From 887b238f4baf7f47fabaedfeb5b4988e4b924dd1 Mon Sep 17 00:00:00 2001 From: George Bartolomey Date: Fri, 12 Jul 2024 16:58:19 +0300 Subject: [PATCH 1/2] [#4] Synchronize with frostfs-node repository - gitlint removed - golangci-lint modified - gofumpt added - go-staticcheck-repo-mod and go-mod-tidy added - mk scripts added with linters scenarios Signed-off-by: George Bartolomey --- .gitlint | 11 ----------- .golangci.yml | 27 ++++++++++++++++++++++----- .pre-commit-config.yaml | 39 +++++++++++++++++++++++++-------------- mk/fumpt.mk | 19 +++++++++++++++++++ mk/gopls.mk | 24 ++++++++++++++++++++++++ mk/linters.mk | 25 +++++++++++++++++++++++++ mk/staticcheck.mk | 18 ++++++++++++++++++ 7 files changed, 133 insertions(+), 30 deletions(-) delete mode 100644 .gitlint create mode 100644 mk/fumpt.mk create mode 100644 mk/gopls.mk create mode 100644 mk/linters.mk create mode 100644 mk/staticcheck.mk diff --git a/.gitlint b/.gitlint deleted file mode 100644 index e7218ac..0000000 --- a/.gitlint +++ /dev/null @@ -1,11 +0,0 @@ -[general] -fail-without-commits=True -regex-style-search=True -contrib=CC1 - -[title-match-regex] -regex=^\[\#[0-9Xx]+\]\s - -[ignore-by-title] -regex=^Release(.*) -ignore=title-match-regex diff --git a/.golangci.yml b/.golangci.yml index dba7f0c..405bddc 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,7 +4,7 @@ # options for analysis running run: # timeout for analysis, e.g. 30s, 5m, default is 1m - timeout: 10m + timeout: 20m # include test files or not, default is true tests: false @@ -31,18 +31,33 @@ linters-settings: statements: 60 # default 40 gocognit: min-complexity: 40 # default 30 + importas: + no-unaliased: true + no-extra-aliases: false + alias: + pkg: git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object + alias: objectSDK + custom: + truecloudlab-linters: + path: bin/linters/external_linters.so + original-url: git.frostfs.info/TrueCloudLab/linters.git linters: enable: # mandatory linters - govet - revive + + # some default golangci-lint linters - errcheck - gosimple + - godot - ineffassign - staticcheck - typecheck - unused + + # extra linters - bidichk - durationcheck - exhaustive @@ -50,15 +65,17 @@ linters: - gofmt - goimports - misspell - - whitespace - - # extra linters - - godot - predeclared - reassign + - whitespace - containedctx - funlen - gocognit - contextcheck + - importas + - truecloudlab-linters + - perfsprint + - testifylint + - protogetter disable-all: true fast: false diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 169b7bf..d2d90fa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,15 +2,8 @@ ci: autofix_prs: false repos: - - repo: https://github.com/jorisroovers/gitlint - rev: v0.19.1 - hooks: - - id: gitlint - stages: [commit-msg] - - id: gitlint-ci - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-added-large-files - id: check-case-conflict @@ -23,23 +16,41 @@ repos: - id: trailing-whitespace args: [--markdown-linebreak-ext=md] - id: end-of-file-fixer - exclude: ".key$" + exclude: "(.key|.svg)$" - repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.9.0.2 + rev: v0.9.0.6 hooks: - id: shellcheck - - repo: https://github.com/golangci/golangci-lint - rev: v1.51.2 + - repo: local hooks: - - id: golangci-lint + - id: make-lint + name: Run Make Lint + entry: make lint + language: system + pass_filenames: false - repo: local hooks: - id: go-unit-tests name: go unit tests - entry: make test + entry: make test GOFLAGS='' pass_filenames: false types: [go] language: system + + - repo: local + hooks: + - id: gofumpt + name: gofumpt + entry: make fumpt + pass_filenames: false + types: [go] + language: system + + - repo: https://github.com/TekWizely/pre-commit-golang + rev: v1.0.0-rc.1 + hooks: + - id: go-staticcheck-repo-mod + - id: go-mod-tidy diff --git a/mk/fumpt.mk b/mk/fumpt.mk new file mode 100644 index 0000000..fb2ee65 --- /dev/null +++ b/mk/fumpt.mk @@ -0,0 +1,19 @@ +BIN ?= bin +GOFUMPT_VERSION ?= v0.7.0 +GOFUMPT_DIR ?