Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor/identity #811

Merged
merged 27 commits into from
Oct 30, 2023
Merged

Refactor/identity #811

merged 27 commits into from
Oct 30, 2023

Conversation

prnk28
Copy link
Contributor

@prnk28 prnk28 commented Oct 25, 2023

No description provided.

Copy link

@senior-dev-bot senior-dev-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback from Senior Dev Bot

Comment on lines 1 to 10
name: "🧪 CodeQL Analysis"

on:
pull_request:
branches: [ master ]
schedule:
- cron: "43 3 * * 2"

jobs:
codeql-analysis:
name: Run CodeQL Analysis

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback:

  1. It is good to see that you have added a name field to your workflow.
  2. I would recommend removing the schedule field as it is not necessary for a pull_request event.
  3. It is best practice to include some context in the cron schedule, such as an explanation of when the analysis will run.

Here is the updated code:

name: "🧪 CodeQL Analysis"
 
on:
  pull_request:
    branches: [ master ]

jobs:
  codeql-analysis:
    name: Run CodeQL Analysis

Comment on lines 17 to 23
jobs:
release:
name: Run goreleaser
runs-on: ubuntu-latest
runs-on: self-hosted
steps:
- uses: actions/checkout@v3
with:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes look good, but it would be better if we specify a specific version of the self-hosted runner instead of using "self-hosted". This will ensure consistency and prevent any unexpected issues from using different versions of the self-hosted runner.

jobs:
  release:
    name: Run goreleaser
    runs-on: self-hosted[VERSION_TAG]
    steps:
      - uses: actions/checkout@v3
        with:

Replace [VERSION_TAG] with the specific version of the self-hosted runner you want to use.

Comment on lines 10 to 16

jobs:
generate-changelog:
runs-on: ubuntu-latest
runs-on: ubuntu-ultra-instinct
steps:
- uses: actions/checkout@v2
with:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change from "ubuntu-latest" to "ubuntu-ultra-instinct" in the "runs-on" field of the job looks like a naming convention change. However, it is always preferable to use the available official environment labels provided by GitHub. In this case, "ubuntu-latest" is the standard label, so it should be retained.

jobs:
  generate-changelog:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:

By sticking to the official environment labels, it ensures consistency and makes it easier to understand and maintain the code in the long run.

Comment on lines 51 to 62
"**/.hg": true,
"**/CVS": true,
"**/.DS_Store": true,
".vscode/": true
".vscode/": true,
"sonar-project.properties": true,
"LICENSE": true,
"codecov.yml": true,
"CODE_OF_CONDUCT.md": true,
"CHANGELOG.md": true
},
"svg.preview.background": "custom",
"typescript.preferences.importModuleSpecifier": "non-relative",

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes look good. The added file paths are properly formatted and separated by commas for clarity. It's recommended to use a consistent style and maintain alphabetical order to make it easier to manage and review file paths. Also, it's a good practice to separate configuration settings, like file patterns, from general preferences, like "svg.preview.background" and "typescript.preferences.importModuleSpecifier".

{
  "files.exclude": {
    "**/.hg": true,
    "**/.DS_Store": true,
    "**/CVS": true,
    ".vscode/": true,
    "CHANGELOG.md": true,
    "CODE_OF_CONDUCT.md": true,
    "codecov.yml": true,
    "LICENSE": true,
    "sonar-project.properties": true
  },
  "typescript.preferences.importModuleSpecifier": "non-relative",
  "svg.preview.background": "custom"
}

bob.yaml Outdated
Comment on lines 21 to 34
cmd: task build
target: ./bin/sonrd

# release - is the default task execute when building release.
release:
cmd: make release

# docker - is the default task execute when building docker image.
docker:
cmd: task release-docker
cmd: task docker-build
dependson:
- binary
target:
image: ghcr.io/sonr-io/sonrd:latest

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback:

  1. It's good to see the addition of comments to describe the purpose of tasks like "release" and "docker".
  2. The "docker" task has been modified to use the "docker-build" task instead of "release-docker".
  3. It seems unnecessary to specify "dependson: binary" as it is not used in the task.
  4. The list of dependencies at the bottom of the file should be removed as they are no longer necessary.

Code improvements:

cmd: task build
target: ./bin/sonrd

# release - is the default task executed when building a release.
release:
  cmd: make release

# docker - is the default task executed when building a docker image.
docker:
  cmd: task docker-build
  target: image: ghcr.io/sonr-io/sonrd:latest

Please note that I have made the assumption that the "dependson" and "dependencies" sections were not required for the given tasks.

Comment on lines 29 to 38
sh: echo $GITHUB_TOKEN
default: ""
GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}
tasks:
# ----------------------------------------------------------------------------
# -- Run Tasks ---------------------------------------------------------------
# ----------------------------------------------------------------------------
tasks:
default:
desc: Print the version
silent: true

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes look fine, but there are a few improvements that can be made:

  1. It's a good practice to surround command outputs with quotes to handle cases where the output contains spaces or special characters. So, you can update sh: echo $GITHUB_TOKEN to sh: echo "$GITHUB_TOKEN".

