Skip to content

Update github-actions #517

Update github-actions

Update github-actions #517

Workflow file for this run

name: Opaque
on:
pull_request:
branches:
- main
permissions:
contents: read
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
- name: Checkout repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@d60b41a563a30eac31c3ec623e6ff0b3f16e1a06
with:
go-version-file: ./go.mod
# Linting
- name: Linting
uses: golangci/golangci-lint-action@79a180da271f498717dcd1865113bb5631f88d82
with:
version: latest
args: --config=./.github/.golangci.yml ./...
only-new-issues: true
test:
name: Test
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
go: [ '1.22', '1.21' ]
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
proxy.golang.org:443
storage.googleapis.com:443
sum.golang.org:443
- name: Checkout repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@d60b41a563a30eac31c3ec623e6ff0b3f16e1a06
with:
go-version: ${{ matrix.go }}
# Test
- name: Run Tests
run: cd .github && make test
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.codecov.io:443
api.github.com:443
cli.codecov.io:443
ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
scanner.sonarcloud.io:443
sonarcloud.io:443
storage.googleapis.com:443
- name: Checkout repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@d60b41a563a30eac31c3ec623e6ff0b3f16e1a06
with:
go-version-file: ./go.mod
# Coverage
- name: Run coverage
run: cd .github && make cover
# Codecov
- name: Codecov
uses: codecov/codecov-action@080969defa1436423c96b1c8b20b5d8cb41afa20
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: .github/coverage.out
# Sonar
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@9f9bba2c7aaf7a55eac26abbac906c3021d211b2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=bytemare-github
-Dsonar.projectKey=bytemare_opaque
-Dsonar.go.coverage.reportPaths=.github/coverage.out
-Dsonar.sources=.
-Dsonar.exclusions=examples_test.go
-Dsonar.test.exclusions=examples_test.go,tests/**
-Dsonar.coverage.exclusions=examples_test.go,tests/**
-Dsonar.tests=tests/
-Dsonar.verbose=true