crowdsec/.github/workflows/go-tests.yml

---
# This workflow is actually running
# tests (with localstack) but the
# name is used for the badge in README.md

name: Build

on:
  push:
    branches:
      - master
      - releases/**
    paths-ignore:
      - 'README.md'
  pull_request:
    branches:
      - master
      - releases/**
    paths-ignore:
      - 'README.md'

# these env variables are for localstack, so we can emulate aws services
env:
  RICHGO_FORCE_COLOR: 1
  AWS_HOST: localstack
  # these are to mimic aws config
  AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
  AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  AWS_REGION: us-east-1
  KINESIS_INITIALIZE_STREAMS: "stream-1-shard:1,stream-2-shards:2"
  CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF: true

jobs:
  build:
    strategy:
      matrix:
        go-version: ["1.20.5"]

    name: "Build + tests"
    runs-on: ubuntu-latest
    services:
      localstack:
        image: localstack/localstack:1.3.0
        ports:
        - 4566:4566  # Localstack exposes all services on the same port
        env:
          DEBUG: ""
          LAMBDA_EXECUTOR: ""
          KINESIS_ERROR_PROBABILITY: ""
          DOCKER_HOST: unix:///var/run/docker.sock
          KINESIS_INITIALIZE_STREAMS: ${{ env.KINESIS_INITIALIZE_STREAMS }}
          HOSTNAME_EXTERNAL: ${{ env.AWS_HOST }}  # Required so that resource urls are provided properly
          # e.g sqs url will get localhost if we don't set this env to map our service
        options: >-
          --name=localstack
          --health-cmd="curl -sS 127.0.0.1:4566 || exit 1"
          --health-interval=10s
          --health-timeout=5s
          --health-retries=3
      zoo1:
        image: confluentinc/cp-zookeeper:7.3.0
        ports:
          - "2181:2181"
        env:
          ZOOKEEPER_CLIENT_PORT: 2181
          ZOOKEEPER_SERVER_ID: 1
          ZOOKEEPER_SERVERS: zoo1:2888:3888
        options: >-
          --name=zoo1
          --health-cmd "jps -l | grep zookeeper"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

      kafka1:
        image: crowdsecurity/kafka-ssl
        ports:
          - "9093:9093"
          - "9092:9092"
          - "9999:9999"
        env:
          KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://127.0.0.1:19092,LISTENER_DOCKER_EXTERNAL://127.0.0.1:9092,LISTENER_DOCKER_EXTERNAL_SSL://127.0.0.1:9093
          KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL_SSL:SSL
          KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_DOCKER_INTERNAL
          KAFKA_ZOOKEEPER_CONNECT: "zoo1:2181"
          KAFKA_BROKER_ID: 1
          KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
          KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
          KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
          KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
          KAFKA_JMX_PORT: 9999
          KAFKA_JMX_HOSTNAME: "127.0.0.1"
          KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
          KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
          KAFKA_SSL_KEYSTORE_FILENAME: kafka.kafka1.keystore.jks
          KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka1_keystore_creds
          KAFKA_SSL_KEY_CREDENTIALS: kafka1_sslkey_creds
          KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.kafka1.truststore.jks
          KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka1_truststore_creds
          KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2
          KAFKA_SSL_PROTOCOL: TLSv1.2
          KAFKA_SSL_CLIENT_AUTH: none
          KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
        options: >-
          --name=kafka1
          --health-cmd "kafka-broker-api-versions --version"
          --health-interval 10s
          --health-timeout 10s
          --health-retries 5

    steps:

    - name: "Set up Go ${{ matrix.go-version }}"
      uses: actions/setup-go@v3
      with:
        go-version: ${{ matrix.go-version }}

    - name: Check out CrowdSec repository
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
        submodules: false

    - name: Cache Go modules
      uses: actions/cache@v3
      with:
        path: |
          ~/go/pkg/mod
          ~/.cache/go-build
          ~/Library/Caches/go-build
          %LocalAppData%\go-build
        key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-${{ matrix.go-version }}-go-

    - name: Build and run tests
      run: |
        go install github.com/ory/go-acc@v0.2.8
        go install github.com/kyoh86/richgo@v0.3.10
        set -o pipefail
        make build
        make go-acc | richgo testfilter

    - name: Upload unit coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        files: coverage.out
        flags: unit-linux

    - name: golangci-lint
      uses: golangci/golangci-lint-action@v3
      with:
        version: v1.51
        args: --issues-exit-code=1 --timeout 10m
        only-new-issues: false
        # the cache is already managed above, enabling it here
        # gives errors when extracting
        skip-pkg-cache: true
        skip-build-cache: true
fix build/test badge (#1626) 2022-07-01 10:19:21 +00:00			`---`
			`# This workflow is actually running`
			`# tests (with localstack) but the`
			`# name is used for the badge in README.md`

