Skip to content

issues/365: Do not use IP address and TLS fingerprint to validate cookies by default. #2952

issues/365: Do not use IP address and TLS fingerprint to validate cookies by default.

issues/365: Do not use IP address and TLS fingerprint to validate cookies by default. #2952

Workflow file for this run

# DOCS:
# 1. https://help.github.com/en/articles/workflow-syntax-for-github-actions
# 2. https://github.com/mvdan/github-actions-golang/issues/22
# 3. https://github.com/stellar/go/blob/master/.github/actions/setup-go/action.yml
# 4. https://github.com/stellar/go/blob/master/.github/workflows/go.yml
# 5. https://github.com/mvdan/github-actions-golang#how-do-i-set-up-caching-between-builds
# 6. https://github.com/golang/go/issues/58571
name: ong ci
on:
pull_request:
push:
branches:
- main
jobs:
check_release_notes:
name: check_release_notes
timeout-minutes: 1
strategy:
matrix:
go-version: ['>=1.21.1']
platform: [ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
# checkout main branch and the current branch so that we are able to do diff operations.
- name: checkout main branch too.
uses: actions/checkout@v3
with:
ref: main
- name: Check out code into the Go module directory
uses: actions/checkout@v3
# https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions
- name: check if changes have release notes
if: ${{ github.ref != 'refs/heads/main' }}
env:
GIT_BRANCH: ${{ github.ref }}
GITHUB_HEAD_REF: ${{ github.head_ref }}
GITHUB_BASE_REF: ${{ github.base_ref }}
run: |
printf "GIT_BRANCH: $GIT_BRANCH \n"
printf "GITHUB_HEAD_REF: $GITHUB_HEAD_REF \n"
printf "GITHUB_BASE_REF: $GITHUB_BASE_REF \n"
printf "list git branches: \n"
git branch --list --all
if [[ "$GIT_BRANCH" == "refs/heads/main" ]]
then
printf "\n $GIT_BRANCH branch, ignoring check for relese notes \n"
elif [[ "$GIT_BRANCH" == *"refs/tags/"* ]]
then
printf "\n $GIT_BRANCH branch, ignoring check for relese notes \n"
else
ChangedFiles=`git diff --name-only remotes/origin/main`
echo $ChangedFiles
case "$ChangedFiles" in
*CHANGELOG.*)
printf "\n Thanks, your commits include update to release notes. \n";;
*)
printf "\n You should add release notes to CHANGELOG.md \n" && exit 77;;
esac
fi
run_tests:
name: run_tests
timeout-minutes: 7
strategy:
matrix:
go-version: ['>=1.21.1']
platform: [ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4 # since v4, it added cache by default.
with:
go-version: ${{ matrix.go-version }}
- name: tests and benchmarks
run: |
ulimit -a
env
set -x
go test -timeout 1m -race -run=XXXX -bench=. ./...
go test -timeout 4m -race -cover -coverprofile=coverage.out -shuffle on ./...
go tool cover -html=coverage.out -o coverage.html
go tool cover -func=coverage.out
wget -nc --output-document=/tmp/codecov https://github.com/codecov/uploader/releases/download/v0.3.5/codecov-linux
chmod +x /tmp/codecov
/tmp/codecov
env:
ONG_RUNNING_IN_TESTS: 'YES'
run_analysis:
name: run_analysis
timeout-minutes: 8
strategy:
matrix:
go-version: ['>=1.21.1']
platform: [ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
- name: install apt and pip deps
run: |
pwd; ls -lsha
sudo apt -y update
sudo apt -y install wget
- name: install tools
run: |
set -x
go install honnef.co/go/tools/cmd/staticcheck@latest
go install github.com/securego/gosec/cmd/gosec@latest
go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@latest
go install github.com/orijtech/structslop/cmd/structslop@latest
go install github.com/orijtech/httperroryzer/cmd/httperroryzer@latest
go install golang.org/x/tools/cmd/stress@latest
go install golang.org/x/tools/cmd/goimports@latest
go install golang.org/x/tools/go/analysis/passes/shadow/cmd/shadow@latest
go install golang.org/x/tools/go/analysis/passes/nilness/cmd/nilness@latest
go install github.com/kisielk/errcheck@latest
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
go install mvdan.cc/gofumpt@latest
go install golang.org/x/vuln/cmd/govulncheck@latest
go install github.com/mdempsky/unconvert@latest
go install github.com/zricethezav/gitleaks/v8@latest
