code-tester/action.yml
@@ -28,6 +28,10 @@ inputs:
     description: 'Regex for skipping tests'
     required: false
     default: ""
+  run-test:
+    description: 'Regex to specify tests to run'
+    required: false
+    default: ""
 runs:
   using: 'docker'
   image: 'Dockerfile'