			`name: Build`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00
			`on:`
			`push:`
enable CI workflow for stable branches (#1889) 2022-11-28 09:52:42 +00:00			`branches:`
			`- master`
			`- releases/**`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`paths-ignore:`
			`- 'README.md'`
			`pull_request:`
enable CI workflow for stable branches (#1889) 2022-11-28 09:52:42 +00:00			`branches:`
			`- master`
			`- releases/**`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`paths-ignore:`
			`- 'README.md'`
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00			`# these env variables are for localstack, so we can emulate aws services`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`env:`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`RICHGO_FORCE_COLOR: 1`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`AWS_HOST: localstack`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`# these are to mimic aws config`
install *.cover binaries in $BIN_DIR; minor workflow changes (#1408) 2022-04-01 12:12:03 +00:00			`AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE`
			`AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`
			`AWS_REGION: us-east-1`
			`KINESIS_INITIALIZE_STREAMS: "stream-1-shard:1,stream-2-shards:2"`
retry with backoff requests to CAPI (#1957) * backoff on refresh token error * fix tls communication with lapi and user/pw auth (#1956) allow self-signed TLS encryption with user/pw auth docker: - remove defaults for certificate file locations - new envvar INSECURE_SKIP_VERIFY - register agent before TLS settings (cscli machine add removes them from the credentials file) * separate cscli cobra constructors: lapi, machines, bouncers, postoverflows (#1945) * use feature toggling to improve testability with http retry backoff * Add parse unix to dateparse enricher (#1958) Add parse unix is we do have a strTime but wasnt parsed using convential golang time * func tests: redirect stderr to filter extra logs (#1961) * backoff on refresh token error * use feature toggling to improve testability with http retry backoff * refactor feature backoff toggle for tests Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Laurence Jones <laurence.jones@live.co.uk> 2023-01-09 13:49:21 +00:00			`CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF: true`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00			`jobs:`
			`build:`
require at least go 1.18 to build (#1884) 2022-11-24 10:29:54 +00:00			`strategy:`
			`matrix:`
Use go 1.20.5 (#2280) https://groups.google.com/g/golang-announce/c/q5135a9d924 2023-06-15 21:18:57 +00:00			`go-version: ["1.20.5"]`
require at least go 1.18 to build (#1884) 2022-11-24 10:29:54 +00:00
install *.cover binaries in $BIN_DIR; minor workflow changes (#1408) 2022-04-01 12:12:03 +00:00			`name: "Build + tests"`
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00			`runs-on: ubuntu-latest`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`services:`
			`localstack:`
updated localstack dependencies, added build cache 2022-12-21 11:20:01 +00:00			`image: localstack/localstack:1.3.0`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`ports:`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`- 4566:4566 # Localstack exposes all services on the same port`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`env:`
			`DEBUG: ""`
			`LAMBDA_EXECUTOR: ""`
			`KINESIS_ERROR_PROBABILITY: ""`
			`DOCKER_HOST: unix:///var/run/docker.sock`
Kinesis datasource (#1147) 2022-01-11 13:19:43 +00:00			`KINESIS_INITIALIZE_STREAMS: ${{ env.KINESIS_INITIALIZE_STREAMS }}`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`HOSTNAME_EXTERNAL: ${{ env.AWS_HOST }} # Required so that resource urls are provided properly`
			`# e.g sqs url will get localhost if we don't set this env to map our service`
Refactor Acquisition Interface (#773) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> 2021-06-11 07:53:53 +00:00			`options: >-`
			`--name=localstack`
			`--health-cmd="curl -sS 127.0.0.1:4566 \|\| exit 1"`
			`--health-interval=10s`
			`--health-timeout=5s`
			`--health-retries=3`
Datasource/kafka (#1698) * add Kafka datasource 2022-08-30 15:03:45 +00:00			`zoo1:`
updated localstack dependencies, added build cache 2022-12-21 11:20:01 +00:00			`image: confluentinc/cp-zookeeper:7.3.0`
Datasource/kafka (#1698) * add Kafka datasource 2022-08-30 15:03:45 +00:00			`ports:`
			`- "2181:2181"`
			`env:`
			`ZOOKEEPER_CLIENT_PORT: 2181`
			`ZOOKEEPER_SERVER_ID: 1`
			`ZOOKEEPER_SERVERS: zoo1:2888:3888`
			`options: >-`
			`--name=zoo1`
			`--health-cmd "jps -l \| grep zookeeper"`
			`--health-interval 10s`
			`--health-timeout 5s`
			`--health-retries 5`
CI: build with/require go 1.20 (#2031) 2023-02-15 13:27:17 +00:00
Datasource/kafka (#1698) * add Kafka datasource 2022-08-30 15:03:45 +00:00			`kafka1:`
			`image: crowdsecurity/kafka-ssl`
			`ports:`
			`- "9093:9093"`
			`- "9092:9092"`
			`- "9999:9999"`
			`env:`
			`KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://127.0.0.1:19092,LISTENER_DOCKER_EXTERNAL://127.0.0.1:9092,LISTENER_DOCKER_EXTERNAL_SSL://127.0.0.1:9093`
			`KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL_SSL:SSL`
			`KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_DOCKER_INTERNAL`
			`KAFKA_ZOOKEEPER_CONNECT: "zoo1:2181"`
			`KAFKA_BROKER_ID: 1`
			`KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"`
			`KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1`
			`KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1`
			`KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1`
			`KAFKA_JMX_PORT: 9999`
			`KAFKA_JMX_HOSTNAME: "127.0.0.1"`
			`KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer`
			`KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"`
			`KAFKA_SSL_KEYSTORE_FILENAME: kafka.kafka1.keystore.jks`
			`KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka1_keystore_creds`
			`KAFKA_SSL_KEY_CREDENTIALS: kafka1_sslkey_creds`
			`KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.kafka1.truststore.jks`
			`KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka1_truststore_creds`
			`KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2`
			`KAFKA_SSL_PROTOCOL: TLSv1.2`
			`KAFKA_SSL_CLIENT_AUTH: none`
			`KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"`
			`options: >-`
			`--name=kafka1`
			`--health-cmd "kafka-broker-api-versions --version"`
			`--health-interval 10s`
			`--health-timeout 10s`
			`--health-retries 5`
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00			`steps:`
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00
require at least go 1.18 to build (#1884) 2022-11-24 10:29:54 +00:00			`- name: "Set up Go ${{ matrix.go-version }}"`
single workflow for all tests, with bats coverage (#1413) 2022-04-05 09:00:11 +00:00			`uses: actions/setup-go@v3`
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00			`with:`
require at least go 1.18 to build (#1884) 2022-11-24 10:29:54 +00:00			`go-version: ${{ matrix.go-version }}`
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`- name: Check out CrowdSec repository`
single workflow for all tests, with bats coverage (#1413) 2022-04-05 09:00:11 +00:00			`uses: actions/checkout@v3`
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00			`with:`
			`fetch-depth: 0`
			`submodules: false`

