CI (#6)

* change: unit test should use Error instead of Fatal

* CHANGELOG: update

* README: update

* add: first draft for the CI

* ci: add a releaser, more tests and code analysis

* add precommit and fix all the warnings

* github: add gosec automated scan

* github: add golangci linting

* try to avoid duplicated workflows

.github/workflows/codeql.yml

@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '39 13 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/release.yml

@@ -0,0 +1,30 @@
+name: goreleaser
+
+on:
+  push:
+    tags:
+      - '*'
+    branches:
+      - master
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: WillAbides/[email protected]
+        with:
+          go-version: 1.17
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/security.yml

@@ -0,0 +1,27 @@
+name: "Security Scan"
+
+# Run workflow each time code is pushed to your repository and on a schedule.
+# The scheduled workflow runs every at 00:00 on Sunday UTC time.
+on:
+  push:
+  schedule:
+  - cron: '3 4 * * 0'
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: '-no-fail -fmt sarif -out results.sarif ./...'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif

.github/workflows/test.yml

@@ -0,0 +1,56 @@
+---
+name: gotest
+on: push
+
+jobs:
+  gotest:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set up Go
+        uses: WillAbides/[email protected]
+        with:
+          go-version: 1.17
+
+      - name: Test Go Code
+        run: "go test ./..."
+
+      - name: Run Go Vet
+        run: "go vet ./..."
+
+      - name: Run StaticCheck
+        uses: dominikh/[email protected]
+        with:
+          version: "2021.1.1"
+          install-go: false
+
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          # only-new-issues: true
+
+          # Optional: if set to true then the action will use pre-installed Go.
+          # skip-go-installation: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+---
+ci:
+    autofix_prs: true
+    skip: []
+    submodules: false
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v1.2.0
+    hooks:
+      - id: conventional-pre-commit
+        stages: [commit-msg]
+  - repo: https://github.com/golangci/golangci-lint
+    rev: v1.44.0 # Keep this in-sync with `.tool-versions`
+    hooks:
+    -   id: golangci-lint
+  - repo: https://github.com/tekwizely/pre-commit-golang
+    rev: v1.0.0-beta.5
+    hooks:
+    -   id: go-fmt
+    -   id: go-fmt-repo
+    -   id: go-sec-mod
+    -   id: go-build-mod
+    -   id: go-mod-tidy

CHANGELOG.md

@@ -9,19 +9,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 added: unit tests around the whole project
 changed: `collectors` package now use the API client
 changed: `online` package now provide an API client
-changed: replaced `used` by `usage` in dedibackup usage metrics  
-changed: removed labels `id` and `sender` on dedibox_pending_abuse metrics  
-changed: removed label `id` on dedibox_ddos metric  
-changed: dedibox_ddos_count_total is now named dedibox_ddos_count  
-changed: dedibox_abuse_count_total is now named dedibox_pending_abuse_count  
-changed: dedibox_abuse is now named dedibox_pending_abuse  
-fixed: don't dynamically guess the abuse status as we're only retrieving pending abuses now  
-added: create a CHANGELOG file  
-fixed: metrics description consistency through the collectors and the README  
-added: command line flag to manage log level  
-changed: logging is now done through `sirupsen/logrus`  
-added: command line flag to select collectors to enable  
-added: metrics on ddos attacks  
-added: total abuse count metric  
-added: parse URL before querying it in the `online` module  
-changed: only fetch unresolved abuses  
+changed: replaced `used` by `usage` in dedibackup usage metrics
+changed: removed labels `id` and `sender` on dedibox_pending_abuse metrics
+changed: removed label `id` on dedibox_ddos metric
+changed: dedibox_ddos_count_total is now named dedibox_ddos_count
+changed: dedibox_abuse_count_total is now named dedibox_pending_abuse_count
+changed: dedibox_abuse is now named dedibox_pending_abuse
+fixed: don't dynamically guess the abuse status as we're only retrieving pending abuses now
+added: create a CHANGELOG file
+fixed: metrics description consistency through the collectors and the README
+added: command line flag to manage log level
+changed: logging is now done through `sirupsen/logrus`
+added: command line flag to select collectors to enable
+added: metrics on ddos attacks
+added: total abuse count metric
+added: parse URL before querying it in the `online` module
+changed: only fetch unresolved abuses

