-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor/identity #811
Refactor/identity #811
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feedback from Senior Dev Bot
name: "🧪 CodeQL Analysis" | ||
|
||
on: | ||
pull_request: | ||
branches: [ master ] | ||
schedule: | ||
- cron: "43 3 * * 2" | ||
|
||
jobs: | ||
codeql-analysis: | ||
name: Run CodeQL Analysis |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feedback:
- It is good to see that you have added a name field to your workflow.
- I would recommend removing the schedule field as it is not necessary for a pull_request event.
- It is best practice to include some context in the cron schedule, such as an explanation of when the analysis will run.
Here is the updated code:
name: "🧪 CodeQL Analysis"
on:
pull_request:
branches: [ master ]
jobs:
codeql-analysis:
name: Run CodeQL Analysis
jobs: | ||
release: | ||
name: Run goreleaser | ||
runs-on: ubuntu-latest | ||
runs-on: self-hosted | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code changes look good, but it would be better if we specify a specific version of the self-hosted runner instead of using "self-hosted". This will ensure consistency and prevent any unexpected issues from using different versions of the self-hosted runner.
jobs:
release:
name: Run goreleaser
runs-on: self-hosted[VERSION_TAG]
steps:
- uses: actions/checkout@v3
with:
Replace [VERSION_TAG]
with the specific version of the self-hosted runner you want to use.
|
||
jobs: | ||
generate-changelog: | ||
runs-on: ubuntu-latest | ||
runs-on: ubuntu-ultra-instinct | ||
steps: | ||
- uses: actions/checkout@v2 | ||
with: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change from "ubuntu-latest" to "ubuntu-ultra-instinct" in the "runs-on" field of the job looks like a naming convention change. However, it is always preferable to use the available official environment labels provided by GitHub. In this case, "ubuntu-latest" is the standard label, so it should be retained.
jobs:
generate-changelog:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
By sticking to the official environment labels, it ensures consistency and makes it easier to understand and maintain the code in the long run.
"**/.hg": true, | ||
"**/CVS": true, | ||
"**/.DS_Store": true, | ||
".vscode/": true | ||
".vscode/": true, | ||
"sonar-project.properties": true, | ||
"LICENSE": true, | ||
"codecov.yml": true, | ||
"CODE_OF_CONDUCT.md": true, | ||
"CHANGELOG.md": true | ||
}, | ||
"svg.preview.background": "custom", | ||
"typescript.preferences.importModuleSpecifier": "non-relative", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code changes look good. The added file paths are properly formatted and separated by commas for clarity. It's recommended to use a consistent style and maintain alphabetical order to make it easier to manage and review file paths. Also, it's a good practice to separate configuration settings, like file patterns, from general preferences, like "svg.preview.background" and "typescript.preferences.importModuleSpecifier".
{
"files.exclude": {
"**/.hg": true,
"**/.DS_Store": true,
"**/CVS": true,
".vscode/": true,
"CHANGELOG.md": true,
"CODE_OF_CONDUCT.md": true,
"codecov.yml": true,
"LICENSE": true,
"sonar-project.properties": true
},
"typescript.preferences.importModuleSpecifier": "non-relative",
"svg.preview.background": "custom"
}
bob.yaml
Outdated
cmd: task build | ||
target: ./bin/sonrd | ||
|
||
# release - is the default task execute when building release. | ||
release: | ||
cmd: make release | ||
|
||
# docker - is the default task execute when building docker image. | ||
docker: | ||
cmd: task release-docker | ||
cmd: task docker-build | ||
dependson: | ||
- binary | ||
target: | ||
image: ghcr.io/sonr-io/sonrd:latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feedback:
- It's good to see the addition of comments to describe the purpose of tasks like "release" and "docker".
- The "docker" task has been modified to use the "docker-build" task instead of "release-docker".
- It seems unnecessary to specify "dependson: binary" as it is not used in the task.
- The list of dependencies at the bottom of the file should be removed as they are no longer necessary.
Code improvements:
cmd: task build
target: ./bin/sonrd
# release - is the default task executed when building a release.
release:
cmd: make release
# docker - is the default task executed when building a docker image.
docker:
cmd: task docker-build
target: image: ghcr.io/sonr-io/sonrd:latest
Please note that I have made the assumption that the "dependson" and "dependencies" sections were not required for the given tasks.
sh: echo $GITHUB_TOKEN | ||
default: "" | ||
GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}} | ||
tasks: | ||
# ---------------------------------------------------------------------------- | ||
# -- Run Tasks --------------------------------------------------------------- | ||
# ---------------------------------------------------------------------------- | ||
tasks: | ||
default: | ||
desc: Print the version | ||
silent: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code changes look fine, but there are a few improvements that can be made:
-
It's a good practice to surround command outputs with quotes to handle cases where the output contains spaces or special characters. So, you can update
sh: echo $GITHUB_TOKEN
tosh: echo "$GITHUB_TOKEN"
. -
It's recommended to use consistent naming conventions. The variable name
GORELEASER_IMAGE
can be updated toGORELEASER_IMAGE_VERSION
to make it more clear. -
In the
tasks
section, consider using a more descriptive name for the task, instead of justdefault
. You could name itprintVersion
or something similar to reflect its purpose.
