diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..e64b0d8f --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,7 @@ +# This file allows Github to automatically request reviews from +# code owners when certain files are changed. +# Ref: https://github.com/blog/2392-introducing-de-owners + +* @razorpay/Tech + +ci.yml vivek.aggarwal@razorpay.com sunny.aggrawal@razorpay.com ankit.gupta@razorpay.com amrendra.singh@razorpay.com manikant.pandit@razorpay.com \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..bb369482 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: +- package-ecosystem: "gomod" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "daily" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100755 index 00000000..ca12739b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,76 @@ +name: CI +on: [ push ] +jobs: + cancel: + runs-on: [self-hosted] + name: Cancel Previous Runs + if: always() + steps: + - uses: styfle/cancel-workflow-action@d57d93c3a8110b00c3a2c0b64b8516013c9fd4c9 + if: github.ref != 'refs/heads/master' + name: cancel old workflows + id: cancel + with: + access_token: ${{ github.token }} + - if: github.ref == 'refs/heads/master' + name: Don't cancel old workflows + id: dont_cancel + run: | + echo "Don't cancel old workflow" + + build-statping-docker-image: + name: Docker image - statping + runs-on: [self-hosted] + steps: + - uses: actions/checkout@v2 + - name: Build and push + uses: docker/build-push-action@v1 + with: + registry: c.rzp.io + username: ${{ secrets.HARBOR_DOCKER_USERNAME }} + password: ${{ secrets.HARBOR_DOCKER_PASSWORD }} + repository: ${{ github.repository }} + dockerfile: ./Dockerfile + build_args: GIT_COMMIT_HASH=${{ github.sha }},GIT_TOKEN=${{ secrets.GIT_TOKEN }} + push: true + tags: service_${{ github.sha }} + + fmt: + name: fmt + runs-on: [self-hosted] + continue-on-error: false + steps: + - name: checkout + id: checkout + uses: actions/checkout@v2 + - name: format + uses: docker://golang:1.13-alpine3.10 + env: + GIT_TOKEN: ${{ secrets.GIT_TOKEN }} + with: + entrypoint: /bin/sh + args: ./scripts/run_tests.sh fmt drone + + workflow_status: + runs-on: [self-hosted] + name: Update Status Check + needs: [ build-statping-docker-image] + if: always() + steps: + - name: Failed + id: failed + if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') + run: | + echo 'Failing the workflow for github status check.' + curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \ + -d '{ "state" : "failure" , "context" : "github/combined-status-check" , "description" : "github/combined-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \ + https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} + exit 1 + - name: Success + if: steps.failed.conclusion == 'skipped' + run: | + echo 'Status check has passed!' + curl -X POST -H "Content-Type: application/json" -H "Authorization: token ${{ github.token }}" \ + -d '{ "state" : "success" , "context" : "github/combined-status-check" , "description" : "github/combined-status-check", "target_url" : "https://github.com/${{ github.repository }}" }' \ + https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }} + exit 0 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100755 index 00000000..293a8aa9 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,37 @@ +on: + pull_request: + types: [ opened, reopened, edited, synchronize] +name: Mandatory-Jira-Check +jobs: + + Find-Jira-Id: + name: Find-Jira-Id + runs-on: [self-hosted] + + steps: + - name: Checkout + uses: actions/checkout@master + + - name: Checkout GitHub Action Repo + uses: actions/checkout@v2 + with: + repository: Razorpay/check-commit-jira + path: .github/actions/check-commit-jira + ref: combined_check + token: ${{ secrets.GIT_TOKEN }} + - name: Login + uses: ./.github/actions/check-commit-jira/jira-login + env: + JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} + JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }} + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + + # Find Issue on JIRA + - name: Get Issue Key + id: find + uses: ./.github/actions/check-commit-jira/jira-issue-check + with: + from: pull_request + # Print JIRA ID found on jira + - name: Find issue info + run: echo "Issue ${{ steps.find.outputs.issue }} was found" diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml new file mode 100644 index 00000000..b75e7634 --- /dev/null +++ b/.github/workflows/semgrep.yml @@ -0,0 +1,14 @@ +name: Semgrep +on: [pull_request, push] +jobs: + semgrep: + name: Scan + runs-on: [self-hosted] + steps: + - uses: actions/checkout@v2 + - uses: returntocorp/semgrep-action@v1 + with: + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: 339 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/scripts/run_tests.sh b/scripts/run_tests.sh new file mode 100755 index 00000000..44723390 --- /dev/null +++ b/scripts/run_tests.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +# set -eux + +test_env=$2 +if [[ "${test_env}" = "drone" ]]; then + echo "Setting up code" + ORIG_DIR=/github/workspace/ + SRC_DIR=/go/src/github.com/razorpay/statping + mkdir -p ${SRC_DIR} + cp -Rp ${ORIG_DIR} ${SRC_DIR} + cd ${SRC_DIR} + cp -r workspace/* . +fi + +if [[ "$1" = "fmt" ]]; then + echo "Running go fmt" + files=$(gofmt -l $(find . -type f -name '*.go' -not -path "./vendor/*") 2>&1) + if [[ "$files" ]]; then + echo "These files did not pass the gofmt check:" + echo ${files} + exit 1 + fi +fi + +if [[ "$1" = "test" ]]; then + echo "Installing dependencies" + apk add --no-cache git gcc musl-dev + export GO111MODULE="on" + echo 'exec echo ${GIT_TOKEN}' > /tmp/askpass.sh + chmod +x /tmp/askpass.sh + export GIT_ASKPASS=/tmp/askpass.sh + go mod vendor + go version + echo "Running mysql migrations" + go run cmd/migration/mysql/main.go -env=drone up + echo "Running postgres migrations" + go run cmd/migration/postgres/main.go -env=drone up + cp configs/drone.toml configs/test.toml + + echo "Running tests ${DRONE_BRANCH}" + + echo "Running Unit tests with coverage Test" + go generate ./... + #Interate all the go packages after listing it + list=$(go list ./...) + i=1 + #Run the go test for each package and generate a cov with the package name + for pkg in $list + do + go test -coverprofile=pkg-$i.cover.out -coverpkg=./... -covermode=atomic $pkg + x=$? + i=$((i+1)) + if [[ $x -ne 0 ]]; then + echo "Unit tests failed" + exit $x + fi + done + + echo "mode: set" > sonarqube.cov && cat *.cover.out | grep -v mode: | sort -r | \ + # Merge all the cov file and generate sonaqube.cov files + awk '{if($1 != last) {print $0;last=$1}}' >> sonarqube.cov + #Renaming the file with the drone_build_number to identify uniquely in drone + cp sonarqube.cov /github/workspace/sonarqube.cov + exit $? +fi