Merge pull request #4 from celo-org/tests-readme

Tests readme

.github/workflows/ci-cd.yaml

@@ -21,6 +21,9 @@ jobs:
  - name: Build the project
  run: |
  make build
+ - name: Run the test
+ run: |
+ make test
 
  socket-exporter-build-dev:
  uses: celo-org/reusable-workflows/.github/workflows/[email protected]
@@ -30,7 +33,7 @@ jobs:
  contents: read
  id-token: write
  security-events: write
- if: ${{ github.ref != 'refs/heads/main' && startsWith(github.ref, 'refs/heads/') }}
+ if: ${{ github.ref != 'refs/heads/main' && startsWith(github.ref, 'refs/pull/') }}
  with:
  workload-id-provider: 'projects/1094498259535/locations/global/workloadIdentityPools/gh-socket-exporter/providers/github-by-repos'
  service-account: '[email protected]'

Makefile

@@ -4,3 +4,7 @@ build:
  GOOS=darwin GOARCH=amd64 go build -o bin/image-annotator-webhook-darwin-amd64 .
  GOOS=linux GOARCH=amd64 go build -o bin/image-annotator-webhook-linux-amd64 .
 
+.PHONY: test
+test:
+ @echo "\n🛠️ Running unit tests..."
+ go test ./...

README.md

@@ -0,0 +1,40 @@
+# socket-dev-exporter
+
+A simple Prometheus exporter to expose [Socket.dev](https://socket.dev/) scores for the latest versions of `@celo` NPM packages written in go.
+
+This exporter exposes metrics in port `9101`, path `/metrics`, with the following format:
+
+```txt
+# HELP socket_score Shows socket.dev packages scores
+# TYPE socket_score gauge
+socket_score{package="@celo/0x-contracts",score="license",version="2.1.2-0.0"} 0.8629757195290285
+socket_score{package="@celo/0x-contracts",score="maintenance",version="2.1.2-0.0"} 0.6968453019359488
+socket_score{package="@celo/0x-contracts",score="miscellaneous",version="2.1.2-0.0"} 0
+socket_score{package="@celo/0x-contracts",score="quality",version="2.1.2-0.0"} 0.6410426253533731
+socket_score{package="@celo/0x-contracts",score="supplychainrisk",version="2.1.2-0.0"} 0.39592272547306173
+socket_score{package="@celo/0x-contracts",score="vulnerability",version="2.1.2-0.0"} 0.25
+...
+```
+
+## Configuration
+
+3 environmental variables are available to configure this exporter:
+
+- `API_TOKEN` (REQUIRED): A [Socket.dev](https://socket.dev/) API token.
+- `LOG_LEVEL`: The [Logrus](https://github.com/sirupsen/logrus) log level. If not set, defaults to `info`.
+- `PERIOD`: The period to refresh the [Socket.dev](https://socket.dev/) scores, in hours. If not set, defaults to `24`.
+
+## Tests
+
+Tests can be found in [`main_tests.go`](./main_test.go).
+
+## CI/CD
+
+The CI/CD pipeline is defined as [GitHub Action workflow](.github/workflows/ci-cd.yaml) with the following jobs:
+
+- With each PR, commit to `main` or release the code will be built and tested.
+- With each PR, a Docker image will be pushed to `us-west1-docker.pkg.dev/devopsre/dev-images/socket-exporter` with tag `test`.
+- With each commit to `main`, a Docker image will be pushed to `us-west1-docker.pkg.dev/devopsre/socket-exporter/socket-exporter` with tag `latest`.
+- With each release, a Docker image will be pushed to `us-west1-docker.pkg.dev/devopsre/socket-exporter/socket-exporter` with the same tag as the release tag.
+
+The Dockerfile for building the Docker image can be found [here](./Dockerfile).

go.mod

@@ -5,6 +5,7 @@ go 1.19
 require (
  github.com/beorn7/perks v1.0.1 // indirect
  github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/davecgh/go-spew v1.1.1 // indirect
  github.com/joho/godotenv v1.5.1 // indirect
  github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
  github.com/prometheus/client_golang v1.18.0 // indirect

go.sum

@@ -3,6 +3,7 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=

main_test.go

@@ -0,0 +1,52 @@
+package main
+
+import (
+ "os"
+ "os/exec"
+ "testing"
+
+ "github.com/prometheus/client_golang/prometheus"
+ "github.com/prometheus/client_golang/prometheus/testutil"
+)
+
+// Source https://stackoverflow.com/a/33404435
+// Exit with return code 1 if env. var. is not provided
+func TestApiTokenCrash(t *testing.T) {
+ if os.Getenv("BE_CRASHER") == "1" {
+ main()
+ return
+ }
+ cmd := exec.Command(os.Args[0], "-test.run=TestApiTokenCrash")
+ cmd.Env = append(os.Environ(), "BE_CRASHER=1")
+ err := cmd.Run()
+ if e, ok := err.(*exec.ExitError); ok && !e.Success() {
+ return
+ }
+ t.Fatalf("process ran with err %v, want exit status 1", err)
+}
+
+var collector = newSocketCollector()
+var ch = make(chan prometheus.Metric)
+
+// Count that the number of metrics is greater than 1
+func TestCollectAndCount(t *testing.T) {
+
+ updateMetrics()
+
+ number := testutil.CollectAndCount(collector, "socket_score")
+ if number < 1 {
+ t.Fatalf("Less than 1 metric was returned. Only %d metrics returned", number)
+ }
+
+}
+
+// Check linter on metrics
+func TestCollectndLint(t *testing.T) {
+
+ problem, err := testutil.CollectAndLint(collector, "socket_score")
+ if err != nil {
+ t.Errorf("%s", err.Error())
+ t.Errorf("%s", problem)
+ }
+
+}