mirror of
https://github.com/ivuorinen/gibidify.git
synced 2026-01-26 11:34:03 +00:00
chore: modernize workflows, security scanning, and linting configuration (#50)
* build: update Go 1.25, CI workflows, and build tooling - Upgrade to Go 1.25 - Add benchmark targets to Makefile - Implement parallel gosec execution - Lock tool versions for reproducibility - Add shellcheck directives to scripts - Update CI workflows with improved caching * refactor: migrate from golangci-lint to revive - Replace golangci-lint with revive for linting - Configure comprehensive revive rules - Fix all EditorConfig violations - Add yamllint and yamlfmt support - Remove deprecated .golangci.yml * refactor: rename utils to shared and deduplicate code - Rename utils package to shared - Add shared constants package - Deduplicate constants across packages - Address CodeRabbit review feedback * fix: resolve SonarQube issues and add safety guards - Fix all 73 SonarQube OPEN issues - Add nil guards for resourceMonitor, backpressure, metricsCollector - Implement io.Closer for headerFileReader - Propagate errors from processing helpers - Add metrics and templates packages - Improve error handling across codebase * test: improve test infrastructure and coverage - Add benchmarks for cli, fileproc, metrics - Improve test coverage for cli, fileproc, config - Refactor tests with helper functions - Add shared test constants - Fix test function naming conventions - Reduce cognitive complexity in benchmark tests * docs: update documentation and configuration examples - Update CLAUDE.md with current project state - Refresh README with new features - Add usage and configuration examples - Add SonarQube project configuration - Consolidate config.example.yaml * fix: resolve shellcheck warnings in scripts - Use ./*.go instead of *.go to prevent dash-prefixed filenames from being interpreted as options (SC2035) - Remove unreachable return statement after exit (SC2317) - Remove obsolete gibidiutils/ directory reference * chore(deps): upgrade go dependencies * chore(lint): megalinter fixes * fix: improve test coverage and fix file descriptor leaks - Add defer r.Close() to fix pipe file descriptor leaks in benchmark tests - Refactor TestProcessorConfigureFileTypes with helper functions and assertions - Refactor TestProcessorLogFinalStats with output capture and keyword verification - Use shared constants instead of literal strings (TestFilePNG, FormatMarkdown, etc.) - Reduce cognitive complexity by extracting helper functions * fix: align test comments with function names Remove underscores from test comments to match actual function names: - benchmark/benchmark_test.go (2 fixes) - fileproc/filetypes_config_test.go (4 fixes) - fileproc/filetypes_registry_test.go (6 fixes) - fileproc/processor_test.go (6 fixes) - fileproc/resource_monitor_types_test.go (4 fixes) - fileproc/writer_test.go (3 fixes) * fix: various test improvements and bug fixes - Remove duplicate maxCacheSize check in filetypes_registry_test.go - Shorten long comment in processor_test.go to stay under 120 chars - Remove flaky time.Sleep in collector_test.go, use >= 0 assertion - Close pipe reader in benchmark_test.go to fix file descriptor leak - Use ContinueOnError in flags_test.go to match ResetFlags behavior - Add nil check for p.ui in processor_workers.go before UpdateProgress - Fix resource_monitor_validation_test.go by setting hardMemoryLimitBytes directly * chore(yaml): add missing document start markers Add --- document start to YAML files to satisfy yamllint: - .github/workflows/codeql.yml - .github/workflows/build-test-publish.yml - .github/workflows/security.yml - .github/actions/setup/action.yml * fix: guard nil resourceMonitor and fix test deadlock - Guard resourceMonitor before CreateFileProcessingContext call - Add ui.UpdateProgress on emergency stop and path error returns - Fix potential deadlock in TestProcessFile using wg.Go with defer close
This commit is contained in:
GitHub
49
scripts/security.sh
Executable file
49
scripts/security.sh
Executable file
@@ -0,0 +1,49 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Shared security scanning functions
|
||||
|
||||
# Run gosec in parallel on all Go directories
|
||||
run_gosec_parallel() {
|
||||
local exit_code=0
|
||||
local pids=()
|
||||
local go_dirs=("./benchmark" "./cli" "./cmd" "./config" "./fileproc" "./metrics" "./shared" "./templates" "./testutil" ".")
|
||||
|
||||
# Start gosec for each directory in background
|
||||
for dir in "${go_dirs[@]}"; do
|
||||
# Skip non-existent directories
|
||||
if [[ ! -d "$dir" ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
if [[ "$dir" == "." ]]; then
|
||||
# For root directory, scan only .go files directly (not subdirectories)
|
||||
gosec -fmt=text -quiet -exclude-dir=vendor -exclude-dir=.git -exclude-dir=benchmark -exclude-dir=cli -exclude-dir=cmd -exclude-dir=config -exclude-dir=fileproc -exclude-dir=metrics -exclude-dir=shared -exclude-dir=templates -exclude-dir=testutil . >"gosec_${dir//\//_}.log" 2>&1 &
|
||||
else
|
||||
# For subdirectories, exclude vendor and .git
|
||||
gosec -fmt=text -quiet -exclude-dir=vendor -exclude-dir=.git "$dir" >"gosec_${dir//\//_}.log" 2>&1 &
|
||||
fi
|
||||
pids+=($!)
|
||||
done
|
||||
|
||||
# Wait for all gosec processes to complete and check their exit codes
|
||||
for i in "${!pids[@]}"; do
|
||||
local pid="${pids[$i]}"
|
||||
local dir="${go_dirs[$i]}"
|
||||
if ! wait "$pid"; then
|
||||
echo "gosec failed for directory: $dir"
|
||||
cat "gosec_${dir//\//_}.log"
|
||||
# Keep log for inspection/artifacts on failure
|
||||
exit_code=1
|
||||
else
|
||||
# Clean up log file if successful
|
||||
rm -f "gosec_${dir//\//_}.log"
|
||||
fi
|
||||
done
|
||||
|
||||
return $exit_code
|
||||
}
|
||||
|
||||
# If this file is sourced, export the functions
|
||||
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
|
||||
export -f run_gosec_parallel
|
||||
fi
|
||||
Reference in New Issue
Block a user