Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing various security issues and updating null_types to handle over… #407

Merged
merged 2 commits into from
Oct 16, 2024
Merged

Fixing various security issues and updating null_types to handle over… #407

merged 2 commits into from
Oct 16, 2024

Conversation

safaci2000
Copy link
Contributor

@safaci2000 safaci2000 commented Oct 8, 2024
edited
Loading

Adding gosec and lint scanning to project

@safaci2000 safaci2000 force-pushed the feature/scanners branch 3 times, most recently from 087b6c6 to 396f988 Compare October 8, 2024 14:27
@safaci2000 safaci2000 marked this pull request as draft October 8, 2024 15:16
@safaci2000
Copy link
Contributor Author

@go-jet do you have any insights on this? I'm not very familiar with circleCI, but it seems like all the tests are passing, the tests tab is all clear, the report has no failures I can find. Though it seems something is still breaking.

go-jet
go-jet reviewed Oct 10, 2024
View reviewed changes
qrm/internal/null_types.go Outdated Show resolved Hide resolved
go-jet
go-jet reviewed Oct 10, 2024
View reviewed changes
qrm/internal/null_types.go Outdated Show resolved Hide resolved
go-jet
go-jet reviewed Oct 10, 2024
View reviewed changes
go.mod Show resolved Hide resolved
go-jet
go-jet reviewed Oct 10, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@go-jet
Copy link
Owner

go-jet commented Oct 10, 2024

@go-jet do you have any insights on this? I'm not very familiar with circleCI, but it seems like all the tests are passing, the tests tab is all clear, the report has no failures I can find. Though it seems something is still breaking.

Hmm, it is weird. Indeed, all tests pass. A wield guess would be that after all the tests have finished, TestMain' panics at some point. But only profile delay.Start().Stop()` is executed afterwards.

Maybe add some log lines and panic catcher in TestMain.
If that fails, then I guess start removing the changes one by one until we find out exactly which change is breaking the tests.

@safaci2000 safaci2000 force-pushed the feature/scanners branch 4 times, most recently from 15d8323 to eb92fb7 Compare October 10, 2024 20:09
@safaci2000 safaci2000 marked this pull request as ready for review October 10, 2024 20:10
@safaci2000
Copy link
Contributor Author

@go-jet do you have any insights on this? I'm not very familiar with circleCI, but it seems like all the tests are passing, the tests tab is all clear, the report has no failures I can find. Though it seems something is still breaking.

Hmm, it is weird. Indeed, all tests pass. A wield guess would be that after all the tests have finished, TestMain' panics at some point. But only profile delay.Start().Stop()` is executed afterwards.

Maybe add some log lines and panic catcher in TestMain. If that fails, then I guess start removing the changes one by one until we find out exactly which change is breaking the tests.

The issue is with go-junit-report. I replaced with a very similar tool that I think is a bit easier to use. It also, actually gives you a break down as the tests are running without having to navigate to the tests tab.

Let me know if you have any objections to using this instead, otherwise I'll try to figure out how to make it go-junit-report work.

Also, how would you feel about moving the circle CI tests into a github action ?

go-jet
go-jet reviewed Oct 11, 2024
View reviewed changes
tests/mysql/main_test.go
@@ -33,7 +30,6 @@ func sourceIsMariaDB() bool {
}

func TestMain(m *testing.M) {
rand.Seed(time.Now().Unix())
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's deprecated and no longer needed, from go docs.

// Deprecated: As of Go 1.20 there is no reason to call Seed with
// a random value. Programs that call Seed with a known value to get
// a specific sequence of results should use New(NewSource(seed)) to
// obtain a local random generator.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aha, I see.

@go-jet
Copy link
Owner

go-jet commented Oct 11, 2024
edited
Loading

@go-jet do you have any insights on this? I'm not very familiar with circleCI, but it seems like all the tests are passing, the tests tab is all clear, the report has no failures I can find. Though it seems something is still breaking.

