From bb6a8de9b73e863cc75f1c149949926182ab0960 Mon Sep 17 00:00:00 2001 From: Daniel Orbach Date: Tue, 10 Mar 2026 03:39:45 +0200 Subject: [PATCH 1/5] github: test the module across Go versions Exercises the test suite against stable and oldstable Go with race detection enabled to catch concurrency issues early. The workflow runs on every pull request and push to main. --- .github/workflows/ci.yml | 46 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..fcc76dc --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,46 @@ +# Continuous Integration Workflow +# +# Validates code quality and correctness on every pull request and push to +# main. +# +# The test job runs the test suite across multiple Go versions (stable and +# oldstable) with race detection enabled to catch concurrency issues. +# +# The lint job performs automated code quality checks using golangci-lint to +# catch common issues and style violations. + +name: "🚦 Integration" + +on: + push: + branches: [main] + pull_request: + branches: [main] + +permissions: + contents: read + +jobs: + test: + name: "🧪 Testing" + runs-on: ubuntu-latest + strategy: + matrix: + go-version: [stable, oldstable] + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Setup Go + uses: actions/setup-go@v6 + with: + go-version: ${{ matrix.go-version }} + + - name: Download dependencies + run: go mod download + + - name: Build + run: go build ./... + + - name: Test + run: go test -v -race ./... From feda85971415e726ab9984d1178aa4d115206fd9 Mon Sep 17 00:00:00 2001 From: Daniel Orbach Date: Tue, 10 Mar 2026 03:44:00 +0200 Subject: [PATCH 2/5] github: enforce code quality standards with golangci-lint Runs golangci-lint on every pull request using sensible defaults. The .golangci.yml configuration is intentionally minimal (version marker only), relying on the tool's built-in defaults until the project's needs require customization. --- .github/workflows/ci.yml | 17 +++++++++++++++++ .golangci.yml | 15 +++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 .golangci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fcc76dc..a63df20 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,3 +44,20 @@ jobs: - name: Test run: go test -v -race ./... + + lint: + name: "🌡️ Linting" + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v6 + + - name: Setup Go + uses: actions/setup-go@v6 + with: + go-version: stable + + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v9 + with: + version: latest diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..b39ec52 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,15 @@ +# Golangci-lint Configuration +# +# Golangci-lint can be used with zero configuration, relying on sensible +# defaults. This file exists as a signal to future maintainers that linting +# is part of the development workflow. +# +# When configuration becomes necessary, consult these resources: +# +# Configuration File Reference (includes link to latest full reference file): +# +# +# Available Linters (click any linter to see its specific configuration): +# + +version: "2" From 250241d2b709193d2ca19a33f2f84b860d6672a6 Mon Sep 17 00:00:00 2001 From: Daniel Orbach Date: Tue, 10 Mar 2026 03:44:38 +0200 Subject: [PATCH 3/5] github: scan for known Go vulnerabilities Runs govulncheck on every pull request and uploads SARIF results to GitHub Code Scanning. The job does not block merges on its own; enforcement is delegated to branch protection rules on Code Scanning alerts. --- .github/workflows/ci.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a63df20..2281a07 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -61,3 +61,23 @@ jobs: uses: golangci/golangci-lint-action@v9 with: version: latest + + govulncheck: + name: "🛡️ Vulnerability Scanning" + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + steps: + - name: Run govulncheck + uses: golang/govulncheck-action@v1 + with: + go-version-input: stable + output-format: sarif + output-file: results.sarif + + - name: Upload SARIF to Code Scanning + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif + category: govulncheck From 5776eb50bfbc67c8763501cd015403f6909ffd1d Mon Sep 17 00:00:00 2001 From: Daniel Orbach Date: Tue, 10 Mar 2026 03:46:26 +0200 Subject: [PATCH 4/5] github: run CI on a weekly schedule and manual dispatch Catches newly published linter rules and vulnerability advisories between active development periods. The weekly cron fires Monday 09:00 UTC; workflow_dispatch allows on-demand runs. --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2281a07..16d650e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,9 @@ on: branches: [main] pull_request: branches: [main] + schedule: + - cron: "0 9 * * 1" + workflow_dispatch: permissions: contents: read From e74421e1392efbc3b2cfa66104d2d169fdb9b27d Mon Sep 17 00:00:00 2001 From: Daniel Orbach Date: Tue, 10 Mar 2026 03:47:22 +0200 Subject: [PATCH 5/5] docs: display CI status badge in README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 52284a3..f1c33ac 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # v2-experiment +[![CI](https://github.com/go-digitaltwin/v2-experiment/actions/workflows/ci.yml/badge.svg)](https://github.com/go-digitaltwin/v2-experiment/actions/workflows/ci.yml) + A digital twin framework for event-driven systems in Go. **Input at runtime**: domain-specific deltas (partial updates describing