From b491543aa650d9a25e79aefc8d5d5bb0c64a14f0 Mon Sep 17 00:00:00 2001 From: Alexander Adam Date: Sun, 17 May 2026 10:27:55 +0200 Subject: [PATCH 1/2] Reorganize jobs in workflows, fix linter and update dependencies. Signed-off-by: Alexander Adam --- .github/workflows/compliance.yml | 188 +++++++++++++++++-------------- .github/workflows/scorecard.yml | 2 +- .github/workflows/security.yml | 43 ++----- .github/workflows/test.yml | 55 +-------- .golangci.yaml | 1 + go.mod | 8 +- go.sum | 29 +++-- migration_test.go | 6 +- 8 files changed, 138 insertions(+), 194 deletions(-) diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index f85cb9f..001feb9 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -19,34 +19,15 @@ permissions: contents: read jobs: - REUSE: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 1 - - - name: REUSE Compliance Check - uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 #v6.0.0 - - CheckSignedOffCommit: - if: > - github.event_name == 'push' && - !contains(github.actor, '[bot]') && - !contains(github.event.pusher.name, '[bot]') && - github.event.pusher.name != 'web-flow' + CheckSignedOff: + if: github.event_name != 'pull_request' || !contains(github.event.pull_request.labels.*.name, 'bypass-dco') runs-on: ubuntu-latest permissions: contents: read + pull-requests: read steps: - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1 with: egress-policy: audit @@ -56,7 +37,11 @@ jobs: fetch-depth: 0 - name: Determine pushed commits - id: range + if: > + github.event_name == 'push' && + !contains(github.actor, '[bot]') && + !contains(github.event.pusher.name, '[bot]') && + github.event.pusher.name != 'web-flow' env: # Use GitHub-provided SHAs to build the range for this push BEFORE: ${{ github.event.before }} @@ -72,10 +57,25 @@ jobs: git rev-list --no-merges "$BEFORE".."$AFTER" > shas.txt fi + - name: Get PR commits + if: github.event_name == 'pull_request' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -euo pipefail + + # Fetch all commits of the PR with pagination and extract SHAs + gh api -H "Accept: application/vnd.github+json" --paginate \ + repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits \ + | jq -r '.[].sha' > shas.txt + - name: Check for Signed-off-by env: GH_ACTOR: ${{ github.actor }} - GH_NAME: ${{ github.event.pusher.name }} + GH_NAME: ${{ github.event.name == 'push' && github.event.pusher.name + || github.event.pull_request.user.login }} + GH_NAME_SOURCE: ${{ github.event_name == 'push' && 'github.event.pusher.name' + || 'github.event.pull_request.user.login' }} run: | set -euo pipefail missing="" @@ -102,27 +102,51 @@ jobs: echo "Commit $sha missing Signed-off-by" missing="true" - echo "Committer name: $committer_name" - echo "Committer email: $committer_email" - echo "github.actor: $GH_ACTOR" - echo "github.event.pusher.name: $GH_NAME" + printf "%-38s %s" "Committer name:" "$committer_name" + printf "%-38s %s" "Committer email:" "$committer_email" + printf "%-38s %s" "github.actor:" "$GH_ACTOR" + printf "%-38s %s" "$GH_NAME_SOURCE:" "$GH_NAME" fi done < shas.txt if [ "$missing" = "true" ] then - echo "DCO check failed on push" + echo "DCO check failed for commits" exit 1 fi - echo "All pushed commits are signed" + echo "All commits are signed" - CheckSignedOffPullRequest: - if: github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'bypass-dco') + FormatCheck: + strategy: + matrix: + go-version: + - "stable" + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + with: + egress-policy: audit + + - name: Install Go + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version: ${{matrix.go-version}} + + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 1 + + - name: FormatCheck + run: if [ `go fmt ./... | wc -l` -gt 0 ] ; then echo "Found unformatted code" ; exit 1 ; else exit 0 ; fi + + GolangCI: runs-on: ubuntu-latest permissions: contents: read - pull-requests: read + security-events: write steps: - name: Harden Runner uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 @@ -132,61 +156,61 @@ jobs: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: - fetch-depth: 0 + fetch-depth: 1 - - name: Get PR commits - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - set -euo pipefail - gh --version - jq --version + - name: Run golangci-lint + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 + with: + version: latest + args: --timeout=5m --output.sarif.path=golangci-lint-results.sarif --output.text.path=stdout - # Fetch all commits of the PR with pagination and extract SHAs - gh api -H "Accept: application/vnd.github+json" --paginate \ - repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/commits \ - | jq -r '.