From 312088d2a48859f23c7148d193480559c409a58c Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Fri, 19 Jul 2024 03:20:42 +0100 Subject: [PATCH 01/35] Create sonarqube.yml --- .github/workflows/sonarqube.yml | 66 +++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/sonarqube.yml diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml new file mode 100644 index 0000000..a9f2d42 --- /dev/null +++ b/.github/workflows/sonarqube.yml @@ -0,0 +1,66 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarQube analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# (this feature is available starting from SonarQube 9.7, Developer Edition and above) + +# 1. Make sure you add a valid GitHub configuration to your SonarQube (Administration > DevOps platforms > GitHub) + +# 2. Import your project on SonarQube +# * Add your repository as a new project by clicking "Create project" from your homepage. +# +# 3. Select GitHub Actions as your CI and follow the tutorial +# * a. Generate a new token and add it to your GitHub repository's secrets using the name SONAR_TOKEN +# (On SonarQube, click on your avatar on top-right > My account > Security or ask your administrator) +# +# * b. Copy/paste your SonarQube host URL to your GitHub repository's secrets using the name SONAR_HOST_URL +# +# * c. Copy/paste the project Key into the args parameter below +# (You'll find this information in SonarQube by following the tutorial or by clicking on Project Information at the top-right of your project's homepage) + +# Feel free to take a look at our documentation (https://docs.sonarqube.org/latest/analysis/github-integration/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/sq/10) + +name: SonarQube analysis + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarQube to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Analyze with SonarQube + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarqube-scan-action@v1.1.0 + uses: SonarSource/sonarqube-scan-action@7295e71c9583053f5bf40e9d4068a0c974603ec8 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on SonarQube, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the sonarcloud scanner + args: + # Unique key of your project. You can find it in SonarQube > [my project] > Project Information (top-right menu) + # mandatory + -Dsonar.projectKey= + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # When you need the analysis to take place in a directory other than the one from which it was launched + #-Dsonar.projectBaseDir= # optional, default is . + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false From bb4dcb3c0d6c91922d81defa607913ae7e10c8b3 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Mon, 22 Jul 2024 02:53:03 +0100 Subject: [PATCH 02/35] fix imports --- .github/workflows/build.yaml | 2 +- cmd/escargs/escargs.go | 4 ++-- example_test.go | 2 +- go.mod | 2 +- shellescape.go | 2 +- shellescape_test.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7e66af8..7ab5f60 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,7 +10,7 @@ jobs: test: strategy: matrix: - go-version: [1.20.x, 1.21.x] + go-version: [1.20.x, 1.21.x, 1.22.x] os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: diff --git a/cmd/escargs/escargs.go b/cmd/escargs/escargs.go index 6df6602..52b0021 100644 --- a/cmd/escargs/escargs.go +++ b/cmd/escargs/escargs.go @@ -11,7 +11,7 @@ import ( "log" "os" - "github.com/alessio/shellescape" + "al.essio.dev/pkg/shellescape" ) var ( @@ -113,5 +113,5 @@ Options:` func outputVersion() { fmt.Fprintf(os.Stderr, "escargs version %s\n", version) - fmt.Fprintln(os.Stderr, "Copyright (C) 2020-2023 Alessio Treglia ") + fmt.Fprintln(os.Stderr, "Copyright (C) 2020-2024 Alessio Treglia ") } diff --git a/example_test.go b/example_test.go index d9cb344..caccd41 100644 --- a/example_test.go +++ b/example_test.go @@ -4,7 +4,7 @@ import ( "fmt" "strings" - "github.com/alessio/shellescape" + "al.essio.dev/pkg/shellescape" "github.com/google/shlex" ) diff --git a/go.mod b/go.mod index 6a43f1a..f46d761 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/alessio/shellescape +module al.essio.dev/pkg/shellescape go 1.18 diff --git a/shellescape.go b/shellescape.go index dc34a55..f3d0d9c 100644 --- a/shellescape.go +++ b/shellescape.go @@ -6,7 +6,7 @@ POSIX shells. The original Python package which this work was inspired by can be found at https://pypi.python.org/pypi/shellescape. */ -package shellescape // "import gopkg.in/alessio/shellescape.v1" +package shellescape // "import al.essio.dev/pkg/shellescape" /* The functionality provided by shellescape.Quote could be helpful diff --git a/shellescape_test.go b/shellescape_test.go index 41ae19c..dd0e9fc 100644 --- a/shellescape_test.go +++ b/shellescape_test.go @@ -3,7 +3,7 @@ package shellescape_test import ( "testing" - "github.com/alessio/shellescape" + "al.essio.dev/pkg/shellescape" ) func assertEqual(t *testing.T, s, expected string) { From a6eeed461ba98d91bc0cea9b08cd315b5770f93b Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Mon, 22 Jul 2024 03:01:13 +0100 Subject: [PATCH 