Update github-actions #360
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Opaque | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| raw.githubusercontent.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 | |
| with: | |
| go-version-file: ./go.mod | |
| # Linting | |
| - name: Linting | |
| uses: golangci/golangci-lint-action@d09fb0808ae08b4310fe3140992ba2475deac1c0 | |
| with: | |
| version: latest | |
| args: --config=./.github/.golangci.yml ./... | |
| only-new-issues: true | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go: [ '1.22', '1.21' ] | |
| steps: | |
| - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| proxy.golang.org:443 | |
| storage.googleapis.com:443 | |
| sum.golang.org:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 | |
| with: | |
| go-version: ${{ matrix.go }} | |
| # Test | |
| - name: Run Tests | |
| run: cd .github && make test | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@29e9ae12297382bde04e940b27e0638029f9f3cd | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.codecov.io:443 | |
| api.github.com:443 | |
| cli.codecov.io:443 | |
| ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| scanner.sonarcloud.io:443 | |
| sonarcloud.io:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 | |
| with: | |
| go-version-file: ./go.mod | |
| # Coverage | |
| - name: Run coverage | |
| run: cd .github && make cover | |
| # Codecov | |
| - name: Codecov | |
| uses: codecov/codecov-action@543b309c018563d55ed130e7a261ec4c9dac7a10 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| file: .github/coverage.out | |
| # Sonar | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=bytemare-github | |
| -Dsonar.projectKey=bytemare_opaque | |
| -Dsonar.go.coverage.reportPaths=.github/coverage.out | |
| -Dsonar.sources=. | |
| -Dsonar.exclusions=examples_test.go | |
| -Dsonar.test.exclusions=examples_test.go,tests/** | |
| -Dsonar.coverage.exclusions=examples_test.go,tests/** | |
| -Dsonar.tests=tests/ | |
| -Dsonar.verbose=true |