# go install gvisor.dev/gvisor/tools/checklocks/cmd/checklocks@latest
go install gvisor.dev/gvisor/tools/checklocks/cmd/[email protected]
/home/runner/go/bin/staticcheck -version
env:
SOME_ENV_VAR: '2020.1.6'
- name: static analysis
run: |
set -x
diff <(gofmt -d .) <(printf "")
diff <(gofumpt -extra -w -d .) <(printf "")
diff <(goimports -d .) <(printf "")
go vet -all ./...
go vet -vettool=/home/runner/go/bin/shadow -strict ./...
go vet -vettool=/home/runner/go/bin/nilness -test ./...
/home/runner/go/bin/checklocks -test=false ./...
/home/runner/go/bin/staticcheck -tests ./...
govulncheck ./...
# /home/runner/go/bin/gosec ./... # does not seem to work with Go1.21
# /home/runner/go/bin/structslop ./... # does not seem to work with Go1.21
/home/runner/go/bin/httperroryzer ./...
# see: https://github.com/golang/go/commit/a98589711da5e9d935e8d690cfca92892e86d557
/home/runner/go/bin/errcheck -ignoregenerated -ignoretests -asserts ./...
/home/runner/go/bin/unconvert -v ./...
/home/runner/go/bin/gitleaks detect . -v --no-git --baseline-path .gitleaksignore
# To create the gitleaksignore file, run;
# rm -rf .gitleaksignore; gitleaks detect . --no-git --report-path .gitleaksignore
# dont use golangci-lint
# see: https://twitter.com/dominikhonnef/status/1394766501157167112
#
# In our case we need to use it so that we can be able to use `nolint:gocritic` in the errors package.
#
wget -nc --output-document=/tmp/semgrep-go.zip https://github.com/dgryski/semgrep-go/archive/refs/heads/master.zip
unzip -o /tmp/semgrep-go.zip -d /tmp/semgrep-go
go get github.com/quasilyte/go-ruleguard/dsl
golangci-lint run --config .golangci.yml ./...
go mod tidy
python -m venv /tmp/.venv
. /tmp/.venv/bin/activate
python -m pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org semgrep
semgrep -f /tmp/semgrep-go/semgrep-go-master/ --error .
deactivate
# An alternative it to do:
# semgrep -f https://semgrep.dev/r/dgryski.semgrep-go --exclude="*_test.go" .
# deadlock detection
# https://github.com/cockroachdb/cockroach/issues/7972
go get github.com/sasha-s/go-deadlock
find . -name "*.go" | xargs -n 1 sed -i.backup 's/sync.RWMutex/deadlock.RWMutex/'
find . -name "*.go" | xargs -n 1 sed -i.backup 's/sync.Mutex/deadlock.Mutex/'
find . -name '*.backup' -delete
/home/runner/go/bin/goimports -w .
go test -timeout 4m -race ./...
go mod tidy
# TODO: add https://github.com/system-pclub/GCatch
env:
ONG_RUNNING_IN_TESTS: 'YES'
# https://go.dev/testing/coverage/
integration_test_coverage:
name: integration_test_coverage
timeout-minutes: 3
strategy:
matrix:
go-version: ['>=1.21.1']
platform: [ubuntu-22.04]
runs-on: ${{ matrix.platform }}
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
- name: whole program coverage
run: |
set -x
pwd; ls -lsha
sudo apt -y update
sudo apt -y install libnss3-tools jq # certutil
mkdir -p coverage/
rm -rf coverage/* ongExample
go build -cover -o ongExample github.com/komuw/ong/example
GOCOVERDIR=coverage/ ./ongExample > logs_one.json 2>&1 &
sleep 10 && kill -15 $(pidof ongExample)
{ # try
kill -9 $(pidof ongExample)
} || { # catch
echo -n ""
}
cat logs_one.json
GOCOVERDIR=coverage/ ./ongExample > logs_two.json 2>&1 &
sleep 10
cat logs_two.json
ls -lsha coverage/
ss --listening --processes --query=tcp,udp
go test -timeout 4m -race --tags=integration github.com/komuw/ong/example -v
kill -15 $(pidof ongExample)
{ # try
kill -9 $(pidof ongExample)
} || { # catch
echo -n ""
}
ls -lsha coverage/
go tool covdata percent -i=coverage
env:
ONG_RUNNING_IN_TESTS: 'YES'
ONG_EXAMPLE_TESTS_BASIC_AUTH: "super-h@rd-Pas1word" # Ought to be same value as used in /example/main.go
# run_stress_test:
# name: run_stress_test
# timeout-minutes: 2
# strategy:
# matrix:
# go-version: ['>=1.21.1']
# platform: [ubuntu-22.04]
# runs-on: ${{ matrix.platform }}
# steps:
# - name: Set up Go
# uses: actions/setup-go@v4
# with:
# go-version: ${{ matrix.go-version }}
# - name: stress test
# run: |
# go install golang.org/x/tools/cmd/stress@latest
# go test -o ong.test -c -race
# /home/runner/go/bin/stress -timeout 10s ./ong.test