158 lines
3.6 KiB
YAML
158 lines
3.6 KiB
YAML
name: ci
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ci-${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Lint
|
|
uses: golangci/golangci-lint-action@v9.2.0
|
|
with:
|
|
version: v2.11.1
|
|
|
|
- name: Install analyzers
|
|
run: |
|
|
go install honnef.co/go/tools/cmd/staticcheck@v0.7.0
|
|
go install mvdan.cc/gofumpt@v0.9.2
|
|
go install github.com/securego/gosec/v2/cmd/gosec@v2.25.0
|
|
|
|
- name: Vet
|
|
run: go vet ./...
|
|
|
|
- name: Staticcheck
|
|
run: '"$(go env GOPATH)/bin/staticcheck" ./...'
|
|
|
|
- name: Gofumpt
|
|
run: |
|
|
changed="$("$(go env GOPATH)/bin/gofumpt" -l .)"
|
|
if [ -n "$changed" ]; then
|
|
printf 'gofumpt wants changes in:\n%s\n' "$changed"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Gosec
|
|
run: |
|
|
"$(go env GOPATH)/bin/gosec" -exclude=G101,G115,G202,G301,G304 ./...
|
|
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 20
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Test with coverage
|
|
run: go test -count=1 ./... -coverprofile=coverage.out
|
|
|
|
- name: Test with race detector
|
|
run: go test -count=1 -race ./...
|
|
|
|
- name: Enforce coverage floor
|
|
run: ./scripts/coverage.sh 35.0
|
|
|
|
- name: Build
|
|
run: go build ./cmd/telecrawl
|
|
|
|
deps:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Verify module cache
|
|
run: go mod verify
|
|
|
|
- name: Check go.mod tidy
|
|
run: |
|
|
go mod tidy
|
|
git diff --exit-code -- go.mod go.sum
|
|
|
|
- name: Install govulncheck
|
|
run: go install golang.org/x/vuln/cmd/govulncheck@v1.3.0
|
|
|
|
- name: Run govulncheck
|
|
run: '"$(go env GOPATH)/bin/govulncheck" ./...'
|
|
|
|
release-check:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Snapshot release build
|
|
uses: goreleaser/goreleaser-action@v7.1.0
|
|
with:
|
|
distribution: goreleaser
|
|
version: "~> v2"
|
|
args: release --snapshot --clean --skip=publish
|
|
|
|
secrets:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v6.4.0
|
|
with:
|
|
go-version-file: go.mod
|
|
cache: true
|
|
|
|
- name: Install gitleaks
|
|
run: go install github.com/zricethezav/gitleaks/v8@v8.30.1
|
|
|
|
- name: Scan git history
|
|
run: |
|
|
"$(go env GOPATH)/bin/gitleaks" git --no-banner --redact
|
|
|
|
- name: Scan working tree
|
|
run: |
|
|
"$(go env GOPATH)/bin/gitleaks" dir . --no-banner --redact
|