[].sha' > shas.txt + - name: Upload golangci-lint results to GitHub Security tab + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + with: + sarif_file: golangci-lint-results.sarif - - name: Check for Signed-off-by - env: - GH_ACTOR: ${{ github.actor }} - GH_NAME: ${{ github.event.pull_request.user.login}} - run: | - set -euo pipefail - missing="" + REUSE: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + with: + egress-policy: audit - while read -r sha - do - [ -n "$sha" ] || continue + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 1 - # Skip commits from bots - committer_name=`git log --format=%cn -n 1 "$sha"` - committer_email=`git log --format=%ce -n 1 "$sha"` - if echo "$committer_name" | grep -Fq '[bot]' \ - || [ "$committer_name" = "web-flow" ] \ - || echo "$committer_email" | grep -Eqi 'noreply@github\.com$|@users\.noreply\.github\.com$' - then - echo "Skipping commit $sha from $committer_name <$committer_email>" - continue - fi + - name: REUSE Compliance Check + uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 #v6.0.0 - msg=`git log --format=%B -n 1 "$sha"` + StaticCheck: + strategy: + matrix: + go-version: + - "stable" + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 + with: + egress-policy: audit - if ! printf '%s' "$msg" | grep -Eqi '^[[:space:]]*Signed[- ]off[- ]by:' - then - echo "Commit $sha missing Signed-off-by" - missing="true" + - name: Install Go + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + with: + go-version: ${{matrix.go-version}} - echo "Committer name: $committer_name" - echo "Committer email: $committer_email" - echo "github.actor: $GH_ACTOR" - echo "github.event.pull_request.user.login: $GH_NAME" - fi - done < shas.txt + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 1 - if [ "$missing" = "true" ] - then - echo "DCO check failed"; exit 1 - fi + - name: StaticCheck + uses: dominikh/staticcheck-action@9716614d4101e79b4340dd97b10e54d68234e431 # v1.4.1 + with: + version: latest + install-go: false + cache-key: ${{matrix.go-version}} - echo "All commits are signed" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 6255ea5..4573033 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -16,7 +16,7 @@ on: - cron: '36 3 * * 2' push: branches: - - master + - "master" # Declare default permissions as read-only. permissions: read-all diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 73ffa51..a591bf9 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -15,37 +15,10 @@ on: permissions: read-all jobs: - GolangCI: - runs-on: ubuntu-latest - permissions: - contents: read - security-events: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 1 - - - name: Run golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 - with: - version: latest - args: --timeout=5m --output.sarif.path=golangci-lint-results.sarif --output.text.path=stdout - - - name: Upload golangci-lint results to GitHub Security tab - uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 - with: - sarif_file: golangci-lint-results.sarif - TrivyCode: runs-on: ubuntu-latest permissions: - contents: read + contents: read security-events: write steps: - name: Harden Runner @@ -59,11 +32,11 @@ jobs: - name: Run Trivy vulnerability scanner in fs mode uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0 with: - scan-type: 'fs' + scan-type: 'fs' ignore-unfixed: true - format: 'sarif' - output: 'trivy-results.sarif' - severity: 'CRITICAL,HIGH' + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 @@ -77,7 +50,7 @@ jobs: - "stable" runs-on: ubuntu-latest permissions: - contents: read + contents: read security-events: write steps: - name: Harden Runner @@ -89,8 +62,8 @@ jobs: uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 with: go-version-input: ${{matrix.go-version}} - output-format: sarif - output-file: govulncheck-results.sarif + output-format: sarif + output-file: govulncheck-results.sarif - name: Print