Here are the updated changes:
- sh: echo $GITHUB_TOKEN
+ sh: echo "$GITHUB_TOKEN"
- GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}
+ GORELEASER_IMAGE_VERSION: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}
- tasks:
+ tasks:
printVersion:
desc: Print the version
silent: true
Taskfile.yml
Outdated
cmds: | ||
- make build | ||
|
||
release-docker: | ||
desc: Build the binary for docker | ||
cmds: | ||
- task: docker-build-push | ||
vars: | ||
IMAGE: sonrd | ||
|
||
|
||
docker-build-push: | ||
silent: true | ||
internal: true | ||
desc: Build, tag and push the docker image | ||
cmds: | ||
- docker build -f ./Dockerfile . -t {{.IMAGE}} | ||
- docker tag {{.IMAGE}} {{.IMAGE}}:latest | ||
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:latest | ||
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:{{.VERSION}} | ||
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:{{.COMMIT}} | ||
requires: | ||
vars: [IMAGE] | ||
|
||
# ---------------------------------------------------------------------------- | ||
# -- Protobuf Tasks ------------------------------------------------------------- | ||
# ---------------------------------------------------------------------------- | ||
buf-mod: | ||
dir: proto | ||
internal: true | ||
silent: true | ||
desc: Update the buf.lock file | ||
build-all: | ||
desc: Build the binary for all platforms and docker | ||
cmds: | ||
- buf mod update | ||
|
||
buf-build: | ||
dir: proto | ||
internal: true | ||
silent: true | ||
desc: Build the protobuf files | ||
deps: [buf-mod] | ||
cmds: | ||
- buf build | ||
|
||
buf-push: | ||
dir: proto | ||
internal: true | ||
silent: true | ||
desc: Push the protobuf files to the registry | ||
deps: [buf-build] | ||
cmds: | ||
- buf push | ||
- make build | ||
- task: docker:build | ||
|
||
generate: | ||
aliases: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feedback:
- It looks like the
release-docker
task and related tasks for building and pushing the Docker image have been removed. It would be helpful to understand the reasoning behind this change and whether there is an alternative way to handle Docker image building and pushing. - The
build-all
task has been added to build the binary for all platforms and Docker. However, it is unclear what themake build
command does. It would be beneficial to provide more information about themake
command and its purpose.
Example of an improved code:
cmds:
- make build
build-all:
desc: Build the binary for all platforms and Docker
cmds:
- make build
- task: docker:build
- The
buf-mod
,buf-build
, andbuf-push
tasks related to protobuf files have been removed. It would be helpful to know if there is an alternative approach for handling protobuf files or if they are no longer needed in the codebase.
Example of an improved code:
cmds:
- make build
build-all:
desc: Build the binary for all platforms and Docker
cmds:
- make build
- task: docker:build
generate:
aliases:
Overall, it would be constructive to provide more context and explanation for the removed code and any new approaches introduced.
docker/Taskfile.yml
Outdated
version: "3" | ||
vars: | ||
CGO_ENABLED: 1 | ||
WASMVM_URL: https://github.com/CosmWasm/wasmvm/releases/download | ||
VERSION: | ||
sh: echo $(git describe --tags --abbrev=0) | ||
default: v0.0.0 | ||
COMMIT: | ||
sh: git log -n 1 --format=%h | ||
default: 0000000 | ||
DATE: | ||
sh: date -u '+%m/%d/%y %I:%M:%S%p' | ||
default: "1970-01-01_00:00:00AM" | ||
COSMWASM_VERSION: | ||
sh: go list -m github.com/CosmWasm/wasmvm | sed 's/.* //' | ||
default: v1.3.0 | ||
GO_VERSION: | ||
sh: cat go.mod | grep -E 'go [0-9].[0-9]+' | cut -d ' ' -f 2 | ||
default: 1.21 | ||
GITHUB_TOKEN: | ||
sh: echo $GITHUB_TOKEN | ||
default: "" | ||
GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}} | ||
tasks: | ||
# ---------------------------------------------------------------------------- | ||
# -- Run Tasks --------------------------------------------------------------- | ||
# ---------------------------------------------------------------------------- | ||
docker: | ||
desc: Print the version | ||
silent: true | ||
cmds: | ||
- task -l | ||
|
||
release: | ||
desc: Build the binary for docker | ||
cmds: | ||
- task: docker-build | ||
- for: ["ghcr.io/sonr-io", "registry.digitalocean.com/sonrhq"] | ||
task: docker-push | ||
vars: | ||
REGISTRY: '{{.ITEM}}' | ||
IMAGE: sonrd | ||
|
||
build: | ||
silent: true | ||
desc: Build, tag and push the docker image | ||
cmds: | ||
- docker build -f ./docker/deploy/Dockerfile . -t sonrd | ||
|
||
tag: | ||
silent: true | ||
desc: Build, tag and push the docker image | ||
cmds: | ||
- echo "Tagging {{.IMAGE}} with {{.REGISTRY}}/{{.IMAGE}}" | ||
- docker tag sonrd {{.REGISTRY}}/{{.IMAGE}}:{{.VERSION}} | ||
- docker tag sonrd {{.REGISTRY}}/{{.IMAGE}}:{{.COMMIT}} | ||
requires: | ||
vars: [IMAGE, REGISTRY] | ||
|
||
push: | ||
silent: true | ||
desc: Build, tag and push the docker image | ||
cmds: | ||
- echo "Pushing {{.REGISTRY}}/{{.IMAGE}}..." | ||
- docker push {{.REGISTRY}}/{{.IMAGE}} --all-tags | ||
requires: | ||
vars: [IMAGE, REGISTRY] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code changes overall look good, but there are a few areas where we can improve:
- Instead of using shell commands directly in the YAML file, it's better to move them to a separate script file and call the script from the YAML. This makes the code more modular and easier to maintain.
