{"id":31658375,"url":"https://github.com/couchbase/tools-common","last_synced_at":"2025-10-07T15:20:56.782Z","repository":{"id":41086062,"uuid":"341294987","full_name":"couchbase/tools-common","owner":"couchbase","description":null,"archived":false,"fork":false,"pushed_at":"2025-09-08T15:43:22.000Z","size":1674,"stargazers_count":4,"open_issues_count":1,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-09-08T17:31:45.005Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/couchbase.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-22T18:18:49.000Z","updated_at":"2025-09-08T15:30:45.000Z","dependencies_parsed_at":"2023-12-20T15:26:52.238Z","dependency_job_id":"a0b232a0-0fb0-46d0-9d64-3add6a368834","html_url":"https://github.com/couchbase/tools-common","commit_stats":null,"previous_names":[],"tags_count":150,"template":false,"template_full_name":null,"purl":"pkg:github/couchbase/tools-common","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/couchbase%2Ftools-common","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/couchbase%2Ftools-common/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/couchbase%2Ftools-common/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/couchbase%2Ftools-common/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/couchbase","download_url":"https://codeload.github.com/couchbase/tools-common/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/couchbase%2Ftools-common/sbom","scorecard":{"id":305936,"data":{"date":"2025-08-11","repo":{"name":"github.com/couchbase/tools-common","commit":"b69ec34c1b125becdf83f095c7285967b67c8bf6"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Maintained","score":10,"reason":"15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3250 / GHSA-29wx-vh33-7x7r","Warn: Project is vulnerable to: GO-2025-3553 / GHSA-mh63-6h87-95cp","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T22:02:52.947Z","repository_id":41086062,"created_at":"2025-08-17T22:02:52.947Z","updated_at":"2025-08-17T22:02:52.947Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278796290,"owners_count":26047402,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-07T15:20:53.722Z","updated_at":"2025-10-07T15:20:56.770Z","avatar_url":"https://github.com/couchbase.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# tools-common\n[![Go Reference](https://pkg.go.dev/badge/github.com/couchbase/tools-common.svg)](https://pkg.go.dev/github.com/couchbase/tools-common)\n\nWelcome to `tools-common`, this library contains various utilities used across several projects at Couchbase.\n\n# Dependencies\nThe library is broken down into independently versioned sub-modules which each define their own dependencies; see the\nmodule level `README.md` for specifics on dependencies.\n\n# Testing\n\nThe `tools-common` library is broken down into separate modules, the unit testing for each module is run independently.\n\nFirstly, ensure all the dependencies are installed:\n\n- Go (1.18+)\n- Make (Latest version available via package manager)\n- Module specific dependencies (defined in the modules `README.md`)\n\nTesting may then be run using the modules `Makefile`, running `make test` will run all the available unit tests where\n`make coverage` will also generate a coverage report that will be automatically opened in the default browser.\n\nYou may want to filter which tests are run; this may be at the package or test level. For example, to run the\n`TestContains` function in the `util/contains` package, `make PACKAGE='util/contains' TESTS='TestCoverage'` may be used.\n\nThe `PACKAGE` and `TESTS` variables may be used independently and also apply to the `coverage` target.\n\n# Contributing\n\nThe following sections cover some basics of how to contribute to `tools-common` whilst following some of our common\npractices/conventions.\n\n## Gerrit\n\nTo contribute to this codebase you can upload patches through [Gerrit](http://review.couchbase.org). Make sure you have\nconfigured the git hooks as described in the [Git Hooks](#git-hooks) section so that the code is linted and formatted\nbefore uploading the patch.\n\nOnce you are ready to make your first commit note that *all* commits must be linked to an MB. This is done by making\nsure that the commit title has the following format `MB-XXXXX Commit title` where `MB-XXXXX` is a valid issue in\n[Jira](https://issues.couchbase.com).\n\n## Git Hooks\n\nBefore contributing any patches, the Git hooks should be configured to ensure code is correctly linted and formatted.\n\nThe Git hooks require the following dependencies:\n\n- gofmt (Standard code formatting tool)\n- gofumpt (A more opinionated code formatting tool)\n- goimports (Automatic insertion/sorting of imported modules)\n- golangci-lint (Bulk linting tool)\n- sponge (Binary provided by `moreutils` which \"soaks\" all input before writing output)\n- wget (Used to download the `commit-msg` hook from Gerrit)\n\nOnce installed, the Git hooks may be setup using the following command:\n\n```sh\ngit config core.hooksPath .githooks\n```\n\nIf the Git hooks have been setup correctly, the Gerrit `commit-msg` hook will be downloaded automatically when creating\nyour first commit. However, this can also be done manually by downloading the\n[commit-msg](http://review.couchbase.org/tools/hooks/commit-msg) script, marking it as executable and placing it into\nthe `.githooks` directory.