Sarif id: printSarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9d67cc2..dea9de9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -15,60 +15,6 @@ on: permissions: read-all jobs: - FormatCheck: - strategy: - matrix: - go-version: - - "stable" - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - - name: Install Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 - with: - go-version: ${{matrix.go-version}} - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 1 - - - name: FormatCheck - run: if [ `go fmt ./... | wc -l` -gt 0 ] ; then echo "Found unformatted code" ; exit 1 ; else exit 0 ; fi - - StaticCheck: - strategy: - matrix: - go-version: - - "stable" - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0 - with: - egress-policy: audit - - - name: Install Go - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 - with: - go-version: ${{matrix.go-version}} - - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 1 - - - name: StaticCheck - uses: dominikh/staticcheck-action@9716614d4101e79b4340dd97b10e54d68234e431 # v1.4.1 - with: - version: latest - install-go: false - cache-key: ${{matrix.go-version}} - Test: strategy: matrix: @@ -111,6 +57,7 @@ jobs: - name: Upload coverage to Codecov uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: + report_type: coverage token: ${{ secrets.CODECOV_TOKEN }} # This action is mainly composed of snippets of github.com/jidicula/go-fuzz-action diff --git a/.golangci.yaml b/.golangci.yaml index 62703be..b8ad458 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,6 +15,7 @@ linters: disable: - exhaustruct + - gomodguard - noinlineerr - nonamedreturns - wsl diff --git a/go.mod b/go.mod index 8915e7f..7fb87c5 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ go 1.25.0 require ( github.com/stretchr/testify v1.11.1 - modernc.org/sqlite v1.49.1 + modernc.org/sqlite v1.50.1 ) require ( @@ -20,19 +20,19 @@ require ( github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-isatty v0.0.22 // indirect github.com/ncruces/go-strftime v1.0.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect golang.org/x/mod v0.33.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.42.0 // indirect + golang.org/x/sys v0.44.0 // indirect golang.org/x/term v0.35.0 // indirect golang.org/x/text v0.17.0 // indirect golang.org/x/tools v0.42.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/gotestsum v1.13.0 // indirect - modernc.org/libc v1.72.0 // indirect + modernc.org/libc v1.72.3 // indirect modernc.org/mathutil v1.7.1 // indirect modernc.org/memory v1.11.0 // indirect ) diff --git a/go.sum b/go.sum index c8235b1..93dbd49 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyf github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4= +github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4= github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w= github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -40,9 +40,8 @@ golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4= golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= -golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ= +golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ= golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA= golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= @@ -57,10 +56,10 @@ gotest.tools/gotestsum v1.13.0 h1:+Lh454O9mu9AMG1APV4o0y7oDYKyik/3kBOiCqiEpRo= gotest.tools/gotestsum v1.13.0/go.mod h1:7f0NS5hFb0dWr4NtcsAsF0y1kzjEFfAil0HiBQJE03Q= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= -modernc.org/cc/v4 v4.27.3 h1:uNCgn37E5U09mTv1XgskEVUJ8ADKpmFMPxzGJ0TSo+U= -modernc.org/cc/v4 v4.27.3/go.mod h1:3YjcbCqhoTTHPycJDRl2WZKKFj0nwcOIPBfEZK0Hdk8= -modernc.org/ccgo/v4 v4.32.4 h1:L5OB8rpEX4ZsXEQwGozRfJyJSFHbbNVOoQ59DU9/KuU= -modernc.org/ccgo/v4 v4.32.4/go.mod h1:lY7f+fiTDHfcv6YlRgSkxYfhs+UvOEEzj49jAn2TOx0= +modernc.org/cc/v4 v4.28.2 h1:3tQ0lf2ADtoby2EtSP+J7IE2SHwEJdP8ioR59wx7XpY= +modernc.org/cc/v4 v4.28.2/go.mod h1:OnovgIhbbMXMu1aISnJ0wvVD1KnW+cAUJkIrAWh+kVI= +modernc.org/ccgo/v4 v4.34.0 h1:yRLPFZieg532OT4rp4JFNIVcquwalMX26G95WQDqwCQ= +modernc.org/ccgo/v4 v4.34.0/go.mod h1:AS5WYMyBakQ+fhsHhtP8mWB82KTGPkNNJDGfGQCe0/A= modernc.org/fileutil v1.4.0 h1:j6ZzNTftVS054gi281TyLjHPp6CPHr2KCxEXjEbD6SM= modernc.org/fileutil v1.4.0/go.mod