SpecterOps · ykaiboussiSO · May 20, 2026 · May 19, 2026 · May 19, 2026 · May 19, 2026
diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml
@@ -24,11 +24,19 @@ on:
     types:
       - "opened"
       - "synchronize"
+      - "reopened"
 
 jobs:
+  call-run-upload-main-coverage-files:
+    uses: ./.github/workflows/upload-coverage-files.yml
   test:
     runs-on: ubuntu-latest
+    needs: call-run-upload-main-coverage-files
     steps:
+      - env:
+          COV_FILE_ID: ${{ needs.call-run-upload-main-coverage-files.outputs.coverage-artifact-id }}
+        run: echo "Artifact ID from previous job is $COV_FILE_ID"
+
       - name: Checkout source code for this repository
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
 
@@ -41,8 +49,41 @@ jobs:
 
       - name: Run Tests
         run: |
-          go test ./...
+          make test
+
+      - name: Parse Coverage Value From Feature Branch
+        run: |
+          echo "current_coverage=$(tail -n 1 .coverage/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV
+
+      - name: Feature Branch Coverage Value
+        run: |
+          printf 'Coverage Value: %s\n' "$current_coverage"
+
+      - name: Download Main Coverage
+        uses: actions/download-artifact@v8
+        with:
+          artifact-ids: ${{ needs.call-run-upload-main-coverage-files.outputs.coverage-artifact-id }}
+          path: tmp/
 
+      - name: Display structure of downloaded files
+        run: ls -R
+
+      - name: Parse Coverage Value From Main Branch
+        run: |
+          echo "main_coverage=$(tail -n 1 tmp/coverage.txt | awk '{print $3}' | awk 'sub("%", "")')" >> $GITHUB_ENV
+
+      - name: Main Coverage Value
+        run: |
+          printf 'Coverage Value: %s\n' "$main_coverage"
+
+      - name: Coverage Evaluation
+        run: |
+          if (( $(echo "$current_coverage < $main_coverage" | bc -l))); then
+            echo "Failing the workflow. Coverage on feature branch ($current_coverage%) is below main branch ($main_coverage%)"
+            exit 1
+          else
+            echo "Coverage is within the limits"
+          fi
   integration-test-pg:
     name: Run integration tests (pg)
     runs-on: ubuntu-latest
@@ -75,7 +116,7 @@ jobs:
         env:
           CONNECTION_STRING: postgres://dawgs:weneedbetterpasswords@localhost:5432/dawgs?sslmode=disable
         run: |
-          go test -tags manual_integration ./integration
+          make test_integration
 
   integration-test-neo4j:
     name: Run integration tests (neo4j)
@@ -108,4 +149,4 @@ jobs:
         env:
           CONNECTION_STRING: neo4j://neo4j:weneedbetterpasswords@localhost:7687
         run: |
-          go test -tags manual_integration ./integration
+          make test_integration
diff --git a/.github/workflows/upload-coverage-files.yml b/.github/workflows/upload-coverage-files.yml
@@ -0,0 +1,52 @@
+# Copyright 2026 Specter Ops, Inc.
+#
+# Licensed under the Apache License, Version 2.0
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+name: Run Go Tests on Main Branch
+
+on:
+  workflow_call:
+    outputs:
+      coverage-artifact-id:
+        description: Coverage artifact id for the main branch baseline
+        value: ${{ jobs.upload-main-coverage-files.outputs.coverage-artifact-id }}
+
+jobs:
+  upload-main-coverage-files:
+    runs-on: ubuntu-latest
+    outputs:
+      coverage-artifact-id: ${{ steps.upload-coverage-artifact-step.outputs.artifact-id }}
+    steps:
+      - name: Checkout source code for this repository
+        uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # ratchet:actions/checkout@v5
+        with:
+          ref: main
+
+      - name: Install Go
+        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # ratchet:actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+          cache: true
+          check-latest: true
+
+      - name: Run Make Test Cmd
+        run: make test
+
+      - name: Upload Coverage File
+        uses: actions/upload-artifact@v7
+        id: upload-coverage-artifact-step
+        with:
+          include-hidden-files: true
+          path: .coverage/coverage.txt