From c93b84084342491003d4858202be3803633d5282 Mon Sep 17 00:00:00 2001 From: Sam <109683132+kernelsam@users.noreply.github.com> Date: Fri, 26 Jan 2024 15:06:24 -0800 Subject: [PATCH] senzing-factory/build-resources#15 update go workflow permissions (#16) * senzing-factory/build-resources#15 update go workflow permissions * senzing-factory/build-resources#15 update go workflow permissions --- .github/workflows/go-proxy-pull.yaml | 5 +++ .github/workflows/go-test-linux.yaml | 31 +++++++++++++++++++ .github/workflows/go-test.yaml | 22 ------------- .../{go-security.yaml => gosec.yaml} | 19 ++++++++---- .github/workflows/make-go-tag.yaml | 11 +++++-- 5 files changed, 57 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/go-test-linux.yaml delete mode 100644 .github/workflows/go-test.yaml rename .github/workflows/{go-security.yaml => gosec.yaml} (55%) diff --git a/.github/workflows/go-proxy-pull.yaml b/.github/workflows/go-proxy-pull.yaml index 6ff4f59..89cd1ce 100644 --- a/.github/workflows/go-proxy-pull.yaml +++ b/.github/workflows/go-proxy-pull.yaml @@ -5,10 +5,15 @@ # - https://futurestud.io/tutorials/github-actions-run-a-workflow-when-creating-a-tag name: go-proxy-pull.yaml + on: push: tags: - "v[0-9]+.[0-9]+.[0-9]+" + +permissions: + contents: write + jobs: go-proxy-pull: runs-on: ubuntu-latest diff --git a/.github/workflows/go-test-linux.yaml b/.github/workflows/go-test-linux.yaml new file mode 100644 index 0000000..19d29a4 --- /dev/null +++ b/.github/workflows/go-test-linux.yaml @@ -0,0 +1,31 @@ +# Based on +# - https://github.com/marketplace/actions/setup-go-environment + +name: go-test.yaml + +on: [push] + +permissions: + contents: read + +jobs: + go-test-linux: + runs-on: ${{ matrix.os }} + strategy: + matrix: + go: ["1.21"] + os: [ubuntu-latest] + name: "go test with OS: ${{ matrix.os }}; Go: ${{ matrix.go }}" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Setup go + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go }} + + - name: Run go test + run: go test -v -p 1 ./... diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml deleted file mode 100644 index ebb296e..0000000 --- a/.github/workflows/go-test.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Based on -# - https://github.com/marketplace/actions/setup-go-environment - -name: go-test.yaml - -on: [push] - -jobs: - build: - runs-on: ubuntu-latest - strategy: - matrix: - go: ["1.20"] - name: Go ${{ matrix.go }} - steps: - - uses: actions/checkout@v4 - - name: Setup go - uses: actions/setup-go@v5 - with: - go-version: ${{ matrix.go }} - - run: pwd - - run: go test -v -p 1 ./... diff --git a/.github/workflows/go-security.yaml b/.github/workflows/gosec.yaml similarity index 55% rename from .github/workflows/go-security.yaml rename to .github/workflows/gosec.yaml index 540be8c..4cfbf57 100644 --- a/.github/workflows/go-security.yaml +++ b/.github/workflows/gosec.yaml @@ -1,19 +1,26 @@ -# Based on -# - https://github.com/securego/gosec +name: 'gosec' -name: go-security.yaml +on: + push: + branches: + - main + pull_request: + branches: + - main -on: [push] +permissions: + contents: read jobs: - tests: + gosec: runs-on: ubuntu-latest env: GO111MODULE: on steps: - name: Checkout Source uses: actions/checkout@v4 + - name: Run Gosec Security Scanner - uses: securego/gosec@master + uses: securego/gosec@v2.18.2 with: args: ./... diff --git a/.github/workflows/make-go-tag.yaml b/.github/workflows/make-go-tag.yaml index ad7670f..f8603a4 100644 --- a/.github/workflows/make-go-tag.yaml +++ b/.github/workflows/make-go-tag.yaml @@ -1,9 +1,13 @@ -name: make-go-tag.yaml +name: 'make go tag' + on: push: tags: - "[0-9]+.[0-9]+.[0-9]+" -permissions: write-all + +permissions: + contents: write + jobs: make-go-tag: name: Make a vM.m.P tag @@ -11,5 +15,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Make go version tag - uses: senzing-factory/github-action-make-go-tag@main + uses: senzing-factory/github-action-make-go-tag@v1