README.md

@@ -4,7 +4,7 @@ A Prometheus Exporter for the [Dedibox API](https://console.online.net/fr/api/)
 
 ## Metrics
 
-Note: for metrics like `abuse` or `ddos`, only the first page (latest infos) is fetched from the API to avoid overloading it.  
+Note: for metrics like `abuse` or `ddos`, only the first page (latest infos) is fetched from the API to avoid overloading it.
 The goal of this exporter is to create alerts on new DDoS attacks or unresolved abuses, not provide advanced statistic on your account.
 
 | Name | Description | Labels |
@@ -31,5 +31,5 @@ Require `ONLINE_API_TOKEN` to be set with your Online.net's API token.
 | metric-path | /metrics | Path under which to expose metrics |
 
 ## Issues & Contribution
-All bug report, packaging requests, features requests or PR are accepted.  
+All bug report, packaging requests, features requests or PR are accepted.
 I mainly created this exporter for my personal usage but I'll be happy to hear about your needs.

collectors.go

@@ -3,6 +3,8 @@ package main
 import (
 	"fmt"
 	"strings"
+
+	log "github.com/sirupsen/logrus"
 )
 
 var validCollectors = []string{"abuse", "ddos", "plan", "dedibackup"}
@@ -44,5 +46,9 @@ func (cs *collectorSlice) Set(cltr string) error {
 }
 
 func (cs *collectorSlice) SetDefaultCollector() {
-	cs.Set(validCollectors[0])
+	err := cs.Set(validCollectors[0])
+	if err != nil {
+		log.Debug(err)
+		log.WithField("collectors", validCollectors[0]).Fatal("unable to set default collector")
+	}
 }

dedibox-exporter.go

@@ -69,13 +69,20 @@ func main() {
 	}).Info("Starting Dedibox Exporter")
 	http.Handle(metricsPath, promhttp.Handler())
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(`<html>
-             <head><title>Dedibox Exporter</title></head>
-             <body>
-             <h1>Dedibox Exporter</h1>
-             <p><a href='` + metricsPath + `'>Metrics</a></p>
-             </body>
-             </html>`))
+		_, err := w.Write(
+			[]byte(
+				`<html>
+			     		<head><title>Dedibox Exporter</title></head>
+			     		<body>
+			     			<h1>Dedibox Exporter</h1>
+			     			<p><a href='` + metricsPath + `'>Metrics</a></p>
+			     		</body>
+			     	</html>`,
+			))
+		if err != nil {
+			log.Debug(err)
+			log.WithField("path", "/").Error("unable to show the page")
+		}
 	})
 	log.Fatal(http.ListenAndServe(listenAddress, nil))
 }

go.mod

@@ -3,6 +3,7 @@ module github.com/FinweVI/dedibox-exporter
 go 1.17
 
 require (
+	github.com/gofrs/uuid v4.2.0+incompatible
 	github.com/mitchellh/mapstructure v1.4.3
 	github.com/prometheus/client_golang v1.12.0
 	github.com/sirupsen/logrus v1.8.1
@@ -11,7 +12,6 @@ require (
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/gofrs/uuid v4.2.0+incompatible // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect

go.sum

@@ -52,6 +52,7 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -156,6 +157,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@@ -189,6 +191,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -458,6 +461,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

online/testutil/api.go

@@ -5,12 +5,26 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"path"
+	"path/filepath"
+	"runtime"
 	"strconv"
 	"strings"
 )
 
+func RootDir() string {
+	_, b, _, _ := runtime.Caller(0)
+	d := path.Join(path.Dir(b))
+	return filepath.Dir(d)
+}
+
 func fixture(path string) string {
-	b, err := ioutil.ReadFile("../testdata/fixtures/" + path)
+	filePath := filepath.Join(
+		RootDir(),
+		"/testdata/fixtures/",
+		path,
+	)
+	b, err := ioutil.ReadFile(filepath.Clean(filePath))
 	if err != nil {
 		panic(err)
 	}