\n\n### Formatting\nWe automatically apply formatting on any staged Go files before committing. This may not be what you want if you ever\nhave some hunks in a file staged but not others, as it will cause all of them to be committed. This behaviour can be\nconfigured using:\n\n```sh\ngit config couchbase.tools.format.behaviour BEHAVIOUR\n```\n\nWhere BEHAVIOUR is one of the following:\n\n1. error: echo what files have incorrect formatting and quit\n2. fix: echo what files have incorrect formatting, fix them and quit\n3. stage: echo what files have incorrect formatting, fix and stage them and quit\n4. commit/no config value/invalid config value: fix the files with incorrect formatting, stage them and allow the commit\nto proceed.\n\n## Coding style\n\nIn this section we will cover notes on the exact coding style to use for this codebase. Most of the style rules are\nenforced by the linters, so here we will only cover ones that are not.\n\n## Versioning\n\nIn this section we will cover the versioning of `tools-common` sub-modules.\n\n### Permissions\n\nTo be able to create/push tags for `tools-common`, you will need to be in the\n`tools-common-taggers`\n[group](https://review.couchbase.org/admin/groups/5ee5520dd89ee08a1f1d0fefae2de54fe9076291,members)\non Gerrit; contact the build team to be added.\n\n### Creating Tags\n\nThe sub-modules in `tools-common` are versioned independently following the [semantic versioning](https://semver.org)\nscheme.\n\nThe release process should be as follows:\n\n1. Create a commit which prepares the version by updating the `CHANGES.md` where relevant\n2. Generate the commands required to tag using `./scripts/versioning/tag.py \u003cmodule\u003e \u003cmode\u003e`\n3. Verify and run the output commands\n\n```sh\n$ ./scripts/versioning/tag.py fs major\ngit tag -a fs/v1.0.0\ngit push gerrit fs/v1.0.0 --no-verify\n```\n\nThe `./scripts/versioning/tag.py` script will perform some sanity checks on the provided version.\n\n#### Tag Annotations\n\nThe annotation for a tag, is expected to be in the following format.\n\n```sh\nRelease v${VERSION}\n\n${CHANGELOG}\n```\n\nWhere `VERSION` is the version being tagged, and `CHANGELOG` is the copy+pasted changelog found in the modules\n`CHANGES.md` file.\n\n#### Major Versions\n\nWhen tagging, the `tag.py` script will sanity check that the major version of the target module looks correct; if you\nsee an error, check the module version in `go.mod` matches with the target version.\n\n```sh\n$ ./scripts/versioning/tag.py cloud patch\nError: Version in 'go.mod' does no match the target tag version, check versions are correct\n\n$ ./scripts/versioning/tag.py cloud minor\nError: Version in 'go.mod' does no match the target tag version, check versions are correct\n\n$ ./scripts/versioning/tag.py cloud major\ngit tag -a cloud/v4.0.0\ngit push gerrit cloud/v4.0.0 --no-verify\n```\n\nIn this example, the major version in `go.mod` is v4, so it's not possible to create a new patch or minor release only a\nmajor release; subsequent calls to `tag.py` - after the major version has been tagged - will allow patch and minor\nreleases.\n\n### Dependency Order\n\nThe order in which dependencies are bumped is important to ensure all sub-modules receive the relevant bug fixes. The\norder can be determine by using `./scripts/versioning/bump_order.py \u003cmodule\u003e`.\n\n```sh\n$ ./scripts/versioning/bump_order.py sync\nsync, types, databases, http, environment, couchbase, cloud\n```\n\nWhen bumping all the modules (e.g. for dependency updates) they must be bumped in the following order.\n\n```python\n[core, auth, cbbs, errors, fs, functional, strings, testing, utils, sync, databases, types, http, environment, cloud, couchbase]\n```\n\nThis is the topologically sorted order of the modules, where later modules depend on those earlier in the list; an\nupdated version of this order can be obtained by printing\n[this](https://github.com/couchbase/tools-common/blob/528d651071ae39ed2ac057246786bd02a1b4638e/scripts/versioning/bump_order.py#L110-L111)\nvalue.\n\n#### Dependency Cycles\n\nIt's not possible to support dependency cycles in `tools-common`, this would occur if modules depended on each other;\nthe Git hooks run `./scripts/versioning/bump_order.py` for all the available modules and will not allow you to push if a\ndependency cycle has been introduced.\n\n### Documenting\n\n- All exported functions should have a matching docstring.\n- Any non-trivial unexported function should also have a matching docstring. Note this is left up to the developer and\n  reviewer consideration.\n- Docstrings must end on a full stop (`.`).\n- Comments must be wrapped at 120 characters.\n- Notes on interesting/unexpected behavior should have a newline before them and use the `// NOTE:` prefix.\n\nPlease note that not all the code in the repository follows these rules, however, newly added/updated code should\ngenerally adhere to them.\n\n# Related Projects\n- [`backup`](https://github.com/couchbase/backup)\n- [`cbbs`](https://github.com/couchbase/cbbs)\n- [`couchbase-cli`](https://github.com/couchbase/couchbase-cli)\n\n# License\nCopyright 2021-2024 Couchbase Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcouchbase%2Ftools-common","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcouchbase%2Ftools-common","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcouchbase%2Ftools-common/lists"}