WKS-1193 - Use dynamic actions

.github/workflows/analysis.yml

@@ -19,23 +19,6 @@ jobs:
           go-version-file: go.mod
 
       - name: Static Code Analysis
-        uses: golangci/golangci-lint-action@v5
+        uses: golangci/golangci-lint-action@v6
         with:
-          version: latest
-
-
-  Go-Sec:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Source
-        uses: actions/checkout@v4
-
-      - name: Install Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: go.mod
-
-      - name: Run Gosec Security Scanner
-        uses: securego/[email protected]
-        with:
-          args: -exclude G204,G301,G302,G304,G306,G601,G101 -tests -exclude-dir \.*test\.* ./...
+          version: latest

.gitignore

@@ -1,4 +1,5 @@
 .idea
 .tools
 bin
-*-nogit*
+*-nogit*
+**/mocks/*

.golangci.yml

@@ -10,7 +10,7 @@ linters:
     disable-all: true
     enable:
         - errcheck
-        - exportloopref
+        - copyloopvar
         # - depguard
         #    - gci
         - gofumpt
@@ -19,7 +19,6 @@ linters:
         - govet
         - ineffassign
         - makezero
-        - megacheck
         - misspell
         - noctx
         - nolintlint
@@ -31,11 +30,19 @@ linters:
         - unconvert
         - unused
         - wastedassign
+        - gosec
 
 linters-settings:
     staticcheck:
         # https://staticcheck.io/docs/options#checks
         checks: [ "all","-SA1019","-SA1029" ]
+    gosec:
+        excludes: ["G204", "G301", "G302", "G304", "G306", "G601", "G101", "G407"]
+        exclude-generated: true
+        exclude-test-files: true
+        config:
+            global:
+                nosec: true
 
 issues:
     exclude-use-default: false

Makefile

@@ -34,7 +34,7 @@ GOIMPORTS:
 ########## ANALYSE ##########
 
 GOLANGCI_LINT         = ${TOOLS_DIR}/golangci-lint
-GOLANGCI_LINT_VERSION = 1.55.2
+GOLANGCI_LINT_VERSION = 1.62.2
 
 verify: GOLANGCI_LINT
 	echo $(GO_SOURCES)
@@ -59,7 +59,17 @@ build-install:: build
 
 ########## TEST ##########
 
-test-prereq: prereq
+.PHONY: clean-mock
+clean-mock:
+	@echo Cleaning generated mock files
+	find . -path "*/mocks/*.go" -delete
+
+.PHONY: generate-mock
+generate-mock: clean-mock
+	@echo Generating test mocks
+	go generate ./...
+
+test-prereq: prereq generate-mock
 	mkdir -p target/reports
 
 test: PACKAGES=./...

commands/add_secret_cmd.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/jfrog/jfrog-cli-platform-services/commands/common"
+
 	plugins_common "github.com/jfrog/jfrog-cli-core/v2/plugins/common"
 	"github.com/jfrog/jfrog-cli-core/v2/plugins/components"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/ioutils"
@@ -38,12 +40,12 @@ func GetAddSecretCommand() components.Command {
 }
 
 func (c *addSecretCommand) run() error {
-	manifest, err := model.ReadManifest()
+	manifest, err := common.ReadManifest()
 	if err != nil {
 		return err
 	}
 
-	if err = manifest.Validate(); err != nil {
+	if err = common.ValidateManifest(manifest, nil); err != nil {
 		return err
 	}
 
@@ -57,7 +59,7 @@ func (c *addSecretCommand) run() error {
 		return err
 	}
 
-	encryptionKey, err := model.ReadSecretPassword()
+	encryptionKey, err := common.ReadSecretPassword()
 	if err != nil {
 		return err
 	}
@@ -67,7 +69,7 @@ func (c *addSecretCommand) run() error {
 		return err
 	}
 
-	encryptedValue, err := model.EncryptSecret(encryptionKey, secretValue)
+	encryptedValue, err := common.EncryptSecret(encryptionKey, secretValue)
 	if err != nil {
 		return err
 	}
@@ -78,7 +80,7 @@ func (c *addSecretCommand) run() error {
 		existingEncryptedSecrets[k] = v
 	}
 
-	if err = manifest.DecryptSecrets(encryptionKey); err != nil {
+	if err = common.DecryptManifestSecrets(manifest, encryptionKey); err != nil {
 		log.Debug("Cannot decrypt existing secrets: %+v", err)
 		return fmt.Errorf("others secrets are encrypted with a different password, please use the same one")
 	} else {
@@ -91,7 +93,7 @@ func (c *addSecretCommand) run() error {
 		manifest.Secrets[secretName] = encryptedValue
 	}
 
-	err = manifest.Save()
+	err = common.SaveManifest(manifest)
 	if err != nil {
 		return err
 	}

commands/add_secret_cmd_test.go

@@ -1,10 +1,15 @@
+//go:build test
+// +build test
+
 package commands
 
 import (
 	"fmt"
 	"os"
 	"testing"
 