= $(abspath $(BIN))/gofumpt +GOFUMPT_VERSION_DIR ?= $(GOFUMPT_DIR)/$(GOFUMPT_VERSION) + +.PHONY: fumpt fumpt-install + +# Install gofumpt +fumpt-install: + @rm -rf $(GOFUMPT_DIR) + @mkdir $(GOFUMPT_DIR) + @GOBIN=$(GOFUMPT_VERSION_DIR) go install mvdan.cc/gofumpt@$(GOFUMPT_VERSION) + +$(GOFUMPT_VERSION_DIR): fumpt-install + +# Run gofumpt +fumpt: $(GOFUMPT_VERSION_DIR) + @echo "⇒ Processing gofumpt check" + $(GOFUMPT_VERSION_DIR)/gofumpt -l -w cmd/ pkg/ misc/ diff --git a/mk/gopls.mk b/mk/gopls.mk new file mode 100644 index 0000000..3052a3e --- /dev/null +++ b/mk/gopls.mk @@ -0,0 +1,24 @@ +BIN ?= bin +GOPLS_VERSION ?= v0.15.1 +GOPLS_DIR ?= $(abspath $(BIN))/gopls +GOPLS_VERSION_DIR ?= $(GOPLS_DIR)/$(GOPLS_VERSION) +GOPLS_TEMP_FILE := $(shell mktemp) + +.PHONY: gopls-install gopls-run + +# Install gopls +gopls-install: + @rm -rf $(GOPLS_DIR) + @mkdir $(GOPLS_DIR) + @GOBIN=$(GOPLS_VERSION_DIR) go install golang.org/x/tools/gopls@$(GOPLS_VERSION) + +$(GOPLS_VERSION_DIR): gopls-install + +# Run gopls +gopls-run: $(GOPLS_VERSION_DIR) + $(GOPLS_VERSION_DIR)/gopls check $(SOURCES) 2>&1 >$(GOPLS_TEMP_FILE) + @if [[ $$(wc -l < $(GOPLS_TEMP_FILE)) -ne 0 ]]; then \ + cat $(GOPLS_TEMP_FILE); \ + exit 1; \ + fi + rm $(GOPLS_TEMP_FILE) diff --git a/mk/linters.mk b/mk/linters.mk new file mode 100644 index 0000000..1e9b082 --- /dev/null +++ b/mk/linters.mk @@ -0,0 +1,25 @@ +GO_VERSION ?= 1.22 +LINT_VERSION ?= 1.56.1 +TRUECLOUDLAB_LINT_VERSION ?= 0.0.5 +BIN ?= bin +OUTPUT_LINT_DIR ?= $(abspath $(BIN))/linters +LINT_DIR ?= $(OUTPUT_LINT_DIR)/golangci-lint-$(LINT_VERSION)-v$(TRUECLOUDLAB_LINT_VERSION) +TMP_DIR := .cache + +.PHONY: lint fumpt + +# Install linters +$(LINT_DIR): + @rm -rf $(OUTPUT_LINT_DIR) + @mkdir $(OUTPUT_LINT_DIR) + @mkdir -p $(TMP_DIR) + @rm -rf $(TMP_DIR)/linters + @git -c advice.detachedHead=false clone --branch v$(TRUECLOUDLAB_LINT_VERSION) https://git.frostfs.info/TrueCloudLab/linters.git $(TMP_DIR)/linters + @@make -C $(TMP_DIR)/linters lib CGO_ENABLED=1 OUT_DIR=$(OUTPUT_LINT_DIR) + @rm -rf $(TMP_DIR)/linters + @rmdir $(TMP_DIR) 2>/dev/null || true + @CGO_ENABLED=1 GOBIN=$(LINT_DIR) go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$(LINT_VERSION) + +# Run linters +lint: $(LINT_DIR) + $(LINT_DIR)/golangci-lint run diff --git a/mk/staticcheck.mk b/mk/staticcheck.mk new file mode 100644 index 0000000..d9a8229 --- /dev/null +++ b/mk/staticcheck.mk @@ -0,0 +1,18 @@ +BIN ?= bin +STATICCHECK_VERSION ?= 2024.1.1 +STATICCHECK_DIR ?= $(abspath $(BIN))/staticcheck +STATICCHECK_VERSION_DIR ?= $(STATICCHECK_DIR)/$(STATICCHECK_VERSION) + +.PHONY: staticcheck-install staticcheck-run + +# Install staticcheck +staticcheck-install: + @rm -rf $(STATICCHECK_DIR) + @mkdir $(STATICCHECK_DIR) + @GOBIN=$(STATICCHECK_VERSION_DIR) go install honnef.co/go/tools/cmd/staticcheck@$(STATICCHECK_VERSION) + +$(STATICCHECK_VERSION_DIR): staticcheck-install + +# Run staticcheck +staticcheck-run: $(STATICCHECK_VERSION_DIR) + @$(STATICCHECK_VERSION_DIR)/staticcheck ./... -- 2.45.3 From d6acb1d1c0c970f6015704df9f70caba1b869cef Mon Sep 17 00:00:00 2001 From: George Bartolomey Date: Sat, 14 Sep 2024 20:57:55 +0300 Subject: [PATCH 2/2] [#3] Add SECURITY.md and CONTRIBUTING.md templates Signed-off-by: George Bartolomey --- CONTRIBUTING.md | 147 ++++++++++++++++++++++++++++++++++++++++++++++++ SECURITY.md | 28 +++++++++ 2 files changed, 175 insertions(+) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..7149e76 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,147 @@ +# Contribution guide + +First, thank you for contributing! We love and encourage pull requests from +everyone. Please follow the guidelines: + +- Check the open [issues](https://git.frostfs.info/TrueCloudLab/basic/issues) and + [pull requests](https://git.frostfs.info/TrueCloudLab/basic/pulls) for existing + discussions. + +- Open an issue first, to discuss a new feature or enhancement. + +- Write tests, and make sure the test suite passes locally and on CI. + +- Open a pull request, and reference the relevant issue(s). + +- Make sure your commits are logically separated and have good comments + explaining the details of your change. + +- After receiving feedback, amend your commits or add new ones as + appropriate. + +- **Have fun!