03/35] remove sonarqube config file --- .github/workflows/sonarqube.yml | 66 --------------------------------- 1 file changed, 66 deletions(-) delete mode 100644 .github/workflows/sonarqube.yml diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml deleted file mode 100644 index a9f2d42..0000000 --- a/.github/workflows/sonarqube.yml +++ /dev/null @@ -1,66 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow helps you trigger a SonarQube analysis of your code and populates -# GitHub Code Scanning alerts with the vulnerabilities found. -# (this feature is available starting from SonarQube 9.7, Developer Edition and above) - -# 1. Make sure you add a valid GitHub configuration to your SonarQube (Administration > DevOps platforms > GitHub) - -# 2. Import your project on SonarQube -# * Add your repository as a new project by clicking "Create project" from your homepage. -# -# 3. Select GitHub Actions as your CI and follow the tutorial -# * a. Generate a new token and add it to your GitHub repository's secrets using the name SONAR_TOKEN -# (On SonarQube, click on your avatar on top-right > My account > Security or ask your administrator) -# -# * b. Copy/paste your SonarQube host URL to your GitHub repository's secrets using the name SONAR_HOST_URL -# -# * c. Copy/paste the project Key into the args parameter below -# (You'll find this information in SonarQube by following the tutorial or by clicking on Project Information at the top-right of your project's homepage) - -# Feel free to take a look at our documentation (https://docs.sonarqube.org/latest/analysis/github-integration/) -# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/sq/10) - -name: SonarQube analysis - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - workflow_dispatch: - -permissions: - pull-requests: read # allows SonarQube to decorate PRs with analysis results - -jobs: - Analysis: - runs-on: ubuntu-latest - - steps: - - name: Analyze with SonarQube - - # You can pin the exact commit or the version. - # uses: SonarSource/sonarqube-scan-action@v1.1.0 - uses: SonarSource/sonarqube-scan-action@7295e71c9583053f5bf40e9d4068a0c974603ec8 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on SonarQube, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} # add the URL of your instance to the secrets of this repo with the name SONAR_HOST_URL (Settings > Secrets > Actions > add new repository secret) - with: - # Additional arguments for the sonarcloud scanner - args: - # Unique key of your project. You can find it in SonarQube > [my project] > Project Information (top-right menu) - # mandatory - -Dsonar.projectKey= - # Comma-separated paths to directories containing main source files. - #-Dsonar.sources= # optional, default is project base directory - # When you need the analysis to take place in a directory other than the one from which it was launched - #-Dsonar.projectBaseDir= # optional, default is . - # Comma-separated paths to directories containing test source files. - #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ - # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. - #-Dsonar.verbose= # optional, default is false From 68ac4eed10cae37b71f0bf514a9d9100b71fafa9 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Mon, 22 Jul 2024 03:30:52 +0100 Subject: [PATCH 04/35] Update build.yaml --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7ab5f60..53cc2b3 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Build From aaff7ce29c4ecd9651510be4c29ae73b17497b46 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 9 Oct 2024 06:07:36 +0800 Subject: [PATCH 05/35] update readme to use the new vanity name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 910bb25..7138b30 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ import ( "fmt" "os" - "gopkg.in/alessio/shellescape.v1" + "al.essio.dev/pkg/shellescape" ) func main() { From eee5f61978a7d3689371b2350d54a5974f79907f Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 9 Oct 2024 06:10:51 +0800 Subject: [PATCH 06/35] upgrade playground example's URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7138b30..f83dd5b 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ func main() { fmt.Printf("ls -l %s\n", shellescape.Quote(os.Args[1])) } ``` -_[See in Go Playground](https://play.golang.org/p/HJ_CXgSrmp)_ +_[See in Go Playground](https://go.dev/play/p/GeguukpSUTk)_ ## The escargs utility __escargs__ reads lines from the standard input and prints shell-escaped versions. Unlinke __xargs__, blank lines on the standard input are not discarded. From 5ab9730e7dbc39ee78d9c110aa39a2d9f71d13d5 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 9 Oct 2024 06:18:14 +0800 Subject: [PATCH 07/35] update ci --- .github/workflows/build.