+	"github.com/jfrog/jfrog-cli-platform-services/commands/common"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -28,10 +33,10 @@ func TestAddSecretCmd(t *testing.T) {
 			name:           "add",
 			secretName:     "sec-1",
 			secretValue:    "val-1",
-			secretPassword: secretPassword,
+			secretPassword: common.SecretPassword,
 			patchManifest: func(mf *model.Manifest) {
 				mf.Secrets = model.Secrets{
-					"sec-2": mustEncryptSecret(t, "val-2"),
+					"sec-2": common.MustEncryptSecret(t, "val-2"),
 				}
 			},
 			assert: assertSecrets(model.Secrets{
@@ -43,7 +48,7 @@ func TestAddSecretCmd(t *testing.T) {
 			name:           "add with nil manifest",
 			secretName:     "sec-1",
 			secretValue:    "val-1",
-			secretPassword: secretPassword,
+			secretPassword: common.SecretPassword,
 			patchManifest: func(mf *model.Manifest) {
 				mf.Secrets = nil
 			},
@@ -55,21 +60,21 @@ func TestAddSecretCmd(t *testing.T) {
 			name:           "add with different password",
 			secretName:     "sec-1",
 			secretValue:    "val-1",
-			secretPassword: secretPassword,
+			secretPassword: common.SecretPassword,
 			patchManifest: func(mf *model.Manifest) {
-				mf.Secrets["sec-2"] = mustEncryptSecret(t, "val-2", "other-password")
+				mf.Secrets["sec-2"] = common.MustEncryptSecret(t, "val-2", "other-password")
 			},
 			wantErr: "others secrets are encrypted with a different password, please use the same one",
 		},
 		{
 			name:           "edit secret",
 			secretName:     "sec-1",
 			secretValue:    "val-1",
-			secretPassword: secretPassword,
+			secretPassword: common.SecretPassword,
 			commandArgs:    []string{fmt.Sprintf("--%s", model.FlagEdit)},
 			patchManifest: func(mf *model.Manifest) {
 				mf.Secrets = model.Secrets{
-					"sec-1": mustEncryptSecret(t, "val-1-before"),
+					"sec-1": common.MustEncryptSecret(t, "val-1-before"),
 				}
 			},
 			assert: assertSecrets(model.Secrets{"sec-1": "val-1"}),
@@ -78,10 +83,10 @@ func TestAddSecretCmd(t *testing.T) {
 			name:           "fails if the secret exists",
 			secretName:     "sec-1",
 			secretValue:    "val-1",
-			secretPassword: secretPassword,
+			secretPassword: common.SecretPassword,
 			patchManifest: func(mf *model.Manifest) {
 				mf.Secrets = model.Secrets{
-					"sec-1": mustEncryptSecret(t, "val-1-before"),
+					"sec-1": common.MustEncryptSecret(t, "val-1-before"),
 				}
 			},
 			wantErr: "sec-1 already exists, use --edit to overwrite",
@@ -94,15 +99,17 @@ func TestAddSecretCmd(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			workerDir, workerName := prepareWorkerDirForTest(t)
+			common.NewMockWorkerServer(t, common.NewServerStub(t).WithDefaultActionsMetadataEndpoint())
+
+			workerDir, workerName := common.PrepareWorkerDirForTest(t)
 
-			runCmd := createCliRunner(t, GetInitCommand(), GetAddSecretCommand())
+			runCmd := common.CreateCliRunner(t, GetInitCommand(), GetAddSecretCommand())
 
 			err := runCmd("worker", "init", "GENERIC_EVENT", workerName)
 			require.NoError(t, err)
 
 			if tt.patchManifest != nil {
-				patchManifest(t, tt.patchManifest)
+				common.PatchManifest(t, tt.patchManifest)
 			}
 
 			if tt.secretPassword != "" {
@@ -121,7 +128,7 @@ func TestAddSecretCmd(t *testing.T) {
 				})
 			}
 
-			manifestBefore, err := model.ReadManifest(workerDir)
+			manifestBefore, err := common.ReadManifest(workerDir)
 			require.NoError(t, err)
 
 			cmd := []string{"worker", "add-secret"}
@@ -135,7 +142,7 @@ func TestAddSecretCmd(t *testing.T) {
 
 			if tt.wantErr == "" {
 				require.NoError(t, err)
-				manifestAfter, err := model.ReadManifest(workerDir)
+				manifestAfter, err := common.ReadManifest(workerDir)
 				assert.NoError(t, err)
 				tt.assert(t, manifestBefore, manifestAfter)
 			} else {
@@ -148,7 +155,7 @@ func TestAddSecretCmd(t *testing.T) {
 func assertSecrets(wantSecrets model.Secrets) addSecretAssertFunc {
 	return func(t *testing.T, manifestBefore, manifestAfter *model.Manifest) {
 		require.Equalf(t, len(wantSecrets), len(manifestAfter.Secrets), "Invalid secrets length")
-		require.NoError(t, manifestAfter.DecryptSecrets())
+		require.NoError(t, common.DecryptManifestSecrets(manifestAfter))
 		assert.Equalf(t, wantSecrets, manifestAfter.Secrets, "Secrets mismatch")
 	}
 }