ci: Move static analysis checks into one GitHub Action

Squashed commit of the following:

commit 9e2c0ba
Author: Rafael Espinoza <[email protected]>
Date:   Sun Mar 20 12:34:17 2022 -0700

    ci: Move go vet things into static action

    Now that there's a dedicated GitHub action for static analysis, it's
    actually simpler to do these checks once, separately. Makes more sense
    to limit the driver-specific CI setups to running code against a DB.

commit ca112ad
Author: Rafael Espinoza <[email protected]>
Date:   Sun Mar 20 12:25:42 2022 -0700

    ci: Move security scans into separate action for static analysis

    It makes more sense to scan all the source code just once per push
    rather than perform most of the same work per driver. Establish a
    separate action for things that don't involve running code. Will put a
    go vet action here as well.

.ci/cassandra/client.sh

@@ -26,6 +26,3 @@ done
 
 echo "testing godfish against live db"
 make test-cassandra ARGS='-v -count=1 -coverprofile=/tmp/cover_driver.out'
-
-echo "vetting code"
-make vet-cassandra

.ci/mysql/client.sh

@@ -28,6 +28,3 @@ done
 
 echo "testing godfish against live db"
 make test-mysql ARGS='-v -count=1 -coverprofile=/tmp/cover_driver.out'
-
-echo "vetting code"
-make vet-mysql

.ci/postgres/client.sh

@@ -28,6 +28,3 @@ done
 
 echo "testing godfish against live db"
 make test-postgres ARGS='-v -count=1 -coverprofile=/tmp/cover_driver.out'
-
-echo "vetting code"
-make vet-postgres

.ci/sqlite3/client.sh

@@ -10,6 +10,3 @@ make test ARGS='-v -count=1 -coverprofile=/tmp/cover.out'
 
 echo "testing godfish against live db"
 make test-sqlite3 ARGS='-v -count=1 -coverprofile=/tmp/cover_driver.out'
-
-echo "vetting code"
-make vet-sqlite3

.github/workflows/cassandra.yml → .github/workflows/build-cassandra.yml

@@ -33,12 +33,3 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-cassandra4-down
-  security_scan:
-    runs-on: ubuntu-20.04
-    steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Run gosec
-      uses: securego/gosec@master
-      with:
-        args: . ./internal/... ./drivers/cassandra/...

.github/workflows/mysql.yml → .github/workflows/build-mysql.yml

@@ -49,12 +49,3 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-mysql8-down
-  security_scan:
-    runs-on: ubuntu-20.04
-    steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Run gosec
-      uses: securego/gosec@master
-      with:
-        args: . ./internal/... ./drivers/mysql/...

.github/workflows/postgres.yml → .github/workflows/build-postgres.yml

@@ -33,12 +33,3 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-postgres13-down
-  security_scan:
-    runs-on: ubuntu-20.04
-    steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Run gosec
-      uses: securego/gosec@master
-      with:
-        args: . ./internal/... ./drivers/postgres/...

.github/workflows/sqlite3.yml → .github/workflows/build-sqlite3.yml

@@ -16,12 +16,3 @@ jobs:
         verbose: true
     - name: Teardown
       run: make -f ci.Makefile ci-sqlite3-down
-  security_scan:
-    runs-on: ubuntu-20.04
-    steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Run gosec
-      uses: securego/gosec@master
-      with:
-        args: . ./internal/... ./drivers/sqlite3/...

.github/workflows/static.yml

@@ -0,0 +1,24 @@
+name: static
+on: [push, pull_request]
+jobs:
+  security_scan:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Run gosec
+      uses: securego/gosec@master
+      with:
+        args: --tests . ./internal/... ./drivers/...
+
+  vet:
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v2
+    - name: Setup go
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.17
+    - name: Vet source
+      run: make vet

Makefile

@@ -22,7 +22,7 @@ test:
 	$(GO) test $(ARGS) $(CORE_SRC_PKG_PATHS)
 
 vet:
-	$(GO) vet $(ARGS) $(CORE_SRC_PKG_PATHS)
+	$(GO) vet $(ARGS) $(CORE_SRC_PKG_PATHS) $(PKG_IMPORT_PATH)/drivers/...
 
 clean:
 	rm -rf $(BIN_DIR)
@@ -39,7 +39,7 @@ _mkdir:
 # Also note, the package paths (last positional input to gosec command) should
 # be a "relative" package path. That is, starting with a dot.
 gosec:
-	$(GOSEC) $(ARGS) . ./internal/...
+	$(GOSEC) $(ARGS) . ./internal/... ./drivers/...
 