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 53cc2b3..7f31b62 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -14,7 +14,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e542a73..ab03aa5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -12,14 +12,14 @@ jobs: goreleaser: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - run: git fetch --force --tags - - uses: actions/setup-go@v4 + - uses: actions/setup-go@v5 with: go-version: stable - - uses: goreleaser/goreleaser-action@v4 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest From b806b6d359399aa5cb16cc71896aad7d26433ac7 Mon Sep 17 00:00:00 2001 From: Oleksandr Redko Date: Fri, 8 Nov 2024 20:40:41 +0200 Subject: [PATCH 08/35] Fix ExampleQuoteCommand --- example_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/example_test.go b/example_test.go index caccd41..fb54c23 100644 --- a/example_test.go +++ b/example_test.go @@ -79,6 +79,7 @@ func ExampleQuoteCommand() { fmt.Println("lastSplit[1]:", lastSplit[1]) fmt.Println("lastSplit[2]:", lastSplit[2]) + // Output: // unsafe: ls -l myfile; rm -rf / // command: ls -l 'myfile; rm -rf /' // splitCommand: [ls -l myfile; rm -rf /] From 853065111c4c5878f9eb9033c262159ecaca0a03 Mon Sep 17 00:00:00 2001 From: Oleksandr Redko Date: Fri, 8 Nov 2024 20:35:01 +0200 Subject: [PATCH 09/35] README: fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f83dd5b..53e8bf5 100644 --- a/README.md +++ b/README.md @@ -58,4 +58,4 @@ func main() { _[See in Go Playground](https://go.dev/play/p/GeguukpSUTk)_ ## The escargs utility -__escargs__ reads lines from the standard input and prints shell-escaped versions. Unlinke __xargs__, blank lines on the standard input are not discarded. +__escargs__ reads lines from the standard input and prints shell-escaped versions. Unlike __xargs__, blank lines on the standard input are not discarded. From 09834c41944e629243ac46bad8ef7fc5f4777d6f Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:27:00 +0100 Subject: [PATCH 10/35] Add automatic update of GitHub actions --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b444581..bb3dd9c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,13 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" + + # Maintain dependencies for GitHub Actions + # These would open PR, these PR would be tested with the CI + # They will have to be merged manually by a maintainer + - package-ecosystem: github-actions + directory: / + open-pull-requests-limit: 10 # avoid spam, if no one reacts + schedule: + interval: weekly + time: '11:00' \ No newline at end of file From 8b9bd7a380b5b21a421fe66c4fbdffff589300b8 Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:27:54 +0100 Subject: [PATCH 11/35] Bring CI to 2024 update everything to latest versions --- .github/workflows/build.yaml | 6 +++--- .github/workflows/codacy.yml | 10 +++++----- .github/workflows/dependency-review.yml | 8 ++++---- .github/workflows/golangci-lint.yml | 14 ++++++++------ 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 7f31b62..1861b2b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,11 +10,11 @@ jobs: test: strategy: matrix: - go-version: [1.20.x, 1.21.x, 1.22.x] + go-version: [1.20.x, 1.21.x, 1.22.x, 1.23.x] os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4.2.2 - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} @@ -22,7 +22,7 @@ jobs: run: go build -v ./... - name: Test run: go test -race -cover -covermode=atomic -coverprofile=coverage.out ./... - - uses: codecov/codecov-action@v1 + - uses: codecov/codecov-action@v4.6.0 with: file: ./coverage.out verbose: true diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 75a8592..622312e 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -35,12 +35,12 @@ jobs: runs-on: ubuntu-latest steps: # Checkout the repository to the GitHub Actions runner - - name: Checkout code - uses: actions/checkout@v3 + - name: Checkout + uses: actions/checkout@v4.2.2 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + - name: Codacy Analysis CLI + uses: codacy/codacy-analysis-cli-action@v4.4.5 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -55,6 +55,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b0dedc4..b28a7f7 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -14,7 +14,7 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - name: 'Checkout Repository' - uses: actions/checkout@v3 - - name: 'Dependency Review' - uses: actions/dependency-review-action@v3 + - name: Checkout + uses: actions/checkout@v4.2.2 + - name: Dependency Review + uses: actions/dependency-review-action@v4.4.0 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index fb4817e..8efd6d6 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -12,16 +12,18 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - name: checkout-action + uses: actions/checkout@v4.1.7 + + - name: Set up Go + uses: actions/setup-go@v5 with: - go-version: '1.21' - cache: false + go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@v6.1.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. - version: v1.55 + version: v1.62 # Optional: working directory, useful for monorepos # working-directory: somedir From 3e232a2c44c85fbd3486db87e84c7dc749053c4a Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:03:33 +0100 Subject: [PATCH 12/35] fix enabled golangci-lint linters - remove duplicated misspell - remove settings for deprecated linter maligned - reorder the list --- .golangci.