** + +## Development Workflow + +Start by forking the `basic` repository, make changes in a branch and then +send a pull request. We encourage pull requests to discuss code changes. Here +are the steps in details: + +### Set up your Forgejo repository +Fork [FrostFS basic upstream](https://git.frostfs.info/TrueCloudLab/basic) source +repository to your own personal repository. Copy the URL of your fork (you will +need it for the `git clone` command below). + +```sh +$ git clone https://git.frostfs.info/TrueCloudLab/basic +``` + +### Set up git remote as ``upstream`` +```sh +$ cd basic +$ git remote add upstream https://git.frostfs.info/TrueCloudLab/basic +$ git fetch upstream +$ git merge upstream/master +... +``` + +### Create your feature branch +Before making code changes, make sure you create a separate branch for these +changes. Maybe you will find it convenient to name branch in +`/-` format. + +``` +$ git checkout -b feature/123-something_awesome +``` + +### Commit changes +After verification, commit your changes. This is a [great +post](https://chris.beams.io/posts/git-commit/) on how to write useful commit +messages. Try following this template: + +``` +[#Issue] Summary + +Description + + + + +``` + +``` +$ git commit -sam '[#123] Add some feature' +``` + +### Push to the branch +Push your locally committed changes to the remote origin (your fork) +``` +$ git push origin feature/123-something_awesome +``` + +### Create a Pull Request +Pull requests can be created via Forgejo. Refer to [this +document](https://docs.codeberg.org/collaborating/pull-requests-and-git-flow/) for +detailed steps on how to create a pull request. After a Pull Request gets peer +reviewed and approved, it will be merged. + +## DCO Sign off + +All authors to the project retain copyright to their work. However, to ensure +that they are only submitting work that they have rights to, we are requiring +everyone to acknowledge this by signing their work. + +Any copyright notices in this repository should specify the authors as "the +contributors". + +To sign your work, just add a line like this at the end of your commit message: + +``` +Signed-off-by: Samii Sakisaka + +``` + +This can easily be done with the `--signoff` option to `git commit`. + +By doing this you state that you can certify the following (from [The Developer +Certificate of Origin](https://developercertificate.org/)): + +``` +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +1 Letterman Drive +Suite D4700 +San Francisco, CA, 94129 + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f9be7b4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy + + +## How To Report a Vulnerability + +If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure. + +**Please do not report security vulnerabilities through public issues, discussions, or change requests.** + +Instead, you can report it using one of the following ways: + +* Contact the [TrueCloudLab Security Team](mailto:security@frostfs.info) via email + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +* The type of issue (e.g., buffer overflow, or cross-site scripting) +* Affected version(s) +* Impact of the issue, including how an attacker might exploit the issue +* Step-by-step instructions to reproduce the issue +* The location of the affected source code (tag/branch/commit or direct URL) +* Full paths of source file(s) related to the manifestation of the issue +* Any special configuration required to reproduce the issue +* Any log files that are related to this issue (if possible) +* Proof-of-concept or exploit code (if possible) + +This information will help us triage your report more quickly. + + -- 2.45.3