[AUTO-CHERRYPICK] Fix CVE-2024-21538 in nodejs - branch main (#11189) #35077
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
name: Go Test Coverage | |
on: | |
push: | |
branches: [main, dev, 1.0*, 2.0*, fasttrack/*] | |
pull_request: | |
branches: [main, dev, 1.0*, 2.0*, fasttrack/*] | |
permissions: read-all | |
env: | |
EXPECTED_GO_VERSION: "1.21" | |
jobs: | |
build: | |
name: Go Test Coverage | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Go 1.x | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '${{ env.EXPECTED_GO_VERSION }}' | |
id: go | |
- name: Check active go version | |
run: | | |
go version && which go | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
- name: Check go.mod | |
run: | | |
if grep -q "go $EXPECTED_GO_VERSION" ./toolkit/tools/go.mod; then | |
echo "go.mod has correct version ($EXPECTED_GO_VERSION)" | |
else | |
actual_version="$(grep -E '^go [0-9]+\.[0-9]+' ./toolkit/tools/go.mod)" | |
echo "go.mod has bad version expected:$EXPECTED_GO_VERSION, found: $actual_version" | |
echo "UPDATE ./github/workflows/go-test-coverage.yml AND prerequisite documentation if minimum go version changed" | |
exit 1 | |
fi | |
- name: Install prerequisites | |
run: | | |
sudo apt-get update | |
sudo apt -y install qemu-utils | |
- name: Check for bad go formatting | |
run: | | |
pushd toolkit | |
sudo env "PATH=$PATH" make go-fmt-all | |
changes=$(git diff *.go) | |
if [ -n "$changes" ]; then | |
echo Unformatted go files! | |
git diff *.go | |
exit 1 | |
fi | |
- name: Check for out of date go modules | |
run: | | |
pushd toolkit | |
sudo env "PATH=$PATH" make go-mod-tidy | |
modchanges=$(git diff tools/go.mod) | |
sumchanges=$(git diff tools/go.sum) | |
if [ -n "$modchanges$sumchanges" ]; then | |
echo Module files out of date! | |
git diff tools/go.mod | |
git diff tools/go.sum | |
exit 1 | |
fi | |
- name: Check for missing tests | |
run: | | |
pushd toolkit | |
noTestCount=$(sudo make go-test-coverage | grep "no test files" | wc -l) | |
if [ "$noTestCount" -ne "0" ]; then | |
sudo env "PATH=$PATH" make go-test-coverage | grep "no test files" | |
echo Missing $noTestCount Go Tests! | |
fi | |
- name: Evaluate test coverage | |
run: | | |
pushd toolkit | |
sudo env "PATH=$PATH" make go-test-coverage | |
- name: Upload test coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: TestCoverage | |
path: toolkit/out/tools/test_coverage_report.html | |
- name: Ensure all tools build | |
run: | | |
pushd toolkit | |
sudo env "PATH=$PATH" make go-tools REBUILD_TOOLS=y |