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 836dabb..c14657f 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -6,6 +6,7 @@ linters: disable-all: true enable: - bodyclose + - copyloopvar - dogsled - goconst - gocritic @@ -17,7 +18,6 @@ linters: - ineffassign - misspell - prealloc - - exportloopref - revive - staticcheck - stylecheck @@ -25,7 +25,6 @@ linters: - unconvert - unparam - unused - - misspell - wsl issues: @@ -51,9 +50,6 @@ issues: linters-settings: dogsled: max-blank-identifiers: 3 - maligned: - # print struct with more effective memory layout or not, false by default - suggest-new: true run: tests: false From 8e8fb6e8bfdde7ccd80a0e012dd03c383aaca9cb Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:11:54 +0100 Subject: [PATCH 13/35] Remove exclusion added years ago The problem was fixed in 2019 --- .golangci.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index c14657f..a5386c5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -41,11 +41,6 @@ issues: - text: "ST1003:" linters: - stylecheck - # FIXME: Disabled until golangci-lint updates stylecheck with this fix: - # https://github.com/dominikh/go-tools/issues/389 - - text: "ST1016:" - linters: - - stylecheck linters-settings: dogsled: From deb6eba95bad1d775d1da83090c2813bdc58e427 Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:13:42 +0100 Subject: [PATCH 14/35] enable golangci-lint on test files but disable wsl linter for them --- .golangci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index a5386c5..f811f96 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -41,10 +41,11 @@ issues: - text: "ST1003:" linters: - stylecheck + - path: "_test.go" + linters: + - wsl linters-settings: dogsled: max-blank-identifiers: 3 -run: - tests: false From 8303ffc4398eef809fc6d53a070176a117384268 Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:30:05 +0100 Subject: [PATCH 15/35] Enable thelper linter via golangci-lint --- .golangci.yml | 1 + shellescape_test.go | 2 ++ 2 files changed, 3 insertions(+) diff --git a/.golangci.yml b/.golangci.yml index f811f96..b095276 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -22,6 +22,7 @@ linters: - staticcheck - stylecheck - typecheck + - thelper - unconvert - unparam - unused diff --git a/shellescape_test.go b/shellescape_test.go index dd0e9fc..3c76035 100644 --- a/shellescape_test.go +++ b/shellescape_test.go @@ -7,6 +7,8 @@ import ( ) func assertEqual(t *testing.T, s, expected string) { + t.Helper() + if s != expected { t.Fatalf("%q (expected: %q)", s, expected) } From 075e7a7ebd7ced85c69581612f54e14d95b4a1b0 Mon Sep 17 00:00:00 2001 From: ccoVeille <3875889+ccoVeille@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:32:01 +0100 Subject: [PATCH 16/35] Enable gci linter via golangci-lint The idea is to keep consistent imports order --- .golangci.yml | 11 ++++++++++- example_test.go | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b095276..05df54a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -8,6 +8,7 @@ linters: - bodyclose - copyloopvar - dogsled + - gci - goconst - gocritic - gofmt @@ -49,4 +50,12 @@ issues: linters-settings: dogsled: max-blank-identifiers: 3 - + # define the import orders + gci: + sections: + # Standard section: captures all standard packages. + - standard + # Default section: catchall that is not standard or custom + - default + # linters that related to local tool, so they should be separated + - localmodule diff --git a/example_test.go b/example_test.go index fb54c23..8eca93f 100644 --- a/example_test.go +++ b/example_test.go @@ -4,8 +4,9 @@ import ( "fmt" "strings" - "al.essio.dev/pkg/shellescape" "github.com/google/shlex" + + "al.essio.dev/pkg/shellescape" ) func ExampleQuote() { From c50b029e99651f1e5b455a90c999f63cd7792550 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 20:43:00 +0000 Subject: [PATCH 17/35] Bump golangci/golangci-lint-action from 6.1.0 to 6.2.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6.1.0...v6.2.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 8efd6d6..230b7a8 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v6.1.0 + uses: golangci/golangci-lint-action@v6.2.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.62 From 2a3243495f29846ae00d67bca7121bf6b5834b70 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 20:42:57 +0000 Subject: [PATCH 18/35] Bump actions/dependency-review-action from 4.4.0 to 4.5.0 Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b28a7f7..6d02383 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,4 +17,4 @@ jobs: - name: Checkout uses: actions/checkout@v4.2.2 - name: Dependency Review - uses: actions/dependency-review-action@v4.4.0 + uses: actions/dependency-review-action@v4.5.0 From 7aab5d1f929d8d80dba49a2267c97a593a649098 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 20:42:55 +0000 Subject: [PATCH 19/35] Bump codecov/codecov-action from 4.6.0 to 5.3.1 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.3.