 #
 # Cassandra
@@ -53,10 +53,6 @@ build-cassandra: _mkdir
 	@echo "built cassandra to $(BIN)"
 test-cassandra:
 	$(GO) test $(ARGS) $(CASSANDRA_PATH)/...
-vet-cassandra: vet
-	$(GO) vet $(ARGS) $(CASSANDRA_PATH)/...
-gosec-cassandra: gosec
-	$(GOSEC) $(ARGS) ./drivers/cassandra/...
 
 #
 # Postgres
@@ -70,10 +66,6 @@ build-postgres: _mkdir
 	@echo "built postgres to $(BIN)"
 test-postgres:
 	$(GO) test $(ARGS) $(POSTGRES_PATH)/...
-vet-postgres: vet
-	$(GO) vet $(ARGS) $(POSTGRES_PATH)/...
-gosec-postgres: gosec
-	$(GOSEC) $(ARGS) ./drivers/postgres/...
 
 #
 # MySQL
@@ -87,10 +79,6 @@ build-mysql: _mkdir
 	@echo "built mysql to $(BIN)"
 test-mysql:
 	$(GO) test $(ARGS) $(MYSQL_PATH)/...
-vet-mysql: vet
-	$(GO) vet $(ARGS) $(MYSQL_PATH)/...
-gosec-mysql: gosec
-	$(GOSEC) $(ARGS) ./drivers/mysql/...
 
 #
 # SQLite3
@@ -104,7 +92,3 @@ build-sqlite3: _mkdir
 	@echo "built sqlite3 to $(BIN)"
 test-sqlite3:
 	$(GO) test $(ARGS) $(SQLITE3_PATH)/...
-vet-sqlite3: vet
-	$(GO) vet $(ARGS) $(SQLITE3_PATH)/...
-gosec-sqlite3: gosec
-	$(GOSEC) $(ARGS) ./drivers/sqlite3/...

README.md

@@ -4,10 +4,10 @@
 [![codecov](https://codecov.io/gh/rafaelespinoza/godfish/branch/main/graph/badge.svg?token=EoLelW4qiy)](https://codecov.io/gh/rafaelespinoza/godfish)
 [![Go Report Card](https://goreportcard.com/badge/github.com/rafaelespinoza/godfish)](https://goreportcard.com/report/github.com/rafaelespinoza/godfish)
 
-[![cassandra](https://github.com/rafaelespinoza/godfish/actions/workflows/cassandra.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/cassandra.yml)
-[![mysql](https://github.com/rafaelespinoza/godfish/actions/workflows/mysql.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/mysql.yml)
-[![postgres](https://github.com/rafaelespinoza/godfish/actions/workflows/postgres.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/postgres.yml)
-[![sqlite3](https://github.com/rafaelespinoza/godfish/actions/workflows/sqlite3.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/sqlite3.yml)
+[![cassandra](https://github.com/rafaelespinoza/godfish/actions/workflows/build-cassandra.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/build-cassandra.yml)
+[![mysql](https://github.com/rafaelespinoza/godfish/actions/workflows/build-mysql.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/build-mysql.yml)
+[![postgres](https://github.com/rafaelespinoza/godfish/actions/workflows/build-postgres.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/build-postgres.yml)
+[![sqlite3](https://github.com/rafaelespinoza/godfish/actions/workflows/build-sqlite3.yml/badge.svg)](https://github.com/rafaelespinoza/godfish/actions/workflows/build-sqlite3.yml)
 
 `godfish` is a database migration manager, similar to the very good
 [`dogfish`](https://github.com/dwb/dogfish), but written in golang.
@@ -145,8 +145,8 @@ generated godoc looks weird. There are also tests, those should pass.
 
 The GitHub Actions run a security scanner on all of the source code using
 [gosec](https://github.com/securego/gosec). There should be no rule violations
-here. The Makefile provides some convenience targets if you want to run `gosec`
-on your development machine.
+here. The Makefile provides a convenience target if you want to run `gosec` on
+your development machine.
 
 ## tests