From bb65ad005f160c932a9d465fabd9c9c95d1c6295 Mon Sep 17 00:00:00 2001
From: Samir Faci <samir@es.net>
Date: Fri, 6 Oct 2023 11:26:51 -0400
Subject: [PATCH] Removing code from CICD

---
 .../{golangci-lint.yml => code_scanners.yml}  | 21 +++++++++++++++++--
 .github/workflows/go.yml                      | 18 ----------------
 .github/workflows/security.yml                | 20 ------------------
 Taskfile.yml                                  | 12 +++++++----
 internal/config/config_test.go                |  2 +-
 test/common_test.go                           |  2 +-
 6 files changed, 29 insertions(+), 46 deletions(-)
 rename .github/workflows/{golangci-lint.yml => code_scanners.yml} (65%)
 delete mode 100644 .github/workflows/security.yml

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/code_scanners.yml
similarity index 65%
rename from .github/workflows/golangci-lint.yml
rename to .github/workflows/code_scanners.yml
index 66a497be..510fe7a9 100644
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/code_scanners.yml
@@ -1,17 +1,34 @@
-name: golangci-lint
+name: Code Scanners
 on:
   push:
     branches:
       - master
   pull_request:
-
+    branches:
+      - master
 
 permissions:
   contents: read
   # Optional: allow read access to pull request. Use with `only-new-issues` option.
   # pull-requests: read
 
+
 jobs:
+  security_scan:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+          cache: false
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args:  -buildvcs=false --exclude=G402,G304  ./...
   golangci:
     name: lint
     runs-on: ubuntu-latest
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 658b8c57..d0a95231 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -16,22 +16,6 @@ jobs:
     env:
       GRAFANA_INTEGRATION: 1
 
-    services:
-      minio:
-        image: bitnami/minio:latest
-        ports:
-          - 9000:9000
-          - 9001:9001
-        options: >-
-          -e GF_AUTH_ANONYMOUS_ENABLED=true -e MINIO_ROOT_USER="test" -e MINIO_ROOT_PASSWORD="secretsss"
-      grafana:
-        # Docker Hub image
-        image: "grafana/grafana:${{ matrix.grafana }}"
-        ports:
-          - 3000:3000
-        options: >-
-          -e GF_AUTH_ANONYMOUS_ENABLED=true
-
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -51,8 +35,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-
 
-      - name: Wait for Minio to come up.
-        run: nc -z -v -w15 127.0.0.1 9000
       - name: Calc coverage
         if: "${{ matrix.go == '1.21.0' && matrix.grafana == '9.4.3' }}"
         run: |
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
deleted file mode 100644
index d39c46e6..00000000
--- a/.github/workflows/security.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Run Gosec
-on:
-  push:
-    branches:
-      - master
-  pull_request:
-    branches:
-      - master
-jobs:
-  tests:
-    runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@v2
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
-        with:
-          args: --exclude=G402,G304  ./...
diff --git a/Taskfile.yml b/Taskfile.yml
index 9bd644a9..523bc9e4 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -20,10 +20,15 @@ tasks:
     cmds:
       - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
       - go install github.com/client9/misspell/cmd/misspell@latest
+      - go install github.com/securego/gosec/v2/cmd/gosec@master
   format:
     desc: "Format code"
     cmds:
       - gofmt -w -s .
+  security:
+    desc: "Run security scan"
+    cmds:
+      - gosec  -buildvcs=false --exclude=G402,G304  ./...
   lint:
     desc: "Lint project, skipping test files."
     cmds:
@@ -62,10 +67,6 @@ tasks:
       - go install -ldflags "{{ .LD_FLAGS}}"
       - mv ${GOPATH}/bin/gdg ${GOPATH}/bin/{{ .BIN_NAME }}
     silent: false
-  test: 
-    desc:  "Dos tuff"
-    cmds:
-      - echo ${GOPATH}
   get-deps:
     desc:  "Tidy Deps"
     cmds:
@@ -106,3 +107,6 @@ tasks:
       desc: ""
       cmds:
         - go test -v ./... -cover
+      env:
+        GRAFANA_INTEGRATION: "1"
+
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index 43ba49a0..de6b7e5f 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -28,7 +28,7 @@ func DuplicateConfig(t *testing.T) string {
 	assert.Nil(t, err, "Failed to read test configuration file")
 	destination := os.TempDir()
 	cfgFile := fmt.Sprintf("%s/config.yml", destination)
-	err = os.WriteFile(cfgFile, data, 0644)
+	err = os.WriteFile(cfgFile, data, 0600)
 	assert.Nil(t, err, "Failed to save configuration file")
 
 	return cfgFile
diff --git a/test/common_test.go b/test/common_test.go
index c148e5b1..e26cc974 100644
--- a/test/common_test.go
+++ b/test/common_test.go
@@ -59,7 +59,7 @@ func setupGrafanaContainer(pool *dockertest.Pool, wg *sync.WaitGroup) {
 	// pulls an image, creates a container based on it and runs it
 	defer wg.Done()
 	resource, err := pool.Run("grafana/grafana", "10.0.0-ubuntu",
-		[]string{"GF_INSTALL_PLUGINS=grafana-googlesheets-datasource"})
+		[]string{"GF_INSTALL_PLUGINS=grafana-googlesheets-datasource", "GF_AUTH_ANONYMOUS_ENABLED=true"})
 	if err != nil {
 		log.Fatalf("Could not start resource: %s", err)
 	}