From e12a684ca3947dcf1be73c3b2d1cd55fdc93d70d Mon Sep 17 00:00:00 2001
From: Brian Luk <brian6.dev@gmail.com>
Date: Thu, 24 Oct 2024 16:58:06 -0700
Subject: [PATCH] add workflows

---
 .github/workflows/build.yml         | 47 +++++++++++++++++++++++++++++
 .github/workflows/golangci-lint.yml | 29 ++++++++++++++++++
 .github/workflows/gosec.yaml        | 45 +++++++++++++++++++++++++++
 .github/workflows/shellcheck.yml    | 18 +++++++++++
 4 files changed, 139 insertions(+)
 create mode 100644 .github/workflows/build.yml
 create mode 100644 .github/workflows/golangci-lint.yml
 create mode 100644 .github/workflows/gosec.yaml
 create mode 100644 .github/workflows/shellcheck.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..bdf7905
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,47 @@
+name: Compile And Test
+on:
+  push:
+    branches:
+      - "**"
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - name: Set up access to private Go modules
+        env:
+          GITHUB_USER: ${{ secrets.GH_USER }}
+          GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+        run: git config --global url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf "https://github.com"
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: "./go.mod"
+          cache: true
+      - run: go version
+
+      - name: Compile
+        run: make build
+
+      - name: Test
+        run: go test ./...
+
+      - name: Happypath
+        run: |
+          export PATH=./build/:$PATH
+          ./scripts/ci/prepare-env.sh
+          ./scripts/happypath.sh
+
+      - name: Restart
+        run: |
+          kill $(pgrep -fi sscd)
+          sleep 5
+          rm -rf ~/.ssc/
+          export PATH=./build/:$PATH
+          ./scripts/ci/prepare-env.sh
+          ./scripts/escrow-chainlet-restart.sh
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
new file mode 100644
index 0000000..014bc97
--- /dev/null
+++ b/.github/workflows/golangci-lint.yml
@@ -0,0 +1,29 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - '**'
+permissions:
+  contents: read
+  # Optional: allow read access to pull requests. Use with `only-new-issues` option.
+  # pull-requests: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - name: Set up access to private Go modules
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_ACCESS_TOKEN }}
+          GITHUB_USER: ${{ secrets.GH_USER }}
+        run: git config --global url."https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com".insteadOf "https://github.com"
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
+        with:
+          go-version-file: './go.mod'
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          args: --timeout 600s
\ No newline at end of file
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
new file mode 100644
index 0000000..0a0d7c8
--- /dev/null
+++ b/.github/workflows/gosec.yaml
@@ -0,0 +1,45 @@
+name: Run Gosec
+on:
+  pull_request:
+    branches:
+      - main
+      - release/**
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
+  push:
+    branches:
+      - main
+    paths:
+      - "**/*.go"
+      - "go.mod"
+      - "go.sum"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  Gosec:
+    permissions:
+      security-events: write
+
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v4
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          # we let the report trigger content trigger a failure using the GitHub Security features.
+          args: "-exclude=G101,G107 -exclude-dir=systemtests -no-fail -fmt sarif -out results.sarif ./..."
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: results.sarif
diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml
new file mode 100644
index 0000000..1dd2014
--- /dev/null
+++ b/.github/workflows/shellcheck.yml
@@ -0,0 +1,18 @@
+name: ShellCheck
+
+on: [push]
+
+permissions:
+ contents: read
+jobs:
+  shellcheck:
+    name: Run shellcheck
+    runs-on: ubuntu-latest
+    env:
+      GOPRIVATE: github.com/sagaxyz/*
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@master
+        env:
+          SHELLCHECK_OPTS: -e SC2086
\ No newline at end of file