Update github-actions #449
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Opaque | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| raw.githubusercontent.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@b26d40294f8ad76fcc90b915dac85892322fe62d | |
| with: | |
| go-version-file: ./go.mod | |
| # Linting | |
| - name: Linting | |
| uses: golangci/golangci-lint-action@68de804037d6beb4bec814041c98865cb188f3db | |
| with: | |
| version: latest | |
| args: --config=./.github/.golangci.yml ./... | |
| only-new-issues: true | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go: [ '1.22', '1.21' ] | |
| steps: | |
| - uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| proxy.golang.org:443 | |
| storage.googleapis.com:443 | |
| sum.golang.org:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@b26d40294f8ad76fcc90b915dac85892322fe62d | |
| with: | |
| go-version: ${{ matrix.go }} | |
| # Test | |
| - name: Run Tests | |
| run: cd .github && make test | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@951b48540b429070694bc8abd82fd6901eb123ca | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.codecov.io:443 | |
| api.github.com:443 | |
| cli.codecov.io:443 | |
| ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| scanner.sonarcloud.io:443 | |
| sonarcloud.io:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@b26d40294f8ad76fcc90b915dac85892322fe62d | |
| with: | |
| go-version-file: ./go.mod | |
| # Coverage | |
| - name: Run coverage | |
| run: cd .github && make cover | |
| # Codecov | |
| - name: Codecov | |
| uses: codecov/codecov-action@8bacbcdafc25d23d7ccbf06e9aaf78c95a290f21 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| file: .github/coverage.out | |
| # Sonar | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=bytemare-github | |
| -Dsonar.projectKey=bytemare_opaque | |
| -Dsonar.go.coverage.reportPaths=.github/coverage.out | |
| -Dsonar.sources=. | |
| -Dsonar.exclusions=examples_test.go | |
| -Dsonar.test.exclusions=examples_test.go,tests/** | |
| -Dsonar.coverage.exclusions=examples_test.go,tests/** | |
| -Dsonar.tests=tests/ | |
| -Dsonar.verbose=true |