-
Notifications
You must be signed in to change notification settings - Fork 98
70 lines (67 loc) · 2.22 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
name: Golang lint, golic, gokart and test
on:
push:
paths-ignore:
- '**.md'
- '**.svg'
- '**.drawio'
- '.spelling'
pull_request:
branches:
- master
paths-ignore:
- '**.md'
- '**.svg'
- '**.drawio'
- '.spelling'
permissions: # added using https://github.com/step-security/secure-workflows
contents: read
jobs:
skip-check:
permissions:
actions: write # for fkirc/skip-duplicate-actions to skip or stop workflow runs
contents: read # for fkirc/skip-duplicate-actions to read and compare commits
runs-on: ubuntu-latest
name: Skip the job?
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- id: skip_check
uses: fkirc/skip-duplicate-actions@f54720a485d24225d7ee6918004908e5025fec19
with:
skip_after_successful_duplicate: 'true'
do_not_skip: '["workflow_dispatch", "schedule"]'
go-inspect:
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Inspect packages
runs-on: ubuntu-22.04
needs: skip-check
if: ${{ needs.skip-check.outputs.should_skip != 'true' }}
steps:
- name: Set up Go
uses: actions/setup-go@bfd2fb341f32be7281829126376a12a780ca79fc
with:
go-version: 1.19.1
- uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017
# see: https://golangci-lint.run/usage/configuration/#config-file
- name: golangci-lint
uses: golangci/golangci-lint-action@66db41e5ddf31df5a4b82871778d9efc99624520
with:
version: v1.51.2
skip-go-installation: true
- name: golic
run: |
go install github.com/AbsaOSS/golic@v0.7.2
golic inject --dry -x -t apache2
- name: gokart
run: |
go install github.com/praetorian-inc/gokart@v0.5.1
gokart scan --globalsTainted
- name: go test
run: go test ./...