switch to GitHub Actions

.github/workflows/pushes.yaml

@@ -0,0 +1,107 @@
+name: GHA Build
+# The `name:` here is also used in badge.svg rendering as the left-hand-side
+
+permissions:
+  # Control the GITHUB_TOKEN permissions.
+  # By having this block, all permissions not listed here are set to none.
+  # Available permissions listed at:
+  #   <https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token>
+  # Which API calls need which permissions at what level, listed at:
+  #   <https://docs.github.com/en/rest/reference/permissions-required-for-github-apps>
+  #
+  contents: read
+  checks: write
+  statuses: write
+
+on:
+  push:
+    branches-ignore:
+      - 'exp'
+      - 'exp/*'
+      - 'exp-*'
+      - 'exp_*'
+      - 'wip'
+      - 'wip/*'
+      - 'wip-*'
+      - 'wip_*'
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    continue-on-error: ${{ matrix.experimental || false }}
+    strategy:
+      matrix:
+        include:
+          - go: '1.20.x'
+            os: ubuntu-latest
+            canonical: true
+          - go: '1.19.x'
+            os: ubuntu-latest
+            canonical: false
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go }}
+          # We're not doing releases, just checks, so we can live without check-latest here
+
+      - name: Export Go environment to Actions outputs
+        id: go-settings
+        run: |
+          echo >> "$GITHUB_OUTPUT" "arch=$(go env GOARCH)"
+          echo >> "$GITHUB_OUTPUT" "hostarch=$(go env GOHOSTARCH)"
+          echo >> "$GITHUB_OUTPUT" "os=$(go env GOOS)"
+          echo >> "$GITHUB_OUTPUT" "hostos=$(go env GOHOSTOS)"
+          echo >> "$GITHUB_OUTPUT" "go-version=$(go env GOVERSION)"
+        # Use with:
+        #   ${{ steps.go-settings.outputs.go-version }}
+        # which will look like `go1.17.1` if matrix `1.17.x` matches `1.17.1`.
+        # These are independent of how the matrix is setup, or if a matrix is even used.
+        #
+        # You can see the individual values in the "Set up Go" output, collapsed inside a "go env" group at the end.
+
+      - name: Install staticcheck
+        uses: dominikh/staticcheck-action@v1.2.0
+        with:
+          version: "2022.1.1"
+
+      - name: Install additional check/lint tools
+        id: tools-install
+        run: |
+          go install github.com/mattn/goveralls@latest
+          go install github.com/client9/misspell/cmd/misspell@latest
+
+      - name: Basic Go integrity checks
+        id: integrity
+        run: |
+          $(exit $(go fmt ./... | wc -l))
+          go get -t ./...
+          go vet ./...
+          misspell -error -locale US .
+          misspell -error -locale US ./nk
+          staticcheck ./...
+
+      - name: Run Basic Tests
+        id: tests
+        run: |
+          go test -v -vet=off --race --failfast
+
+      - name: Run Coverage Tests
+        id: coverage
+        run: |
+          go test -v -covermode=count -coverprofile=coverage.out
+
+      - name: Upload coverage results
+        id: coverage-upload
+        run: |
+          goveralls -coverprofile=coverage.out -service=github
+        env:
+          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: matrix.canonical
+
+#EOF

.github/workflows/release.yaml

@@ -0,0 +1,58 @@
+name: NKeys Release
+
+on:
+  # We use goreleaser in release mode, so if we do a workflow_dispatch rule here then we should prompt for a tag to check out.
+  push:
+    tags:
+      - 'v[0-9]*'
+
+permissions:
+  # Control the GITHUB_TOKEN permissions; GitHub's docs on which permission scopes control what are a little lacking.
+  # By having this block, all permissions not listed here are set to none.
+  # <https://goreleaser.com/ci/actions/> documents which scopes are needed for it.
+  #
+  # Uploading archives as release artifacts is bundled into the contents: permission key.
+  # The packages: permission is for pushing docker images to github (ghcr.io) instead.
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          # NB: the `fetch-depth: 0` setting is documented by goreleaser
+          # as a requirement, for the changelog feature to work correctly.
+          fetch-depth: 0
+
+      # If we do docker image builds, multi-arch, then because goreleaser can't do image builds
+      # in the style of 'crane' or 'ko', and needs a local docker daemon, then at this point
+      # we'd set up QEMU and Buildx; in other projects, we have success using:
+      #  docker/setup-qemu-action@v1
+      #  docker/setup-buildx-action@v1
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+          check-latest: true
+
+      - name: Basic integrity checks
+        run: |
+          go vet ./...
+          out="$(go list -m -retracted -f '{{if .Retracted}}{{.Path}} is retracted{{end}}' all)"
+          if [ -n "$out" ]; then
+            printf '%s\n' "$out"
+            exit 1
+          fi
+
+      - name: Run GoReleaser
+        id: goreleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+