It is recommended to pin github actions with hash so that an action
is not posing an unknown security risk (as the actions itself is not
written by us).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add OSSF Security Scoreboard Scan
This PR adds OSSF's Security Scoreboard Scan, to help tighten CoreDNS's security practice.
OSSF Scoreboard is recommended by GitHub. The result will show up in project's "Code Scanning Alerts" (together with existing CodeQL scan we already have).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
use reviewdog to automatically suggest whitespace corrections in PRs
so that code will be clean before committing into master branch.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add github actions for docker release.
Once a release/tag shown up in GitHub,
an GitHub Action will be automatically triggered
for docker release.
This will help avoid additional steps when releasing.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Update to address the review
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Address review comment
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
The fix in 4b9bc138d9 breaks docker with
~~~
Step 2/9 : RUN sed -i.bak s@stable/update@stable-security/update@g /etc/apt/sources.list
---> Running in 29a0dbae5746
no status provided on response: unknown
~~~
So reverted here. This adds github workflows to test Makefile.docker
syntax as well. And small updates to the docker-coredns over in the
release repo.
Signed-off-by: Miek Gieben <miek@miek.nl>
* Spun out docker
Remove docker from Makefile.release so we can actually release.
Unify the mips stuff, now that docker is gone.
Update the docs to reflect this.
See #4858
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update test as well
Signed-off-by: Miek Gieben <miek@miek.nl>
* Update golang version to 1.17
This PR updates golang version to 1.17 when applicable.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Remove `^` to avoid cache
This commit removes `^` to avoid cache in build system
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Change to 1.17.0
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Our GitHub Actions CI is having some issues with `make -f Makefile.doc`
as the related changes that should have triggered the build didn't
work for the past 3 months (since march).
This PR adds verbose to GitHub Actions CI to see if we can get more information.
Note this PR just add `set -x` to show detailed step. Will not impact anything else.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
As commit push holds write access of GITHUB_TOKEN, we may
want to limit the scope of third-party test run.
This PR disable CodeCov on commit push. Pull request is still
ok.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
This moves all workflows that commit to a schedule, so that it _doesn't_
push into peoples PRs as that enlarges them and is just non-obvious.
They run throughout the week.
Also change the "user" we use for this, so that DCO believes it a real
email address (DCO is pretty stupid here). Update the authors target to
filter out this bot as well.
Signed-off-by: Miek Gieben <miek@miek.nl>
This doesn't do much, but at least it doesn't litter PRs with non-signed
commits. This should keep the DCO clean(er)
Signed-off-by: Miek Gieben <miek@miek.nl>
So there is (and will always) be a disconnect between latest Go in the
workflow and the actual latest Go used by other utils. Faillint move to
go 1.16 features and for some reason this now borkes.
Add ||true to allow failling to not compile, this will skip that
particular test (so be it)
Signed-off-by: Miek Gieben <miek@miek.nl>
unsure why this only pops up, but the yaml was not correct for this
workflow. Randomly added whitespace until it parsed as proper yaml
Signed-off-by: Miek Gieben <miek@miek.nl>
This PR switches from actions/setup-go@v2-beta to actions/setup-go@v2 to fix the
GitHub Actions `set-env` failure. Without this PR the following error shown up
(see https://github.com/coredns/coredns/runs/1423802307):
```
Error: Unable to process command '::set-env name=GOROOT::/opt/hostedtoolcache/go/1.15.5/x64' successfully.
7
Error: The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
```
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Looks like one `*` is missing in Go Fmt GitHub Actions
and that causes the Actions not being triggered.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Setup GitHub Actions for auto remove trailing whitespaces
This PR setup GitHub Actions for auto remove trailing whitespaces,
if any non-go files are touched (.git directory are ignored)
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Remove TestTrailingWhitespace in presubmit tests
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* paths and paths-ignore are mutually exlcusive so only keep paths-ignore
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Remove redundent bufio import
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Add GitHub Actions to `gofmt -s -w` all `*.go` files
This PR adds GitHub Actions to `gofmt -s -w` all `*.go` files,
if any `*.go` files are touched on each commit.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
* Change go-mod-fmt to go-fmt
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Add github testing workflow, simplify the Makefile because that was
complex because of Travis. Remove the fuzzing, needs to be re-added when
that works properly with go modules (it has been disabled for quite some
time). Multiple builds and files have been added so these tests can all
run in parallel. Our testing now tests a couple of minutes, the codeql
is by far the more expensive.
Move metric's naming test to test/presubmit_test.go
Add longer sleep in the TestAutoAXFR.
Bye bye travis!
Closes: #4266
Signed-off-by: Miek Gieben <miek@miek.nl>
This PR updates go.tidy.yml, and use pseudo name
`coredns-auto-go-mod-tidy[bot]`, so that the commit
is not associated with real user. Otherwise
the commit history could be confusing.
This is similar to what `dependabot[bot]` is doing
for commits generated by bots.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
Setup GitHub Workflow for auto `go tidy`, when
- 'go.mod'
- 'go.sum'
- '.github/workflows/go.tidy.yml'
has been touched.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
