From 4477152319883cdebd5fbd8887ca092d9eaeea57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Mur=C3=A9?= Date: Sat, 4 Mar 2023 14:11:58 +0100 Subject: [PATCH 1/2] tools: fix how security tools are setup and launched fix https://github.com/MichaelMure/git-bug/issues/1018 --- Makefile | 9 ++------- go.mod | 4 +++- go.sum | 6 ++---- tools.go | 1 - 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 46c307f4..cfc59984 100644 --- a/Makefile +++ b/Makefile @@ -39,16 +39,11 @@ secure: secure-practices secure-vulnerabilities .PHONY: secure-practices secure-practices: -# TODO: change pinned version of GoKart to "latest" once PR #84 is merged -# https://github.com/praetorian-inc/gokart/pull/84 -# go install github.com/praetorian-inc/gokart@latest - go install github.com/selesy/gokart-pre - gokart scan + go run github.com/praetorian-inc/gokart scan .PHONY: secure-vulnerabilities secure-vulnerabilities: - go install golang.org/x/vuln/cmd/govulncheck - govulncheck ./... + go run golang.org/x/vuln/cmd/govulncheck ./... .PHONY: test test: diff --git a/go.mod b/go.mod index b73e80d2..e8a3559e 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,6 @@ require ( github.com/mattn/go-isatty v0.0.17 github.com/phayes/freeport v0.0.0-20171002181615-b8543db493a5 github.com/pkg/errors v0.9.1 - github.com/selesy/gokart-pre v0.5.2-rc1 github.com/shurcooL/githubv4 v0.0.0-20190601194912-068505affed7 github.com/skratchdot/open-golang v0.0.0-20190402232053-79abb63cd66e github.com/spf13/cobra v1.6.1 @@ -39,6 +38,9 @@ require ( // https://github.com/go-git/go-git/pull/659 replace github.com/go-git/go-git/v5 => github.com/MichaelMure/go-git/v5 v5.1.1-0.20230114115943-17400561a81c +// https://github.com/praetorian-inc/gokart/pull/84 +replace github.com/praetorian-inc/gokart v0.5.1 => github.com/selesy/gokart v0.5.2-rc1 + require ( github.com/VividCortex/ewma v1.2.0 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect diff --git a/go.sum b/go.sum index 86849bf2..741d0563 100644 --- a/go.sum +++ b/go.sum @@ -244,8 +244,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/praetorian-inc/gokart v0.5.1 h1:GYUM69qskrRibZUAEwKEm/pd/j/SFzlFnQnhx6/NVh0= -github.com/praetorian-inc/gokart v0.5.1/go.mod h1:GuA97YgdXwqOVsnHY6PCvV1t9t0Jsk3Zcd6sbTXj4uI= github.com/rcrowley/go-metrics v0.0.0-20190826022208-cac0b30c2563/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -256,8 +254,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= -github.com/selesy/gokart-pre v0.5.2-rc1 h1:TGgWu0hhD7kW1nKqx7qfOsBPm1jp1OlVtTMRPKetW5U= -github.com/selesy/gokart-pre v0.5.2-rc1/go.mod h1:a2Ej7TE206x7KjQr2kud7nckfVFQaIv7ljzT1KxFdVg= +github.com/selesy/gokart v0.5.2-rc1 h1:YVuiDAhSu3D+llE0MRVrm1UbZfRqIBujgdukKuLt2Us= +github.com/selesy/gokart v0.5.2-rc1/go.mod h1:ct26Da/yw3veTtt3m6nXT9EVZl5WBX59OcxuIigQej8= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= diff --git a/tools.go b/tools.go index 69230ed6..a52fba0c 100644 --- a/tools.go +++ b/tools.go @@ -6,6 +6,5 @@ import ( _ "github.com/99designs/gqlgen" _ "github.com/cheekybits/genny" _ "github.com/praetorian-inc/gokart" - _ "github.com/selesy/gokart-pre" _ "golang.org/x/vuln/cmd/govulncheck" ) From a9697c7a4761693b05da21cdad364304cb020e0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Mur=C3=A9?= Date: Sat, 4 Mar 2023 14:36:55 +0100 Subject: [PATCH 2/2] CI: ignore spelling mistake in repo to be imported from github --- .github/workflows/codespell.yml | 3 +++ bridge/github/import_test.go | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 5768d7c6..2abb1a14 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -17,3 +17,6 @@ jobs: uses: actions/checkout@v3 - name: Codespell uses: codespell-project/actions-codespell@v1 + with: + # github import test: the repo to be imported has that typo, and it's not easy to change + ignore_words_list: transfered diff --git a/bridge/github/import_test.go b/bridge/github/import_test.go index 52a3f852..b0ff2f99 100644 --- a/bridge/github/import_test.go +++ b/bridge/github/import_test.go @@ -127,7 +127,7 @@ func TestGithubImporter(t *testing.T) { url: "https://github.com/MichaelMure/git-bug-test-github-bridge/issues/8", bug: &bug.Snapshot{ Operations: []dag.Operation{ - bug.NewCreateOp(author, 0, "transferred issue", "", nil), + bug.NewCreateOp(author, 0, "transfered issue", "", nil), }, }, },