From 7f3a5c996db207b9f922dfdb43466f0651e15175 Mon Sep 17 00:00:00 2001
From: Apoorva Jagtap <apoorvajagtap4@gmail.com>
Date: Sun, 23 Jul 2023 03:03:33 +0530
Subject: [PATCH] added gosec & govulncheck

---
 .github/workflows/issues.yml |  7 ++++--
 .github/workflows/test.yml   | 35 ++++++++++++++++++--------
 .gitignore                   |  1 +
 Makefile                     | 49 +++++++++++++++++++-----------------
 README.md                    |  8 +++---
 5 files changed, 62 insertions(+), 38 deletions(-)
 create mode 100644 .gitignore

diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml
index 193eb32a..055ca822 100644
--- a/.github/workflows/issues.yml
+++ b/.github/workflows/issues.yml
@@ -1,10 +1,13 @@
-# Add all the issues created to the project. 
-name: Add all issues to Project
+# Add issues or pull-requests created to the project. 
+name: Add issue or pull request to Project
 
 on:
   issues:
     types:
       - opened
+  pull_request:
+    types:
+      - opened
 
 jobs:
   add-to-project:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 152cd742..af48d228 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,5 @@
 name: CI
-on: 
+on:
   push:
     branches:
       - main
@@ -13,8 +13,8 @@ permissions:
 jobs:
   verify-and-test:
     strategy:
-      matrix: 
-        go: ['1.18', '1.19','1.20']
+      matrix:
+        go: ['1.19','1.20']
         os: [ubuntu-latest, macos-latest, windows-latest]
       fail-fast: true
     runs-on: ${{ matrix.os }}
@@ -27,14 +27,29 @@ jobs:
         with:
           go-version: ${{ matrix.go }}
           cache: false
-      
-      - name: Verify
+
+      - name: Run GolangCI-Lint
         uses: golangci/golangci-lint-action@v3
-        with: 
+        with:
           version: v1.53
           args: --timeout=5m
-      
-      - name: Test
-        run: go test -race --coverprofile=coverage.txt --covermode=atomic -v ./...
+
+      - name: Run GoSec
+        if: matrix.os == 'ubuntu-latest'
+        uses: securego/gosec@master
+        with:
+          args: ./...
+
+      - name: Run GoVulnCheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-input: ${{ matrix.go }}
+          go-package: ./...
+
+      - name: Run Tests
+        run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./...
+
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
\ No newline at end of file
+        uses: codecov/codecov-action@v3
+        with:
+          files: ./coverage
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..84039fec
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+coverage.coverprofile
diff --git a/Makefile b/Makefile
index bdf224b0..e1be1737 100644
--- a/Makefile
+++ b/Makefile
@@ -1,33 +1,36 @@
-SHELL := /bin/bash
+GO_LINT=$(shell which golint 2> /dev/null || echo '')
+GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest
 
-# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
-ifeq (,$(shell go env GOBIN))
-GOBIN=$(shell go env GOPATH)/bin
-else
-GOBIN=$(shell go env GOBIN)
-endif
+# Resolving binary dependencies for specific targets
+GO_SEC=$(shell which gosec 2> /dev/null || echo '')
+GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest
 
-# LINT is the path to the golangci-lint binary
-LINT = $(shell which golangci-lint)
+# Resolving binary dependencies for specific targets
+GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
+GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest
 
 .PHONY: golangci-lint
 golangci-lint:
-ifeq (, $(LINT))
-  ifeq (, $(shell which golangci-lint))
-	@{ \
-	set -e ;\
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest ;\
-	}
-  override LINT=$(GOBIN)/golangci-lint
-  else
-  override LINT=$(shell which golangci-lint)
-  endif
-endif
+	$(if $(GO_LINT), ,go install $(GO_LINT_URI))
+	@echo "##### Running golangci-lint"
+	golangci-lint run -v
+	
+.PHONY: gosec
+gosec:
+	$(if $(GO_SEC), ,go install $(GO_SEC_URI))
+	@echo "##### Running gosec"
+	gosec ./...
+
+.PHONY: govulncheck
+govulncheck:
+	$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
+	@echo "##### Running govulncheck"
+	govulncheck ./...
 
 .PHONY: verify
-verify: golangci-lint
-	$(LINT) run
+verify: golangci-lint gosec govulncheck
 
 .PHONY: test
 test:
-	go test -race --coverprofile=coverage.coverprofile --covermode=atomic -v ./...
+	@echo "##### Running tests"
+	go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...
\ No newline at end of file
diff --git a/README.md b/README.md
index f836a4e7..64af2430 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,10 @@
 # gorilla/mux
 
-[![GoDoc](https://godoc.org/github.com/gorilla/mux?status.svg)](https://godoc.org/github.com/gorilla/mux)
-[![CircleCI](https://circleci.com/gh/gorilla/mux.svg?style=svg)](https://circleci.com/gh/gorilla/mux)
-[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/mux?badge)
+![testing](https://github.com/gorilla/mux/actions/workflows/test.yml/badge.svg)
+[![codecov](https://codecov.io/github/gorilla/mux/branch/master/graph/badge.svg)](https://codecov.io/github/gorilla/mux)
+[![godoc](https://godoc.org/github.com/gorilla/mux?status.svg)](https://godoc.org/github.com/gorilla/mux)
+[![sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/mux?badge)
+
 
 ![Gorilla Logo](https://cloud-cdn.questionable.services/gorilla-icon-64.png)