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v4.6.0...v5.3.1) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1861b2b..2eda14c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -22,7 +22,7 @@ jobs: run: go build -v ./... - name: Test run: go test -race -cover -covermode=atomic -coverprofile=coverage.out ./... - - uses: codecov/codecov-action@v4.6.0 + - uses: codecov/codecov-action@v5.3.1 with: file: ./coverage.out verbose: true From 76f60b250bea6662803e89038d5036efb2f6edd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Feb 2025 12:33:52 +0000 Subject: [PATCH 20/35] Bump golangci/golangci-lint-action from 6.2.0 to 6.5.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.2.0 to 6.5.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6.2.0...v6.5.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 230b7a8..cb660f2 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v6.2.0 + uses: golangci/golangci-lint-action@v6.5.0 with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. version: v1.62 From 71d039a693fba07663c8d484ef0a808a37f5bc20 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 07:40:09 +0800 Subject: [PATCH 21/35] Update codacy.yml (#39) Remove pinning on patch releases ## Summary by CodeRabbit These maintenance updates improve our automated workflows by enhancing compatibility and efficiency. Below are the key changes: - **Chores** - Updated internal automation tools to the latest major releases. - Enhancements contribute to a smoother, more reliable continuous integration process and prepare our systems for future improvements. --- .github/workflows/codacy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 622312e..d22fd92 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -36,11 +36,11 @@ jobs: steps: # Checkout the repository to the GitHub Actions runner - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v4 # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@v4.4.5 + uses: codacy/codacy-analysis-cli-action@v4 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations From fae07db218807564fecc3cd7b80b5cf94726a448 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 07:45:58 +0800 Subject: [PATCH 22/35] Update build.yaml (#40) remove pinning on patch releases ## Summary by CodeRabbit - **Chores** - Upgraded underlying automation tools used for building and quality analysis to their latest versions, ensuring a more robust and maintainable process without altering user-facing functionality. --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2eda14c..53bebc1 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -14,7 +14,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4.2.2 + - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} @@ -22,7 +22,7 @@ jobs: run: go build -v ./... - name: Test run: go test -race -cover -covermode=atomic -coverprofile=coverage.out ./... - - uses: codecov/codecov-action@v5.3.1 + - uses: codecov/codecov-action@v5 with: file: ./coverage.out verbose: true From 04127346f78416efc2ddca01d115ccf163f84297 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 07:57:58 +0800 Subject: [PATCH 23/35] Update golangci-lint.yml refresh --- .github/workflows/golangci-lint.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index cb660f2..ed5eeda 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -13,17 +13,17 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout-action - uses: actions/checkout@v4.1.7 + uses: actions/checkout@v4 - name: Set up Go uses: actions/setup-go@v5 with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v6.5.0 - with: + uses: golangci/golangci-lint-action@v6 + # with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. - version: v1.62 + # version: v1.62 # Optional: working directory, useful for monorepos # working-directory: somedir @@ -32,5 +32,5 @@ jobs: # args: --issues-exit-code=0 # Optional: show only new issues if it's a pull request. The default value is `false`. - only-new-issues: false + # only-new-issues: false From bcfa082195da98841bc6b5269cd4b9ee3631eadf Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 08:05:24 +0800 Subject: [PATCH 24/35] Update dependency-review.yml don't pin patch releases --- .github/workflows/dependency-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 6d02383..b64f34f 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4.2.2 + uses: actions/checkout@v4 - name: Dependency Review - uses: actions/dependency-review-action@v4.5.0 + uses: actions/dependency-review-action@v4 From 3ec941906c042fa2fc207c6fe0e6bff6fcaf09b9 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 08:49:31 +0800 Subject: [PATCH 25/35] Update CODE_OF_CONDUCT.md (#44) Signed-off-by: Alessio Treglia --- CODE_OF_CONDUCT.md | 154 +++++++++++++++++++++++++++++++-------------- 1 file changed, 106 insertions(+), 48 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index e8eda60..6d84e87 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,76 +1,134 @@ + # Contributor Covenant Code of Conduct ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -* The use of sexualized language or imagery and unwelcome sexual attention or - advances -* Trolling, insulting/derogatory comments, and personal or political attacks +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission +* Publishing others' private information, such as a physical or email address, + without their explicit permission * Other conduct which could reasonably be considered inappropriate in a - professional setting + professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official email address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at alessio@debian.org. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at +[alessio AT debian DOT org][contact]. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. -[homepage]: https://www.contributor-covenant.org +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. -For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations +[contact]: mailto:alessio_AT_debian_DOT_org From f80079b7c3dfc7b2b9176f16cef780755d335225 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 09:19:33 +0800 Subject: [PATCH 26/35] Update README.md (#45) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix markdown syntax ## Summary by CodeRabbit - **Documentation** - Updated the project documentation to include a clear description of the package’s purpose. - Enhanced readability through improved spacing and formatting adjustments. --------- Signed-off-by: Alessio Treglia --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 53e8bf5..1304767 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +# shellescape + ![Build](https://github.com/alessio/shellescape/workflows/Build/badge.svg) [![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/alessio/shellescape?tab=overview) [![sourcegraph](https://sourcegraph.com/github.com/alessio/shellescape/-/badge.svg)](https://sourcegraph.com/github.com/alessio/shellescape) @@ -5,8 +7,8 @@ [![Coverage](https://gocover.io/_badge/github.com/alessio/shellescape)](https://gocover.io/github.com/alessio/shellescape) [![Go Report Card](https://goreportcard.com/badge/github.com/alessio/shellescape)](https://goreportcard.com/report/github.com/alessio/shellescape) -# shellescape Escape arbitrary strings for safe use as command line arguments. + ## Contents of the package This package provides the `shellescape.Quote()` function that returns a @@ -32,6 +34,7 @@ import ( func main() { fmt.Printf("ls -l %s\n", os.Args[1]) } + ``` _[See in Go Playground](https://play.golang.org/p/Wj2WoUfH_d)_ @@ -58,4 +61,5 @@ func main() { _[See in Go Playground](https://go.dev/play/p/GeguukpSUTk)_ ## The escargs utility + __escargs__ reads lines from the standard input and prints shell-escaped versions. Unlike __xargs__, blank lines on the standard input are not discarded. From 7949e0bde652c3c3150e3986ebb47fc313544549 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Tue, 25 Feb 2025 10:01:34 +0800 Subject: [PATCH 27/35] Refresh Go toolchain (#46) ## Summary by CodeRabbit - **Chores** - Updated our automation configuration to support the latest runtime versions. - **Tests** - Introduced enhanced testing with code coverage analysis and race detection to improve quality assurance. --------- Signed-off-by: Alessio Treglia --- .github/workflows/build.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 53bebc1..029edc7 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -10,7 +10,7 @@ jobs: test: strategy: matrix: - go-version: [1.20.x, 1.21.x, 1.22.x, 1.23.x] + go-version: [1.20.x, 1.21.x, 1.22.x, 1.23.x, 1.24.x] os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: @@ -21,6 +21,16 @@ jobs: - name: Build run: go build -v ./... - name: Test + run: go test -race ./... + + coverage: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version: 'stable' + - name: Coverage run: go test -race -cover -covermode=atomic -coverprofile=coverage.out ./... - uses: codecov/codecov-action@v5 with: From 9101d2158250552b0f99a4e833d2bef45e399cb8 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 26 Feb 2025 00:59:05 +0800 Subject: [PATCH 28/35] shellescape: new ScanTokens function (#47) - **New Features** - Introduced an enhanced tokenization method for processing inputs with null characters. - Provided a new example showcasing the updated input scanning. - **Refactor** - Replaced custom token-splitting logic with a standardized scanning approach for improved consistency. - **Tests** - Expanded test coverage to verify accurate token parsing and ensure reliability. --- cmd/escargs/escargs.go | 24 ++---------------------- example_test.go | 16 ++++++++++++++++ shellescape.go | 22 ++++++++++++++++++++++ shellescape_test.go | 21 +++++++++++++++++++++ 4 files changed, 61 insertions(+), 22 deletions(-) diff --git a/cmd/escargs/escargs.go b/cmd/escargs/escargs.go index 52b0021..324144a 100644 --- a/cmd/escargs/escargs.go +++ b/cmd/escargs/escargs.go @@ -1,11 +1,10 @@ // escargs reads lines from the standard input and prints shell-escaped -// versions. Unlinke xargs, blank lines on the standard input are not +// versions. Unlike xargs, blank lines on the standard input are not // discarded. package main import ( "bufio" - "bytes" "flag" "fmt" "log" @@ -63,7 +62,7 @@ func main() { } if nullSeparator { - scanner.Split(splitNullTerminatedItems) + scanner.Split(shellescape.ScanTokens) } for scanner.Scan() { @@ -82,25 +81,6 @@ func main() { } } -func splitNullTerminatedItems(data []byte, atEOF bool) (advance int, token []byte, err error) { - // Return nothing if at end of file and no data passed. - if atEOF && len(data) == 0 { - return 0, nil, nil - } - - // Find the index of the input of a null character. - if i := bytes.IndexByte(data, '\x00'); i >= 0 { - return i + 1, data[0:i], nil - } - // If we're at EOF, we have a final, non-terminated line. Return it. - if atEOF { - return len(data), data, nil - } - - // Request more data. - return 0, nil, nil -} - func usage() { usageString := `Usage: escargs [-0ad] Escape arbitrary strings for safe use as command line arguments. diff --git a/example_test.go b/example_test.go index 8eca93f..615ab5f 100644 --- a/example_test.go +++ b/example_test.go @@ -1,6 +1,7 @@ package shellescape_test import ( + "bufio" "fmt" "strings" @@ -102,3 +103,18 @@ func ExampleStripUnsafe() { // safe: "printable!" #$%^characters '' 12321312" // unsafe: these runes shall be removed: } + +func ExampleScanTokens() { + words := "'tis\x00but\x00a\x00scratch!\x00" + scanner := bufio.NewScanner(strings.NewReader(words)) + + scanner.Split(shellescape.ScanTokens) + for scanner.Scan() { + fmt.Println(scanner.Text()) + } + // Output: + // 'tis + // but + // a + // scratch! +} diff --git a/shellescape.go b/shellescape.go index f3d0d9c..fa1caf6 100644 --- a/shellescape.go +++ b/shellescape.go @@ -15,6 +15,7 @@ be appended to/used in the context of shell programs' command line arguments. */ import ( + "bytes" "regexp" "strings" "unicode" @@ -64,3 +65,24 @@ func StripUnsafe(s string) string { return -1 }, s) } + +// ScanTokens is a split function for a bufio.Scanner that returns each word of text, stripped +// of amy trailing end-of-text empty byte. +func ScanTokens(data []byte, atEOF bool) (advance int, token []byte, err error) { + // Return nothing if at end-of-file and no data passed. + if atEOF && len(data) == 0 { + return 0, nil, nil + } + + // Find the index of the input of a null character. + if i := bytes.IndexByte(data, '\x00'); i >= 0 { + return i + 1, data[0:i], nil + } + // If we're at EOF, we have a final, non-terminated line. Return it. + if atEOF { + return len(data), data, nil + } + + // Request more data. + return 0, nil, nil +} diff --git a/shellescape_test.go b/shellescape_test.go index 3c76035..3f8b629 100644 --- a/shellescape_test.go +++ b/shellescape_test.go @@ -1,6 +1,8 @@ package shellescape_test import ( + "bufio" + "bytes" "testing" "al.essio.dev/pkg/shellescape" @@ -82,3 +84,22 @@ func TestStripUnsafe(t *testing.T) { }) } } + +func TestScanTokens(t *testing.T) { + data := [][]byte{[]byte("foo"), []byte("bar"), []byte("baz")} + buf := bytes.NewBuffer(bytes.Join(data, []byte{'\x00'})) + want := []string{"foo", "bar", "baz"} + + scanner := bufio.NewScanner(buf) + scanner.Split(shellescape.ScanTokens) + + for i := 0; scanner.Scan(); i++ { + if got := scanner.Text(); got != want[i] { + t.Errorf("scanner.Text() = %v, want %v", got, want[i]) + } + } + + if err := scanner.Err(); err != nil { + t.Errorf("scanner.Err() = %v, want nil", err) + } +} From 0fa0bf85ed069e796c5640bdc9ae6115765964f1 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 26 Feb 2025 02:08:20 +0800 Subject: [PATCH 29/35] add CODECOV_TOKEN Signed-off-by: Alessio Treglia --- .github/workflows/build.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 029edc7..bd12bd4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -31,8 +31,7 @@ jobs: with: go-version: 'stable' - name: Coverage - run: go test -race -cover -covermode=atomic -coverprofile=coverage.out ./... + run: go test -race -cover -covermode=atomic -coverprofile=coverage.txt ./... - uses: codecov/codecov-action@v5 with: - file: ./coverage.out - verbose: true + token: ${{ secrets.CODECOV_TOKEN }} From 26fa1b3cc48d87f76ff79210a19ddd90de78660c Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 26 Feb 2025 02:11:40 +0800 Subject: [PATCH 30/35] Update README.md remove dead gocover link Signed-off-by: Alessio Treglia --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 1304767..72dbc94 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ [![GoDoc](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/github.com/alessio/shellescape?tab=overview) [![sourcegraph](https://sourcegraph.com/github.com/alessio/shellescape/-/badge.svg)](https://sourcegraph.com/github.com/alessio/shellescape) [![codecov](https://codecov.io/gh/alessio/shellescape/branch/master/graph/badge.svg)](https://codecov.io/gh/alessio/shellescape) -[![Coverage](https://gocover.io/_badge/github.com/alessio/shellescape)](https://gocover.io/github.com/alessio/shellescape) [![Go Report Card](https://goreportcard.com/badge/github.com/alessio/shellescape)](https://goreportcard.com/report/github.com/alessio/shellescape) Escape arbitrary strings for safe use as command line arguments. From 