-
Notifications
You must be signed in to change notification settings - Fork 5
131 lines (119 loc) · 3.75 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Opaque
on:
pull_request:
branches:
- main
permissions:
contents: read
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
- name: Checkout repo
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@df1a11710ed378b187f40c71eb3d6c08d82e7108
with:
go-version-file: ./go.mod
# Linting
- name: Linting
uses: golangci/golangci-lint-action@ebae5cee81ffe470becee7802f187bbbcd08e8c4
with:
version: latest
args: --config=./.github/.golangci.yml ./...
only-new-issues: true
test:
name: Test
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
go: [ '1.22', '1.21' ]
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
proxy.golang.org:443
storage.googleapis.com:443
sum.golang.org:443
- name: Checkout repo
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@df1a11710ed378b187f40c71eb3d6c08d82e7108
with:
go-version: ${{ matrix.go }}
# Test
- name: Run Tests
run: cd .github && make test
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.codecov.io:443
api.github.com:443
cli.codecov.io:443
ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
scanner.sonarcloud.io:443
sonarcloud.io:443
storage.googleapis.com:443
- name: Checkout repo
uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@df1a11710ed378b187f40c71eb3d6c08d82e7108
with:
go-version-file: ./go.mod
# Coverage
- name: Run coverage
run: cd .github && make cover
# Codecov
- name: Codecov
uses: codecov/codecov-action@2296b6ba9eee85301a5ef2c7c2cdc738faf1f939
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: .github/coverage.out
# Sonar
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=bytemare-github
-Dsonar.projectKey=bytemare_opaque
-Dsonar.go.coverage.reportPaths=.github/coverage.out
-Dsonar.sources=.
-Dsonar.exclusions=examples_test.go
-Dsonar.test.exclusions=examples_test.go,tests/**
-Dsonar.coverage.exclusions=examples_test.go,tests/**
-Dsonar.tests=tests/
-Dsonar.verbose=true