diff --git a/.mega-linter.yml b/.mega-linter.yml index 2447b22..569b30b 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -15,6 +15,5 @@ PRINT_ALPACA: false # Print Alpaca logo in console SARIF_REPORTER: true # Generate SARIF report SHOW_SKIPPED_LINTERS: false # Show skipped linters in MegaLinter log -DISABLE_LINTERS: - - REPOSITORY_DEVSKIM - - REPOSITORY_TRIVY + DISABLE_LINTERS: + - REPOSITORY_DEVSKIM diff --git a/go.mod b/go.mod index fc2f59b..71ae97a 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,15 @@ module github.com/ivuorinen/go-test-sarif-action go 1.24.1 + +require github.com/owenrumney/go-sarif/v2 v2.3.3 + +require gopkg.in/yaml.v3 v3.0.1 // indirect + +replace golang.org/x/crypto => golang.org/x/crypto v0.40.0 + +replace golang.org/x/net => golang.org/x/net v0.42.0 + +replace golang.org/x/text => golang.org/x/text v0.27.0 + +replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..e53aac2 --- /dev/null +++ b/go.sum @@ -0,0 +1,53 @@ +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/owenrumney/go-sarif/v2 v2.3.3 h1:ubWDJcF5i3L/EIOER+ZyQ03IfplbSU1BLOE26uKQIIU= +github.com/owenrumney/go-sarif/v2 v2.3.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= +golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0= +golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= +golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/converter.go b/internal/converter.go index f9db834..f6731e9 100644 --- a/internal/converter.go +++ b/internal/converter.go @@ -1,76 +1,61 @@ -// Package internal contains internal helper functions for the Go Test SARIF converter. +// Package internal provides the SARIF conversion utilities. package internal import ( + "bufio" "encoding/json" "fmt" "os" + + "github.com/owenrumney/go-sarif/v2/sarif" ) -// TestResult represents a single test result from 'go test -json' output. -type TestResult struct { +// TestEvent represents a single line of `go test -json` output. +type TestEvent struct { Action string `json:"Action"` Package string `json:"Package"` - Output string `json:"Output"` + Test string `json:"Test,omitempty"` + Output string `json:"Output,omitempty"` } -// ConvertToSARIF converts Go test JSON results to SARIF format. +// ConvertToSARIF converts Go test JSON events to the SARIF format. func ConvertToSARIF(inputFile, outputFile string) error { - // Read the input file - data, err := os.ReadFile(inputFile) + f, err := os.Open(inputFile) if err != nil { return fmt.Errorf("failed to read input file: %w", err) } + defer f.Close() - // Parse the JSON data - var testResults []TestResult - if err := json.Unmarshal(data, &testResults); err != nil { - return fmt.Errorf("invalid JSON format: %w", err) - } - - // Convert test results to SARIF format - sarifData := map[string]any{ - "version": "2.1.0", - "runs": []map[string]any{ - { - "tool": map[string]any{ - "driver": map[string]any{ - "name": "go-test-sarif", - "version": "1.0.0", - }, - }, - "results": convertResults(testResults), - }, - }, - } - - // Marshal SARIF data to JSON - sarifJSON, err := json.MarshalIndent(sarifData, "", " ") + report, err := sarif.New(sarif.Version210) if err != nil { - return fmt.Errorf("failed to marshal SARIF data: %w", err) + return fmt.Errorf("failed to create SARIF report: %w", err) } - // Write the SARIF JSON to the output file - if err := os.WriteFile(outputFile, sarifJSON, 0644); err != nil { + run := sarif.NewRunWithInformationURI("go-test-sarif", "https://golang.org/cmd/go/#hdr-Test_packages") + rule := run.AddRule("go-test-failure").WithDescription("go test failure") + + scanner := bufio.NewScanner(f) + for