Example:
vars:
VERSIONCMD: sh scripts/get_version.sh
release:
desc: Build the binary for docker
cmds:
- sh scripts/build_binary.sh
-
Use consistent naming conventions for variables. Currently, there is a mix of uppercase and lowercase letters in the variable names. It's recommended to use lowercase letters with underscores for better readability.
-
Make use of variable substitution in the YAML file to reduce duplication and improve maintainability. Instead of hardcoding values multiple times, define variables and use them where needed.
Example:
variables:
tag_version: "{{.VERSION}}"
tag_commit: "{{.COMMIT}}"
tag:
silent: true
desc: Build, tag and push the docker image
cmds:
- echo "Tagging {{ .IMAGE }} with {{ .REGISTRY }}/{{ .IMAGE }}"
- docker tag sonrd {{ .REGISTRY }}/{{ .IMAGE }}:{{ tag_version }}
- docker tag sonrd {{ .REGISTRY }}/{{ .IMAGE }}:{{ tag_commit }}
requires:
vars: [IMAGE, REGISTRY, VERSION, COMMIT]
By following these recommendations, the code becomes more modular, readable, and maintainable.
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: ["go", "typescript"] | ||
queries: ['crypto-com/[email protected]'] | ||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
# Learn more about CodeQL language support at https://git.io/codeql-language-support | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v1 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
# queries: ./path/to/local/query, your-org/your-repo/queries@main | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v1 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||
# and modify them (or add more) to build your code if your project | ||
# uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v1 | ||
|
||
coverage: | ||
name: Scan/Upload Coverage | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
- name: Upload coverage reports to Codecov | ||
uses: codecov/codecov-action@v3 | ||
env: | ||
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | ||
|
||
- name: SonarCloud Scan | ||
uses: sonarsource/sonarcloud-github-action@master | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }} | ||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, the code changes look good, but here are a few suggestions for improvement:
-
Move the
coverage
block outside thesteps
block in order to maintain a clear separation of concerns and improve readability.coverage: name: Scan/Upload Coverage runs-on: ubuntu-latest steps: # ...
-
Use the
env
block under thejobs
key to define environment variables instead of usingenv
within each step.jobs: build: env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} steps: # ...
-
Consider using an explicit version of the
sonarsource/sonarcloud-github-action
instead of@master
to ensure a specific version is used.- name: SonarCloud Scan uses: sonarsource/sonarcloud-github-action@<version> env: GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
Add comments to explain the purpose of each step to increase code readability and maintainability.
- name: Checkout repository uses: actions/checkout@v3 # ... - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: ${{ matrix.language }} # ...
These changes help improve the readability, organization, and maintainability of the code.
cmds: | ||
- | | ||
make proto-all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on best practices, here are some suggestions for improving the code changes:
-
Remove unnecessary Git commands: You can remove the
git add .
andgit commit
commands, as they are not relevant in this context. Only the Make commandmake proto-all
should be used. -
Use environment variables instead of hardcoding values: Instead of hardcoding values in the
go-cross-build
task, consider using environment variables. This will make the code more flexible and reusable. -
Simplify the
go-cross-build
task: Thego-cross-build
task can be simplified using a single-line Docker command, rather than using a multi-line command. Use backticks (```) to escape multi-line commands for improved readability.
Updated code:
cmds:
- |
make proto-all
go-cross-build:
desc: Build the binary for all platforms
cmds:
- docker run \
--rm \
-e COSMWASM_VERSION={{.COSMWASM_VERSION}} \
-v /var/run/docker.sock:/var/run/docker.sock \
-v `pwd`:/go/src/sonrd \
-w /go/src/sonrd \
{{.GORELEASER_IMAGE}} \
build \
--clean \
--skip=validate \
--id={{.ID}}
requires:
vars: [ID]
These changes simplify the code and adhere to best practices, improving readability and maintainability.
Apply Sweep Rules to your PR?
|
SonarCloud Quality Gate failed. 0 Bugs 0.0% Coverage Catch issues before they fail your Quality Gate with our IDE extension SonarLint |
No description provided.