  2. It's recommended to use consistent naming conventions. The variable name GORELEASER_IMAGE can be updated to GORELEASER_IMAGE_VERSION to make it more clear.

  3. In the tasks section, consider using a more descriptive name for the task, instead of just default. You could name it printVersion or something similar to reflect its purpose.

Here are the updated changes:

- sh: echo $GITHUB_TOKEN
+ sh: echo "$GITHUB_TOKEN"

- GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}
+ GORELEASER_IMAGE_VERSION: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}

- tasks:
+ tasks:
   printVersion:
     desc: Print the version
     silent: true

Taskfile.yml Outdated
Comment on lines 44 to 54
cmds:
- make build

release-docker:
desc: Build the binary for docker
cmds:
- task: docker-build-push
vars:
IMAGE: sonrd


docker-build-push:
silent: true
internal: true
desc: Build, tag and push the docker image
cmds:
- docker build -f ./Dockerfile . -t {{.IMAGE}}
- docker tag {{.IMAGE}} {{.IMAGE}}:latest
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:latest
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:{{.VERSION}}
- docker tag {{.IMAGE}} {{.REGISTRY}}/{{.IMAGE}}:{{.COMMIT}}
requires:
vars: [IMAGE]

# ----------------------------------------------------------------------------
# -- Protobuf Tasks -------------------------------------------------------------
# ----------------------------------------------------------------------------
buf-mod:
dir: proto
internal: true
silent: true
desc: Update the buf.lock file
build-all:
desc: Build the binary for all platforms and docker
cmds:
- buf mod update

buf-build:
dir: proto
internal: true
silent: true
desc: Build the protobuf files
deps: [buf-mod]
cmds:
- buf build

buf-push:
dir: proto
internal: true
silent: true
desc: Push the protobuf files to the registry
deps: [buf-build]
cmds:
- buf push
- make build
- task: docker:build

generate:
aliases:

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feedback:

  • It looks like the release-docker task and related tasks for building and pushing the Docker image have been removed. It would be helpful to understand the reasoning behind this change and whether there is an alternative way to handle Docker image building and pushing.
  • The build-all task has been added to build the binary for all platforms and Docker. However, it is unclear what the make build command does. It would be beneficial to provide more information about the make command and its purpose.

Example of an improved code:

cmds:
  - make build

build-all:
  desc: Build the binary for all platforms and Docker
  cmds:
    - make build
    - task: docker:build
  • The buf-mod, buf-build, and buf-push tasks related to protobuf files have been removed. It would be helpful to know if there is an alternative approach for handling protobuf files or if they are no longer needed in the codebase.

Example of an improved code:

cmds:
  - make build

build-all:
  desc: Build the binary for all platforms and Docker
  cmds:
    - make build
    - task: docker:build

generate:
  aliases:

Overall, it would be constructive to provide more context and explanation for the removed code and any new approaches introduced.

Comment on lines 1 to 67
version: "3"
vars:
CGO_ENABLED: 1
WASMVM_URL: https://github.com/CosmWasm/wasmvm/releases/download
VERSION:
sh: echo $(git describe --tags --abbrev=0)
default: v0.0.0
COMMIT:
sh: git log -n 1 --format=%h
default: 0000000
DATE:
sh: date -u '+%m/%d/%y %I:%M:%S%p'
default: "1970-01-01_00:00:00AM"
COSMWASM_VERSION:
sh: go list -m github.com/CosmWasm/wasmvm | sed 's/.* //'
default: v1.3.0
GO_VERSION:
sh: cat go.mod | grep -E 'go [0-9].[0-9]+' | cut -d ' ' -f 2
default: 1.21
GITHUB_TOKEN:
sh: echo $GITHUB_TOKEN
default: ""
GORELEASER_IMAGE: ghcr.io/goreleaser/goreleaser-cross:v{{.GO_VERSION}}
tasks:
# ----------------------------------------------------------------------------
# -- Run Tasks ---------------------------------------------------------------
# ----------------------------------------------------------------------------
docker:
desc: Print the version
silent: true
cmds:
- task -l

release:
desc: Build the binary for docker
cmds:
- task: docker-build
- for: ["ghcr.io/sonr-io", "registry.digitalocean.com/sonrhq"]
task: docker-push
vars:
REGISTRY: '{{.ITEM}}'
IMAGE: sonrd

build:
silent: true
desc: Build, tag and push the docker image
cmds:
- docker build -f ./docker/deploy/Dockerfile . -t sonrd

tag:
silent: true
desc: Build, tag and push the docker image
cmds:
- echo "Tagging {{.IMAGE}} with {{.REGISTRY}}/{{.IMAGE}}"
- docker tag sonrd {{.REGISTRY}}/{{.IMAGE}}:{{.VERSION}}
- docker tag sonrd {{.REGISTRY}}/{{.IMAGE}}:{{.COMMIT}}
requires:
vars: [IMAGE, REGISTRY]

push:
silent: true
desc: Build, tag and push the docker image
cmds:
- echo "Pushing {{.REGISTRY}}/{{.IMAGE}}..."
- docker push {{.REGISTRY}}/{{.IMAGE}} --all-tags
requires:
vars: [IMAGE, REGISTRY]

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code changes overall look good, but there are a few areas where we can improve:

  1. Instead of using shell commands directly in the YAML file, it's better to move them to a separate script file and call the script from the YAML. This makes the code more modular and easier to maintain.