scanner.Scan() { + var event TestEvent + if err := json.Unmarshal(scanner.Bytes(), &event); err != nil { + return fmt.Errorf("invalid JSON format: %w", err) + } + if event.Action == "fail" && (event.Test != "" || event.Package != "") { + res := sarif.NewRuleResult(rule.ID). + WithLevel("error"). + WithMessage(sarif.NewTextMessage(event.Output)) + run.AddResult(res) + } + } + if err := scanner.Err(); err != nil { + return fmt.Errorf("failed to scan input file: %w", err) + } + + report.AddRun(run) + if err := report.WriteFile(outputFile); err != nil { return fmt.Errorf("failed to write SARIF output file: %w", err) } fmt.Printf("SARIF report generated: %s\n", outputFile) return nil } - -// convertResults transforms test results into SARIF result objects. -func convertResults(testResults []TestResult) []map[string]any { - var results []map[string]any - for _, tr := range testResults { - if tr.Action == "fail" { - results = append(results, map[string]any{ - "ruleId": "go-test-failure", - "message": map[string]string{"text": tr.Output}, - "level": "error", - "locations": []map[string]any{}, - }) - } - } - return results -} diff --git a/internal/converter_test.go b/internal/converter_test.go index c3153fd..9ad62c8 100644 --- a/internal/converter_test.go +++ b/internal/converter_test.go @@ -19,7 +19,7 @@ func TestConvertToSARIF_Success(t *testing.T) { } }(inputFile.Name()) - inputContent := `[{"Action":"fail","Package":"github.com/ivuorinen/go-test-sarif/internal","Output":"Test failed"}]` + inputContent := `{"Action":"fail","Package":"github.com/ivuorinen/go-test-sarif/internal","Test":"TestExample","Output":"Test failed"}` + "\n" if _, err := inputFile.WriteString(inputContent); err != nil { t.Fatalf("Failed to write to temp input file: %v", err) } @@ -70,7 +70,8 @@ func TestConvertToSARIF_InvalidInput(t *testing.T) { } }(inputFile.Name()) - inputContent := `{"Action":"fail","Package":"github.com/ivuorinen/go-test-sarif/internal","Output":Test failed}` // Missing quotes around 'Test failed' + inputContent := `{"Action":"fail","Package":"github.com/ivuorinen/go-test-sarif/internal","Test":"TestExample","Output":` + + `Test failed}` + "\n" // Missing quotes around 'Test failed' if _, err := inputFile.WriteString(inputContent); err != nil { t.Fatalf("Failed to write to temp input file: %v", err) } @@ -117,3 +118,35 @@ func TestConvertToSARIF_FileNotFound(t *testing.T) { t.Errorf("Expected an error for non-existent input file, but got none") } } + +// TestConvertToSARIF_PackageFailure ensures package-level failures are included in the SARIF output. +func TestConvertToSARIF_PackageFailure(t *testing.T) { + inputFile, err := os.CreateTemp("", "test_input_pkgfail_*.json") + if err != nil { + t.Fatalf("Failed to create temp input file: %v", err) + } + defer os.Remove(inputFile.Name()) + + inputContent := `{"Action":"fail","Package":"github.com/ivuorinen/go-test-sarif-action","Output":"FAIL"}` + "\n" + if _, err := inputFile.WriteString(inputContent); err != nil { + t.Fatalf("Failed to write to temp input file: %v", err) + } + + outputFile, err := os.CreateTemp("", "test_output_pkgfail_*.sarif") + if err != nil { + t.Fatalf("Failed to create temp output file: %v", err) + } + defer os.Remove(outputFile.Name()) + + if err := ConvertToSARIF(inputFile.Name(), outputFile.Name()); err != nil { + t.Errorf("ConvertToSARIF returned an error: %v", err) + } + + data, err := os.ReadFile(outputFile.Name()) + if err != nil { + t.Fatalf("Failed to read SARIF output file: %v", err) + } + if len(data) == 0 { + t.Errorf("SARIF output is empty") + } +}