Modify PR checks

mehabhalodiya · mehabhalodiya · commit 4ec2bded1012 · 2024-01-23T19:02:14.000+05:30
Signed-off-by: mehabhalodiya &lt;mehabhalodiya@gmail.com&gt;
diff --git a/.codecov.yml b/.codecov.yml
@@ -1,8 +1,36 @@
+# See http://docs.codecov.io/docs/coverage-configuration
 coverage:
+  precision: 2 # 2 = xx.xx%, 0 = xx%
+  round: down
+  # For example: 20...60 would result in any coverage less than 20%
+  # would have a red background. The color would gradually change to
+  # green approaching 60%. Any coverage over 60% would result in a
+  # solid green color.
+  range: "20...60"
+
   status:
-    patch: off
-    project:
-      default:
-        target: auto
-        threshold: 0.2%
-        removed_code_behavior: adjust_base
+    # project will give us the diff in the total code coverage between a commit
+    # and its parent
+    project: yes
+    # Patch gives just the coverage of the patch
+    patch: yes
+    # changes tells us if there are unexpected code co verage changes in other files
+    # which were not changed by the diff
+    changes: yes
+
+  # See http://docs.codecov.io/docs/ignoring-paths
+  ignore:
+    - "build/*"
+    - "hack/*"
+    - "openshift-ci/*"
+    - "Makefile"
+    - ".travis.yml"
+
+# See http://docs.codecov.io/docs/pull-request-comments-1
+comment:
+  layout: "diff, files"
+  behavior: ""
+            # default = posts once then update, posts new if delete
+            # once = post once then updates
+            # new = delete old, post new
+            # spammy = post new
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -1,12 +1,10 @@
-name: static checks
+name: PR checks
+
 on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "master"
   pull_request:
     branches:
-      - "*"
+      - master
+      - 'v*.*'
 
 jobs:
   lint:
@@ -15,57 +13,60 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.18"
 
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          architecture: "x64"
+
       - name: Checkout repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Run linters
+        run: make lint
+
 
   unit:
     name: Unit Tests with Code coverage
     runs-on: ubuntu-20.04
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: "^1.18"
 
       - name: Checkout Git Repository
-        uses: actions/checkout@v3
-
-      - name: Run Go Tests
-        run: make test
-  
-      - name: Check format
-        run: |
-          if [[ $(go fmt `go list ./... | grep -v vendor`) ]]; then
-            echo "not well formatted sources are found"
-            exit 1
-          fi
+        uses: actions/checkout@v4
 
-      - name: Generate coverage report
+      - name: Unit Tests with Code Coverage
         run: |
-          go test `go list ./... | grep -v examples` -coverprofile=coverage.txt -covermode=atomic
+          make test
 
-      - name: Upload coverage report
-        uses: codecov/codecov-action@v1
+      - name: Upload Code Coverage Report
+        uses: codecov/codecov-action@v3
         with:
-          file: ./coverage.txt
-          flags: unittests
-          name: codecov-umbrella  
+          file: cover.out
+          verbose: true
+          fail_ci_if_error: true
+  
+  source-scan:
+    name: Gosec code scanning
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-      - name: Get code coverage artifiact
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
-        with:
-          name: code-coverage
-      - name: Get test result artifact
-        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - name: Run gosec
+        uses: securego/gosec@v2.18.2
         with:
-          name: test-results
-          path: test-results
-      - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+          args: '-no-fail -fmt sarif -out gosec.sarif ./...'
+
+      - name: Upload gosec scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          file: coverage.out
+          sarif_file: 'gosec.sarif'