updated localstack dependencies, added build cache 2022-12-21 11:20:01 +00:00			`- name: Cache Go modules`
CI: update github actions and deprecated commands (#2023) 2023-02-01 15:55:34 +00:00			`uses: actions/cache@v3`
updated localstack dependencies, added build cache 2022-12-21 11:20:01 +00:00			`with:`
			`path: \|`
			`~/go/pkg/mod`
			`~/.cache/go-build`
			`~/Library/Caches/go-build`
			`%LocalAppData%\go-build`
			`key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }}`
			`restore-keys: \|`
			`${{ runner.os }}-${{ matrix.go-version }}-go-`

simpler makefiles for static targets (#1744) 2022-09-14 12:22:57 +00:00			`- name: Build and run tests`
CI: colored test output, colored crowdsec and crowdsec-api logs, full final db dump for mysql and sqlite (#1596) * github-ci: color unit test output and logs * new config option: force_color_logs (useful in CI) * bats: show sqlite/mysql dump at the end * removed "-v" (print package names) from "go build" * general workflow cleanup 2022-06-17 14:12:49 +00:00			`run: \|`
			`go install github.com/ory/go-acc@v0.2.8`
			`go install github.com/kyoh86/richgo@v0.3.10`
simpler makefiles for static targets (#1744) 2022-09-14 12:22:57 +00:00			`set -o pipefail`
			`make build`
Unit tests: fix authentication to localstack (#2106) 2023-03-08 13:41:16 +00:00			`make go-acc \| richgo testfilter`
more func test coverage; capture exit code for bincover (#1425) 2022-04-13 13:44:23 +00:00
Codecov (#1561) * fix coverage report (#1553) * codecov 2022-05-24 15:22:08 +00:00			`- name: Upload unit coverage to Codecov`
update codecov action (node 12 is deprecated) (#1830) 2022-10-24 10:48:25 +00:00			`uses: codecov/codecov-action@v3`
Add unitest in `pkg/acquisition` and `pkg/cwapi` (#145) * ci for acquisition and cwapi * update README Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-27 10:18:55 +00:00			`with:`
Codecov (#1561) * fix coverage report (#1553) * codecov 2022-05-24 15:22:08 +00:00			`files: coverage.out`
			`flags: unit-linux`
Run lint after tests instead of separate workflow (#2103) 2023-03-08 13:50:59 +00:00
			`- name: golangci-lint`
			`uses: golangci/golangci-lint-action@v3`
			`with:`
			`version: v1.51`
			`args: --issues-exit-code=1 --timeout 10m`
			`only-new-issues: false`
CI: avoid conflict with pkg/build cache in golangci-lint action (#2123) 2023-03-20 09:41:08 +00:00			`# the cache is already managed above, enabling it here`
			`# gives errors when extracting`
			`skip-pkg-cache: true`
			`skip-build-cache: true`