Hmm, it is weird. Indeed, all tests pass. A wield guess would be that after all the tests have finished, TestMain' panics at some point. But only profile delay.Start().Stop()is executed afterwards. Maybe add some log lines and panic catcher inTestMain`. If that fails, then I guess start removing the changes one by one until we find out exactly which change is breaking the tests.

The issue is with go-junit-report. I replaced with a very similar tool that I think is a bit easier to use. It also, actually gives you a break down as the tests are running without having to navigate to the tests tab.

Let me know if you have any objections to using this instead, otherwise I'll try to figure out how to make it go-junit-report work.

Also, how would you feel about moving the circle CI tests into a github action ?

What was the issue with go-junit-report?

I'm fine with gotestsum, but I don't see codecoverage on codecov now.

I'm fine with github actions as well, if they provide the same as circle.ci.

@safaci2000
Copy link
Contributor Author

I'm fine with gotestsum, but I don't see codecoverage on codecov now.

I'm fine with github actions as well, if they provide the same as circle.ci.

Okay, let me see if I can get the junit report to work, or fix gotestsum. They should be compatible... let me see what I can do with that.

Not 100% sure of the issue, but it required an update to V2 and it still didn't work for me. I can't replicate it locally so need to use the CICD to test the behavior.

@safaci2000
Copy link
Contributor Author

I'm fine with github actions as well, if they provide the same as circle.ci.

Okay, I'll do another MR without any other changes being added for that later on if I can manage something that's comparable.

@safaci2000 safaci2000 force-pushed the feature/scanners branch 3 times, most recently from f7fe40d to d3c2123 Compare October 11, 2024 12:10
@safaci2000
Copy link
Contributor Author

safaci2000 commented Oct 11, 2024
edited
Loading

Okay, done. Fixed the code coverage issue. I created a token for my own project and verified the upload. https://app.codecov.io/gh/safaci2000/jet/tree/feature%2Fscanners

@go-jet
Copy link
Owner

go-jet commented Oct 11, 2024

Okay, done. Fixed the code coverage issue. I created a token for my own project and verified the upload. https://app.codecov.io/gh/safaci2000/jet/tree/feature%2Fscanners

Something ain't right. Code coverage should be above 90%. Also the last two steps store_artifacts and store_test_results did not upload anything.

@safaci2000
Copy link
Contributor Author

Okay, done. Fixed the code coverage issue. I created a token for my own project and verified the upload. https://app.codecov.io/gh/safaci2000/jet/tree/feature%2Fscanners

Something ain't right. Code coverage should be above 90%. Also the last two steps store_artifacts and store_test_results did not upload anything.

Noted, I'll look at it when i have a chance.

@safaci2000 safaci2000 force-pushed the feature/scanners branch 5 times, most recently from 08ff59a to 7516e8b Compare October 14, 2024 15:01
@safaci2000
Adding gosec and lint, fixing null_type overflow
f7082ed 
ChangeLog:
  - Adding gosec linting
  - Adding static type to enum
  - fixing nulltype overflow
  - Trying out gotestsum as an alternative to go-junit-report.xml
@safaci2000
Copy link
Contributor Author

I had to bump the go version used for testing a bit further than go.mod due to a change in behavior. golang/go#65653.

Code coverage should be resolved

@go-jet
Copy link
Owner

go-jet commented Oct 15, 2024

I had to bump the go version used for testing a bit further than go.mod due to a change in behavior. golang/go#65653.

Interesting, now it makes sense.

go-jet
go-jet reviewed Oct 15, 2024
View reviewed changes
.circleci/config.yml Outdated Show resolved Hide resolved
go-jet
go-jet reviewed Oct 15, 2024
View reviewed changes
.circleci/config.yml Outdated Show resolved Hide resolved
go-jet
go-jet reviewed Oct 15, 2024
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@go-jet
Copy link
Owner

go-jet commented Oct 16, 2024

Thanks. Looks good. 👍

@go-jet go-jet merged commit 58a386a into go-jet:master Oct 16, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@go-jet go-jet go-jet left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@safaci2000 @go-jet