ci: remove gh action gosec linter,since it is already part of golangci

This commit removes gosec standalone linter and related parts, since golangci linter runs gosec linter too. Signed-off-by: Rakshith R <rar@redhat.com>
2024-09-19 15:09:56 +00:00 · 2021-11-16 16:18:23 +05:30 · 2021-11-16 16:18:23 +05:30 · 191b603974
commit 191b603974
parent 0bf9db822b
6 changed files with 2 additions and 40 deletions
--- a/.github/workflows/gosec.yaml
+++ b/.github/workflows/gosec.yaml
@ -1,15 +0,0 @@
---
-name: gosec
-# yamllint disable-line rule:truthy
-on:
-  pull_request:
-    branches:
-      - '*'
-jobs:
-  gosec:
-    name: gosec
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: gosec
-        run: CONTAINER_CMD=docker make containerized-test TARGET=gosec
--- a/.mergify.yml
+++ b/.mergify.yml
@ -46,7 +46,6 @@ pull_request_rules:
      - "status-success=multi-arch-build"
      - "status-success=go-test"
      - "status-success=golangci-lint"
-      - "status-success=gosec"
      - "status-success=mod-check"
      - "status-success=lint-extras"
      - "status-success=ci/centos/k8s-e2e-external-storage/1.21"
@ -76,7 +75,6 @@ pull_request_rules:
      - "status-success=multi-arch-build"
      - "status-success=go-test"
      - "status-success=golangci-lint"
-      - "status-success=gosec"
      - "status-success=commitlint"
      - "status-success=mod-check"
      - "status-success=lint-extras"
@ -105,7 +103,6 @@ pull_request_rules:
      - "status-success=multi-arch-build"
      - "status-success=go-test"
      - "status-success=golangci-lint"
-      - "status-success=gosec"
      - "status-success=commitlint"
      - "status-success=mod-check"
      - "status-success=lint-extras"
@ -147,7 +144,6 @@ pull_request_rules:
      - "status-success=go-test"
      - "status-success=commitlint"
      - "status-success=golangci-lint"
-      - "status-success=gosec"
      - "status-success=mod-check"
      - "status-success=lint-extras"
      - "#changes-requested-reviews-by=0"
@ -186,7 +182,6 @@ pull_request_rules:
      - "status-success=go-test"
      - "status-success=commitlint"
      - "status-success=golangci-lint"
-      - "status-success=gosec"
      - "status-success=mod-check"
      - "status-success=lint-extras"
      - "#changes-requested-reviews-by=0"
--- a/7
+++ b/7
@ -87,7 +87,7 @@ endif

 all: cephcsi

-.PHONY: go-test static-check mod-check go-lint lint-extras gosec commitlint codespell
+.PHONY: go-test static-check mod-check go-lint lint-extras commitlint codespell
 ifeq ($(CONTAINERIZED),no)
 # include mod-check in non-containerized runs
 test: go-test static-check mod-check
@ -95,7 +95,7 @@ else
 # exclude mod-check for containerized runs (CI runs it separately)
 test: go-test static-check
 endif
-static-check: check-env codespell go-lint lint-extras gosec
+static-check: check-env codespell go-lint lint-extras

 go-test: TEST_COVERAGE ?= $(shell . $(CURDIR)/build.env ; echo $${TEST_COVERAGE})
 go-test: GO_COVER_DIR ?= $(shell . $(CURDIR)/build.env ; echo $${GO_COVER_DIR})
@ -133,9 +133,6 @@ lint-helm:
 lint-py:
 	./scripts/lint-extras.sh lint-py

-gosec:
-	GO_TAGS="$(GO_TAGS)" ./scripts/gosec.sh
-
 func-test:
 	go test $(GO_TAGS) -mod=vendor github.com/ceph/ceph-csi/e2e $(TESTOPTIONS)

--- a/build.env
+++ b/build.env
@ -24,7 +24,6 @@ COMMITLINT_VERSION=latest

 # static checks and linters
 GOLANGCI_VERSION=v1.39.0
-GOSEC_VERSION=v2.7.0

 # external snapshotter version
 # Refer: https://github.com/kubernetes-csi/external-snapshotter/releases
--- a/scripts/Dockerfile.test
+++ b/scripts/Dockerfile.test
@ -40,8 +40,6 @@ RUN source /build.env \
    && gem install mdl \
    && curl -sf "https://install.goreleaser.com/github.com/golangci/golangci-lint.sh" \
       | bash -s -- -b ${GOPATH}/bin "${GOLANGCI_VERSION}" \
-    && curl -sfL "https://raw.githubusercontent.com/securego/gosec/master/install.sh" \
-       | sh -s -- -b $GOPATH/bin "${GOSEC_VERSION}" \
    && curl -L https://git.io/get_helm.sh | bash -s -- --version "${HELM_VERSION}" \
    && mkdir /opt/commitlint && pushd /opt/commitlint \
    && npm init -y \
--- a/scripts/gosec.sh
+++ b/scripts/gosec.sh
@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -o pipefail
-
-if [[ -x "$(command -v gosec)" ]]; then
-  # gosec does not support -mod=vendor, so fallback to non-module support and
-  # assume all dependencies are available in ./vendor already
-  export GO111MODULE=off
-  find cmd internal -type d -print0 | xargs --null gosec "${GO_TAGS}"
-else
-  echo "WARNING: gosec not found, skipping security tests" >&2
-fi