.github/workflows/style.yaml

# Copyright 2022 Chainguard, Inc.
# SPDX-License-Identifier: Apache-2.0

name: Code Style

on:
  pull_request:
    branches: [ 'main', 'release-*' ]
  push:
    branches: [ 'main', 'release-*' ]

jobs:

  gofmt:
    name: check gofmt
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit

      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version-file: './go.mod'
          check-latest: true

      - uses: chainguard-dev/actions/gofmt@538d1927b846546b620784754c33e2a1db86e217 # main
        with:
          args: -s

  goimports:
    name: check goimports
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit

      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version-file: './go.mod'
          check-latest: true

      - uses: chainguard-dev/actions/goimports@538d1927b846546b620784754c33e2a1db86e217 # main

  golangci-lint:
    permissions:
      contents: read  # for actions/checkout to fetch code
      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
    name: golangci-lint
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version-file: './go.mod'
          check-latest: true
          cache: true

      - name: golangci-lint
        uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
        with:
          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
          version: v1.62

  lint:
    name: Lint
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit

      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Go
        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
        with:
          go-version-file: './go.mod'
          check-latest: true

      - uses: chainguard-dev/actions/trailing-space@538d1927b846546b620784754c33e2a1db86e217 # main
        if: ${{ always() }}

      - uses: chainguard-dev/actions/eof-newline@538d1927b846546b620784754c33e2a1db86e217 # main
        if: ${{ always() }}

      - uses: reviewdog/action-tflint@f17a66a19220804dfa5ba4912e1a9fe7c530fe0a # master
        if: ${{ always() }}
        with:
          github_token: ${{ secrets.github_token }}
          fail_on_error: true

      - uses: reviewdog/action-misspell@18ffb61effb93b47e332f185216be7e49592e7e1 # v1.26.1
        if: ${{ always() }}
        with:
          github_token: ${{ secrets.github_token }}
          fail_on_error: true
          locale: "US"
          exclude: |
            **/go.sum
            **/third_party/**
            ./*.yml
          ignore: cancelled

      - uses: get-woke/woke-action-reviewdog@d71fd0115146a01c3181439ce714e21a69d75e31 # v0
        if: ${{ always() }}
        with:
          github-token: ${{ secrets.github_token }}
          reporter: github-pr-check
          level: error
          fail-on-error: true