h1:EqdKFDxiByqxLk8ozOxObDSfcVOv/54xDs/DUHdvCUU= modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI= @@ -69,18 +68,18 @@ modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo= modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY= modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks= modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI= -modernc.org/libc v1.72.0 h1:IEu559v9a0XWjw0DPoVKtXpO2qt5NVLAnFaBbjq+n8c= -modernc.org/libc v1.72.0/go.mod h1:tTU8DL8A+XLVkEY3x5E/tO7s2Q/q42EtnNWda/L5QhQ= +modernc.org/libc v1.72.3 h1:ZnDF4tXn4NBXFutMMQC4vtbTFSXhhKzR73fv0beZEAU= +modernc.org/libc v1.72.3/go.mod h1:dn0dZNnnn1clLyvRxLxYExxiKRZIRENOfqQ8XEeg4Qs= modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU= modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg= modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI= modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw= -modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8= -modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= +modernc.org/opt v0.2.0 h1:tGyef5ApycA7FSEOMraay9SaTk5zmbx7Tu+cJs4QKZg= +modernc.org/opt v0.2.0/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns= modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w= modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE= -modernc.org/sqlite v1.49.1 h1:dYGHTKcX1sJ+EQDnUzvz4TJ5GbuvhNJa8Fg6ElGx73U= -modernc.org/sqlite v1.49.1/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew= +modernc.org/sqlite v1.50.1 h1:l+cQvn0sd0zJJtfygGHuQJ5AjlrwXmWPw4KP3ZMwr9w= +modernc.org/sqlite v1.50.1/go.mod h1:tcNzv5p84E0skkmJn038y+hWJbLQXQqEnQfeh5r2JLM= modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0= modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A= modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y= diff --git a/migration_test.go b/migration_test.go index cd36ad6..4e4ea2a 100644 --- a/migration_test.go +++ b/migration_test.go @@ -268,7 +268,7 @@ func TestMigrationIsValid(t *testing.T) { m: dmorph.Morpher{ Dialect: dmorph.DialectSQLite(), Migrations: []dmorph.Migration{dmorph.FileMigration{Name: "01"}}, - TableName: "migrations", + TableName: dmorph.MigrationTableName, }, err: nil, }, @@ -276,7 +276,7 @@ func TestMigrationIsValid(t *testing.T) { m: dmorph.Morpher{ Dialect: nil, Migrations: []dmorph.Migration{dmorph.FileMigration{Name: "01"}}, - TableName: "migrations", + TableName: dmorph.MigrationTableName, }, err: dmorph.ErrNoDialect, }, @@ -284,7 +284,7 @@ func TestMigrationIsValid(t *testing.T) { m: dmorph.Morpher{ Dialect: dmorph.DialectSQLite(), Migrations: nil, - TableName: "migrations", + TableName: dmorph.MigrationTableName, }, err: dmorph.ErrNoMigrations, }, From 7ad3a5384fd699877ed40d256e3b1c4ea578d18a Mon Sep 17 00:00:00 2001 From: Alexander Adam Date: Sun, 17 May 2026 10:50:24 +0200 Subject: [PATCH 2/2] Incorporate review comments. Signed-off-by: Alexander Adam --- .github/workflows/compliance.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml index 001feb9..b0a0040 100644 --- a/.github/workflows/compliance.yml +++ b/.github/workflows/compliance.yml @@ -38,17 +38,25 @@ jobs: - name: Determine pushed commits if: > - github.event_name == 'push' && - !contains(github.actor, '[bot]') && - !contains(github.event.pusher.name, '[bot]') && - github.event.pusher.name != 'web-flow' + github.event_name == 'push' env: # Use GitHub-provided SHAs to build the range for this push BEFORE: ${{ github.event.before }} AFTER: ${{ github.sha }} + GH_ACTOR: ${{ github.actor }} + GH_PUSHER: ${{ github.event.pusher.name }} run: | set -euo pipefail + # Bot / web-flow pushes: create empty file so later steps succeed + if echo "$GH_ACTOR" | grep -Fq '[bot]' \ + || echo "$GH_PUSHER" | grep -Fq '[bot]' \ + || [ "$GH_PUSHER" = "web-flow" ] + then + touch shas.txt + exit 0 + fi + if [ "$BEFORE" = "0000000000000000000000000000000000000000" ] then # New branch or force push without previous SHA @@ -72,7 +80,7 @@ jobs: - name: Check for Signed-off-by env: GH_ACTOR: ${{ github.actor }} - GH_NAME: ${{ github.event.name == 'push' && github.event.pusher.name + GH_NAME: ${{ github.event_name == 'push' && github.event.pusher.name || github.event.pull_request.user.login }} GH_NAME_SOURCE: ${{ github.event_name == 'push' && 'github.event.pusher.name' || 'github.event.pull_request.user.login' }}