Skip to content

Go security scanner CI pipeline #143

@joe0BAB

Description

@joe0BAB

Found this on the lorax repo and maybe we want something similar:

MODULE := $(shell go list -m)
VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
PACKAGE := $(shell go list -m)
SRC := $(shell find . -name '*.go')
GOBIN ?= bin
CMDS := $(foreach cmd,$(notdir $(shell find ./cmd -type d -mindepth 1)),${GOBIN}/$(cmd))
GO_BUILD_TOOL := GOBIN=$(abspath ${GOBIN}) go install
GO_BUILD := GOBIN=$(abspath ${GOBIN}) go install \
	-ldflags="-X ${MODULE}/version.Package=${MODULE} \
	-X ${MODULE}/version.Version=${VERSION} \
	-X ${MODULE}/version.Revision=${REVISION}"


audit-vet:
	go vet ./...

lint-revive: ${GOBIN}/revive
	${GOBIN}/revive -set_exit_status -formatter friendly ./...

audit-staticcheck: ${GOBIN}/staticcheck
	${GOBIN}/staticcheck ./...

audit-govulncheck: ${GOBIN}/govulncheck
	${GOBIN}/govulncheck ./...


# Generic build rule for commands
${GOBIN}/%: ./cmd/% ${SRC} go.mod go.sum Makefile
	${GO_BUILD} ./$<

# Tools installation
${GOBIN}/revive:
	${GO_BUILD_TOOL} github.com/mgechev/revive@latest

${GOBIN}/staticcheck:
	${GO_BUILD_TOOL} honnef.co/go/tools/cmd/staticcheck@latest

${GOBIN}/govulncheck:
	${GO_BUILD_TOOL} github.com/golang/go/v1.23/tool/govulncheck@latest

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions