forked from gregjones/httpcache
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtaskfile.yaml
More file actions
123 lines (108 loc) · 3.51 KB
/
taskfile.yaml
File metadata and controls
123 lines (108 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
version: "3"
vars:
# All Go source files (excluding vendor)
GO_FILES:
sh: find . -type f -name '*.go' -not -path "./vendor/*"
# Package list for analysis scoped to project sources
GO_PKGS:
sh: go list ./...
tasks:
install-tools-mac:
desc: Install all required Go tools on macOS
cmds:
- brew install golangci-lint
- brew install aquasecurity/trivy/trivy
- brew install govulncheck
- go install github.com/google/go-licenses/v2@latest
fmt-check:
desc: Check Go code formatting without making changes
cmds:
- echo "Running gofmt..."
- gofmt -d -e -l -s .
fmt:
desc: Format Go code with simplification
cmds:
- echo "Running gofmt..."
- gofmt -s -l -w .
lint:
desc: Run golangci-lint across the codebase
cmds:
- echo "Running golangci-lint..."
- golangci-lint run
vet:
desc: Run static analysis with go vet
cmds:
- echo "Running go vet..."
- go vet ./...
govulncheck:
desc: Run Go vulnerability check with govulncheck
cmds:
- echo "Running govulncheck..."
- govulncheck ./...
test:
desc: Run tests with race detector and coverage (suppress linker warnings)
cmds:
- echo "Running tests with coverage (clean output)..."
- go test -coverprofile=coverage.out -covermode=atomic $(go list ./... | grep -v '/examples/') 2>&1
- go tool cover -html=coverage.out -o coverage.html
- echo "Coverage report generated at coverage.html"
test-integration:
desc: Run integration tests only
cmds:
- echo "Running integration tests..."
- go test -tags=integration -coverprofile=coverage.out -covermode=atomic $(go list ./... | grep -v '/examples/') 2>&1
- go tool cover -html=coverage.out -o coverage.html
- echo "Coverage report generated at coverage.html"
gosec:
desc: Run security checks with gosec
vars:
GOSEC_INSTALLED:
sh: command -v gosec || echo "not_found"
cmds:
- echo "Running gosec security scanner..."
- gosec -exclude-generated ./...
trivy:
desc: Run Trivy filesystem scanner (vuln, secret, misconfig)
vars:
cmds:
- echo "Running Trivy vulnerability scanner..."
- trivy fs --scanners vuln,secret,misconfig .
- trivy fs --format json --output trivy-results.json .
licenses:
desc: Check for forbidden licenses (GPL-like) and export CSV report
cmds:
- echo "Checking for forbidden licenses (GPL, LGPL, AGPL)..."
- |
go-licenses check ./... \
--disallowed_types=GPL-2.0,GPL-3.0,LGPL-2.0,LGPL-2.1,LGPL-3.0,AGPL-1.0,AGPL-3.0 \
|| echo "⚠️ WARNING: Found forbidden licenses!"
- echo "Generating CSV license report..."
- go-licenses csv ./... > licenses.csv
- echo "✅ License report saved to licenses.csv"
- echo "Review licenses.csv to verify all dependencies"
check:
desc: Run all checks (fmt, lint, vet, test, gosec, trivy)
cmds:
- task: fmt
- task: lint
- task: govulncheck
- task: trivy
- task: licenses
- task: test
- task: test-integration
install-deps:
desc: Install and tidy Go module dependencies
cmds:
- go mod download
- go mod tidy
clean:
desc: Clean build and analysis artifacts
cmds:
- go clean -cache -testcache -modcache
- rm -rf bin/
- rm -rf dist/
- rm -f coverage.out
- rm -f coverage.html
- rm -f security-report.json
- rm -f trivy-results.json
- rm -f licenses.csv