5246baf80c2f59a7a7a71af78f5122045febab30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 11:27:50 +0000 Subject: [PATCH 31/35] Bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index ed5eeda..390813e 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v7 # with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. # version: v1.62 From 6f839d773d26712f82c3eaf264834e9e99f7fc1f Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 2 Apr 2025 04:49:21 +0800 Subject: [PATCH 32/35] Update README.md Signed-off-by: Alessio Treglia --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 72dbc94..84ca374 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ func main() { } ``` + _[See in Go Playground](https://play.golang.org/p/Wj2WoUfH_d)_ Especially when creating pipeline of commands which might end up being @@ -57,6 +58,7 @@ func main() { fmt.Printf("ls -l %s\n", shellescape.Quote(os.Args[1])) } ``` + _[See in Go Playground](https://go.dev/play/p/GeguukpSUTk)_ ## The escargs utility From cf9b62c9903bcad90383d492ee3ebd5a8e03e9d9 Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Wed, 2 Apr 2025 04:52:06 +0800 Subject: [PATCH 33/35] Revert "Bump golangci/golangci-lint-action from 6 to 7" This reverts commit 5246baf80c2f59a7a7a71af78f5122045febab30. --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 390813e..ed5eeda 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v7 + uses: golangci/golangci-lint-action@v6 # with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. # version: v1.62 From beefadb6abdc9c46f49d091f9c3074d32c6d3aab Mon Sep 17 00:00:00 2001 From: Alessio Treglia Date: Thu, 3 Apr 2025 06:02:38 +0800 Subject: [PATCH 34/35] run golangci-lint migrate --- .golangci.yml | 91 +++++++++++++++++++++++++++------------------------ Makefile | 25 +++++++++----- 2 files changed, 66 insertions(+), 50 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 05df54a..7e63691 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,61 +1,68 @@ -# run: -# # timeout for analysis, e.g. 30s, 5m, default is 1m -# timeout: 5m - +version: "2" linters: - disable-all: true + default: none enable: - bodyclose - copyloopvar - dogsled - - gci - goconst - gocritic - - gofmt - - goimports - gosec - - gosimple - govet - ineffassign - misspell - prealloc - revive - staticcheck - - stylecheck - - typecheck - thelper - unconvert - unparam - unused - wsl - -issues: - exclude-rules: - - text: "Use of weak random number generator" - linters: - - gosec - - text: "comment on exported var" - linters: - - golint - - text: "don't use an underscore in package name" - linters: - - golint - - text: "ST1003:" - linters: - - stylecheck - - path: "_test.go" - linters: - - wsl - -linters-settings: - dogsled: - max-blank-identifiers: 3 - # define the import orders - gci: - sections: - # Standard section: captures all standard packages. - - standard - # Default section: catchall that is not standard or custom - - default - # linters that related to local tool, so they should be separated - - localmodule + settings: + dogsled: + max-blank-identifiers: 3 + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - gosec + text: Use of weak random number generator + - linters: + - golint + text: comment on exported var + - linters: + - golint + text: don't use an underscore in package name + - linters: + - staticcheck + text: 'ST1003:' + - linters: + - wsl + path: _test.go + paths: + - third_party$ + - builtin$ + - examples$ +formatters: + enable: + - gci + - gofmt + - goimports + settings: + gci: + sections: + - standard + - default + - localmodule + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/Makefile b/Makefile index f92895c..dd15c6e 100644 --- a/Makefile +++ b/Makefile @@ -5,21 +5,30 @@ VERSION := $(shell git describe) all: build -build: +build-stamp: go build -a -v + touch $@ +build: build-stamp -install: - go install ./cmd/escargs +install-stamp: build + go install -v \ + -ldflags="X 'main.version=$(VERSION)'" \ + ./cmd/escargs + touch $@ +install: install-stamp escargs: build go build -v \ - -ldflags="-X 'main.version=$(VERSION)'" \ - ./cmd/escargs + -ldflags="-X 'main.version=$(VERSION)'" \ + ./cmd/escargs clean: - rm -rfv escargs + rm -f escargs + +distclean: clean + rm -f build-stamp install-stamp uninstall: - rm -v $(shell go env GOPATH)/bin/escargs + rm -fv $(shell go env GOPATH)/bin/escargs -.PHONY: build clean install uninstall +.PHONY: clean distclean install uninstall From fa391ebbbff1d0a4715518d5c03567418ea8e399 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Mar 2025 11:27:50 +0000 Subject: [PATCH 35/35] Bump golangci/golangci-lint-action from 6 to 7 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v7) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/golangci-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index ed5eeda..390813e 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -20,7 +20,7 @@ jobs: with: go-version: 'stable' - name: golangci-lint - uses: golangci/golangci-lint-action@v6 + uses: golangci/golangci-lint-action@v7 # with: # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version. # version: v1.62