Update Managed Files (#17)

* Update dep-review

* Update go-makefile

* Update go-dependabot

* Update go-test

* Remove old test wf

---------

Co-authored-by: StartToaster <[email protected]>

Author: ChiaAutomation

.github/dependabot.yml

@@ -1,8 +1,5 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
+# This file is managed by the repo-content-updater project. Manual changes here will result in a PR to bring back
+# inline with the upstream template, unless you remove the go-dependabot managed file property from the repo
 version: 2
 updates:
   - package-ecosystem: gomod

.github/workflows/dependency-review.yml

@@ -0,0 +1,24 @@
+# Managed by repo-content-updater
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: "🚨 Dependency Review"
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@v4
+        with:
+          deny-licenses: AGPL-1.0-only, AGPL-1.0-or-later, AGPL-1.0-or-later, AGPL-3.0-or-later, GPL-1.0-only, GPL-1.0-or-later, GPL-2.0-only, GPL-2.0-or-later, GPL-3.0-only, GPL-3.0-or-later

.github/workflows/test.yaml .github/workflows/go-test.yml

@@ -1,4 +1,4 @@
-name: Test/Lint/Fmt/Vet
+name: Go Test
 on:
   push:
     branches:
@@ -9,9 +9,11 @@ jobs:
   test:
     runs-on: ubuntu-latest
     container: golang:1
-    env:
-      GOFLAGS: "-buildvcs=false"
     steps:
+      - name: Mark git directory safe
+        uses: Chia-Network/actions/git-mark-workspace-safe@main
+
       - uses: actions/checkout@v4
+
       - name: Test
         run: make test

Makefile

@@ -25,8 +25,9 @@ all: fmt lint vet build
 .PHONY: build
 build: $(BIN) ; $(info $(M) building executable…) @ ## Build program binary
 	$Q CGO_ENABLED=0 $(GO) build \
+		-ldflags "-X main.gitVersion=$$(git describe --tags) -X $(MODULE)/cmd.gitVersion=$$(git describe --tags) -X \"main.buildTime=$$(date -u '+%Y-%m-%d %H:%M:%S %Z')\" -X \"$(MODULE)/cmd.buildTime=$$(date -u '+%Y-%m-%d %H:%M:%S %Z')\"" \
 		-tags release \
-		-o $(BIN)/$(notdir $(basename $(MODULE)))$(binext) main.go
+		-o $(BIN)/$(notdir $(basename $(MODULE)))$(binext)
 # Tools
 
 $(BIN):
@@ -45,6 +46,9 @@ $(BIN)/staticcheck: PACKAGE=honnef.co/go/tools/cmd/staticcheck@latest
 ERRCHECK = $(BIN)/errcheck
 $(BIN)/errcheck: PACKAGE=github.com/kisielk/errcheck@latest
 
+VULNCHECK = $(BIN)/govulncheck
+$(BIN)/govulncheck: PACKAGE=golang.org/x/vuln/cmd/govulncheck@latest
+
 # Tests
 
 TEST_TARGETS := test-default test-bench test-short test-verbose test-race
@@ -55,7 +59,7 @@ test-verbose: ARGS=-v            ## Run tests in verbose mode
 test-race:    ARGS=-race         ## Run tests with race detector
 $(TEST_TARGETS): NAME=$(MAKECMDGOALS:test-%=%)
 $(TEST_TARGETS): test
-check test tests: fmt lint vet staticcheck errcheck; $(info $(M) running $(NAME:%=% )tests…) @ ## Run tests
+check test tests: fmt lint vet staticcheck errcheck vulncheck; $(info $(M) running $(NAME:%=% )tests…) @ ## Run tests
 	$Q $(GO) test -timeout $(TIMEOUT)s $(ARGS) $(TESTPKGS)
 
 .PHONY: lint
@@ -78,6 +82,10 @@ staticcheck: | $(STATICCHECK) ; $(info $(M) running staticcheck…) @
 errcheck: | $(ERRCHECK) ; $(info $(M) running errcheck…) @
 	$Q $(ERRCHECK) $(PKGS)
 
+.PHONY: vulncheck
+vulncheck: | $(VULNCHECK) ; $(info $(M) running vulncheck…) @
+	$Q $(VULNCHECK) $(PKGS)
+
 # Misc
 
 .PHONY: clean