ivuorinen/gibidify
1
0
Fork 0
mirror of https://github.com/ivuorinen/gibidify.git synced 2026-03-20 16:03:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ivuorinen:main
Branches Tags
ivuorinen:main ivuorinen:renovate/securego-gosec-2.x ivuorinen:fix/ci-security
ivuorinen:0.0.1
..
compare: ivuorinen:1244ff51ef8fda69e8bac429c73fc022221ca67c
Branches Tags
ivuorinen:renovate/securego-gosec-2.x ivuorinen:main ivuorinen:fix/ci-security
ivuorinen:0.0.1

4 Commits
main ... 1244ff51ef

Author SHA1 Message Date
Ismo Vuorinen
1244ff51ef docs: add design document for gitleaks integration 2026-02-01 11:20:05 +02:00
Ismo Vuorinen
04baca90d2 chore(deps): update dependencies and fix install-tools 
Update Go module dependencies to latest versions.
Fix checkmake install path and remove yamllint go install
(yamllint is a Python tool, not installable via go install).
 2026-02-01 11:19:52 +02:00
Ismo Vuorinen
1ae625a03d fix(security): replace custom secret detection with gitleaks 
The hand-rolled check_secrets regex patterns produced false positives
on configKey test values, causing make security-full to fail.

Replace with gitleaks via go run for proper secret detection with
built-in rules and allowlist support for generated report files.
 2026-02-01 11:19:40 +02:00
Ismo Vuorinen
a73897887e fix(tests): remove unused test constants and helpers 
Delete dead test code that caused 41 staticcheck U1000 violations:
- cli/test_constants.go (25 unused constants)
- cli/terminal_test_helpers.go (unused type, method, 7 variables)
- fileproc/test_constants.go (5 unused constants)
- fileproc/processor_test.go (2 unused helper functions)
 2026-02-01 11:19:24 +02:00
13 changed files with 48 additions and 45 deletions
Expand all files Collapse all files

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
* ivuorinen

2
.github/actions/setup/action.yml vendored
View File

@@ -10,7 +10,7 @@ runs:
using: "composite"
steps:
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version-file: ".go-version"
cache: true

12
.github/workflows/build-test-publish.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
@@ -57,7 +57,7 @@ jobs:
- name: Upload test results
if: always()
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: test-results
path: test-results.json
@@ -96,7 +96,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
@@ -122,7 +122,7 @@ jobs:
done
- name: Upload artifact
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: gibidify-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/*
@@ -139,7 +139,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
@@ -147,7 +147,7 @@ jobs:
token: ${{ github.token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Log in to GitHub Container Registry
run: |

44
.github/workflows/codeql.yml vendored
View File

@@ -1,34 +1,40 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: "CodeQL"
name: CodeQL Analysis
on:
push:
branches: ["main"]
branches: [main, develop]
pull_request:
branches: ["main"]
schedule:
- cron: "30 1 * * 0"
merge_group:
branches: [main, develop]
permissions: {}
jobs:
analyze:
name: Analyze
name: Analyze Code
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
packages: read
security-events: write
strategy:
fail-fast: false
matrix:
language: ["actions", "go"]
contents: read
actions: read
steps:
- name: CodeQL Analysis
uses: ivuorinen/actions/codeql-analysis@1da3a0e79fcd7da6bed9ee1979f1449ba11f58f9 # v2026.03.14
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
with:
language: ${{ matrix.language }}
queries: security-and-quality
token: ${{ github.token }}
- name: Initialize CodeQL
uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7

4
.github/workflows/pr-lint.yml vendored
View File

@@ -22,11 +22,11 @@ jobs:
statuses: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
with:
token: ${{ github.token }}
- uses: ivuorinen/actions/pr-lint@1da3a0e79fcd7da6bed9ee1979f1449ba11f58f9 # v2026.03.14
- uses: ivuorinen/actions/pr-lint@7aa206a02a0f9bef6f173a881bcc3ac2aa802917 # v2025.12.10

8
.github/workflows/security.yml vendored
View File

@@ -24,7 +24,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Setup Go
uses: ./.github/actions/setup
@@ -33,12 +33,12 @@ jobs:
# Security Scanning with gosec
- name: Run gosec Security Scanner
uses: securego/gosec@bb17e422fc34bf4c0a2e5cab9d07dc45a68c040c # v2.24.7
uses: securego/gosec@6be2b51fd78feca86af91f5186b7964d76cb1256 # v2.22.10
with:
args: "-fmt sarif -out gosec-results.sarif ./..."
- name: Upload gosec results to GitHub Security tab
uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
if: always()
with:
sarif_file: gosec-results.sarif
@@ -87,7 +87,7 @@ jobs:
# Upload artifacts for review
- name: Upload security scan results
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: always()
with:
name: security-scan-results

2
.github/workflows/sync-labels.yml vendored
View File

@@ -22,4 +22,4 @@ jobs:
issues: write
runs-on: ubuntu-latest
steps:
- uses: ivuorinen/actions/sync-labels@1da3a0e79fcd7da6bed9ee1979f1449ba11f58f9 # v2026.03.14
- uses: ivuorinen/actions/sync-labels@7aa206a02a0f9bef6f173a881bcc3ac2aa802917 # v2025.12.10

2
.go-version
View File

@@ -1 +1 @@
1.26.1
1.25.5

2
.pre-commit-config.yaml
View File

@@ -3,7 +3,7 @@
# For more hooks, see https://pre-commit.com/hooks.html
repos:
- repo: https://github.com/editorconfig-checker/editorconfig-checker.python
rev: 3.6.1
rev: 3.6.0
hooks:
- id: editorconfig-checker
alias: ec

2
Dockerfile
View File

@@ -1,5 +1,5 @@
# Use a minimal base image
FROM alpine:3.23.3
FROM alpine:3.23.0
# Add user
RUN useradd -ms /bin/bash gibidify

4
fileproc/resource_monitor_concurrency.go
View File

@@ -51,7 +51,7 @@ func (rm *ResourceMonitor) CreateFileProcessingContext(parent context.Context) (
return parent, func() {}
}
return context.WithTimeout(parent, rm.fileProcessingTimeout) // #nosec G118 - cancel returned to caller
return context.WithTimeout(parent, rm.fileProcessingTimeout)
}
// CreateOverallProcessingContext creates a context with overall processing timeout.
@@ -64,5 +64,5 @@ func (rm *ResourceMonitor) CreateOverallProcessingContext(parent context.Context
return parent, func() {}
}
return context.WithTimeout(parent, rm.overallTimeout) // #nosec G118 - cancel returned to caller
return context.WithTimeout(parent, rm.overallTimeout)
}

6
go.mod
View File

@@ -1,8 +1,6 @@
module github.com/ivuorinen/gibidify
go 1.25.0
toolchain go1.26.1
go 1.25
require (
github.com/fatih/color v1.18.0
@@ -10,7 +8,7 @@ require (
github.com/schollz/progressbar/v3 v3.19.0
github.com/sirupsen/logrus v1.9.4
github.com/spf13/viper v1.21.0
golang.org/x/text v0.35.0
golang.org/x/text v0.33.0
gopkg.in/yaml.v3 v3.0.1
)

4
go.sum
View File

@@ -62,8 +62,8 @@ golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=