generated from LinuxSuRen/github-go
-
-
Notifications
You must be signed in to change notification settings - Fork 13
97 lines (94 loc) · 2.71 KB
/
pull-request.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Pull Request Build
on:
pull_request:
branches:
- master
jobs:
build:
name: Build
runs-on: ubuntu-20.04
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.18
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3.0.0
- name: Upgrade upx
run: |
# try to fix https://github.com/jenkins-zh/jenkins-cli/issues/493
wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
tar xvf upx-3.96-amd64_linux.tar.xz
upx-3.96-amd64_linux/upx -V
sudo mv upx-3.96-amd64_linux/upx $(which upx)
upx -V
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v4.1.1
with:
github_token: ${{ secrets.GH_PUBLISH_SECRETS }}
version: v1.14.0
args: release --skip-publish --rm-dist --snapshot
- name: Test against the cmd
run: |
sudo ./release/http-downloader_linux_amd64_v1/hd install jenkins-zh/jenkins-cli/jcli
jcli version
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.2.1
if: github.event_name == 'pull_request'
with:
scan-type: 'fs'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
GoLint:
name: Lint
runs-on: ubuntu-20.04
steps:
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.18
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3.0.0
- name: Go-linter-1
uses: Jerome1337/golint-action@v1.0.2
with:
golint-path: ./...
Security:
name: Security
runs-on: ubuntu-20.04
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3.0.0
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
args: '-exclude=G402,G204,G304,G110,G306,G107 ./...'
CodeQL:
name: CodeQL
runs-on: ubuntu-20.04
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3.0.0
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: go
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
MarkdownLinkCheck:
name: MarkdownLinkCheck
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3.0.0
- uses: gaurav-nelson/github-action-markdown-link-check@1.0.13
with:
use-verbose-mode: 'yes'