Example:

vars:
  VERSIONCMD: sh scripts/get_version.sh

release:
  desc: Build the binary for docker
  cmds:
    - sh scripts/build_binary.sh
  1. Use consistent naming conventions for variables. Currently, there is a mix of uppercase and lowercase letters in the variable names. It's recommended to use lowercase letters with underscores for better readability.

  2. Make use of variable substitution in the YAML file to reduce duplication and improve maintainability. Instead of hardcoding values multiple times, define variables and use them where needed.

Example:

variables:
  tag_version: "{{.VERSION}}"
  tag_commit: "{{.COMMIT}}"

tag:
  silent: true
  desc: Build, tag and push the docker image
  cmds:
    - echo "Tagging {{ .IMAGE }} with {{ .REGISTRY }}/{{ .IMAGE }}"
    - docker tag sonrd {{ .REGISTRY }}/{{ .IMAGE }}:{{ tag_version }}
    - docker tag sonrd {{ .REGISTRY }}/{{ .IMAGE }}:{{ tag_commit }}
  requires:
    vars: [IMAGE, REGISTRY, VERSION, COMMIT]

By following these recommendations, the code becomes more modular, readable, and maintainable.

Comment on lines 13 to +49
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: ["go", "typescript"]
queries: ['crypto-com/[email protected]']
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://git.io/codeql-language-support

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

#- run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

coverage:
name: Scan/Upload Coverage
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, the code changes look good, but here are a few suggestions for improvement:

  1. Move the coverage block outside the steps block in order to maintain a clear separation of concerns and improve readability.

    coverage:
      name: Scan/Upload Coverage
      runs-on: ubuntu-latest
      steps:
        # ...
  2. Use the env block under the jobs key to define environment variables instead of using env within each step.

    jobs:
      build:
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        steps:
          # ...
  3. Consider using an explicit version of the sonarsource/sonarcloud-github-action instead of @master to ensure a specific version is used.

    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@<version>
      env:
        GITHUB_TOKEN: ${{ secrets.GH_ACTIONS_PAT }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
  4. Add comments to explain the purpose of each step to increase code readability and maintainability.

    - name: Checkout repository
      uses: actions/checkout@v3
       
    # ...
    
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
    
    # ...

These changes help improve the readability, organization, and maintainability of the code.

Comment on lines 57 to 59
cmds:
- |
make proto-all

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on best practices, here are some suggestions for improving the code changes:

  1. Remove unnecessary Git commands: You can remove the git add . and git commit commands, as they are not relevant in this context. Only the Make command make proto-all should be used.

  2. Use environment variables instead of hardcoding values: Instead of hardcoding values in the go-cross-build task, consider using environment variables. This will make the code more flexible and reusable.

  3. Simplify the go-cross-build task: The go-cross-build task can be simplified using a single-line Docker command, rather than using a multi-line command. Use backticks (```) to escape multi-line commands for improved readability.

Updated code:

cmds:
  - |
    make proto-all

go-cross-build:
  desc: Build the binary for all platforms
  cmds:
    - docker run \
      --rm \
      -e COSMWASM_VERSION={{.COSMWASM_VERSION}} \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v `pwd`:/go/src/sonrd \
      -w /go/src/sonrd \
      {{.GORELEASER_IMAGE}} \
      build \
      --clean \
      --skip=validate \
      --id={{.ID}}
  requires:
    vars: [ID]

These changes simplify the code and adhere to best practices, improving readability and maintainability.

@sweep-ai
Copy link

sweep-ai bot commented Oct 25, 2023

Apply Sweep Rules to your PR?

  • Apply: Leftover TODOs in the code should be handled.
  • Apply: All new business logic should have corresponding unit tests in the tests/ directory.
  • Apply: Any clearly inefficient or repeated code should be optimized or refactored.

services/plugin/interface.go Dismissed Show dismissed Hide dismissed
@prnk28 prnk28 added the Docker label Oct 30, 2023
@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot E 5 Security Hotspots
Code Smell A 88 Code Smells

0.0% 0.0% Coverage
1.1% 1.1% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

@prnk28 prnk28 merged commit a53564d into master Oct 30, 2023
8 of 16 checks passed
@prnk28 prnk28 deleted the refactor/identity branch October 30, 2023 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Archived in project
Development

Successfully merging this pull request may close these issues.

1 participant