Go security scanner CI pipeline #143
Description
Found this on the lorax repo and maybe we want something similar:
MODULE := $(shell go list -m)
VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
PACKAGE := $(shell go list -m)
SRC := $(shell find . -name '*.go')
GOBIN ?= bin
CMDS := $(foreach cmd,$(notdir $(shell find ./cmd -type d -mindepth 1)),${GOBIN}/$(cmd))
GO_BUILD_TOOL := GOBIN=$(abspath ${GOBIN}) go install
GO_BUILD := GOBIN=$(abspath ${GOBIN}) go install \
-ldflags="-X ${MODULE}/version.Package=${MODULE} \
-X ${MODULE}/version.Version=${VERSION} \
-X ${MODULE}/version.Revision=${REVISION}"
audit-vet:
go vet ./...
lint-revive: ${GOBIN}/revive
${GOBIN}/revive -set_exit_status -formatter friendly ./...
audit-staticcheck: ${GOBIN}/staticcheck
${GOBIN}/staticcheck ./...
audit-govulncheck: ${GOBIN}/govulncheck
${GOBIN}/govulncheck ./...
# Generic build rule for commands
${GOBIN}/%: ./cmd/% ${SRC} go.mod go.sum Makefile
${GO_BUILD} ./$<
# Tools installation
${GOBIN}/revive:
${GO_BUILD_TOOL} github.com/mgechev/revive@latest
${GOBIN}/staticcheck:
${GO_BUILD_TOOL} honnef.co/go/tools/cmd/staticcheck@latest
${GOBIN}/govulncheck:
${GO_BUILD_TOOL} github.com/golang/go/v1.23/tool/govulncheck@latest
Metadata
Metadata
Assignees
Labels
No labels