Calypso audits secret revelations #196

	# Test the ledger modules
	name: Ledger (go)

	on:
	push:
	branches:
	- main

	pull_request:
	types:
	- opened
	- synchronize
	- reopened

	permissions:
	contents: read

	jobs:
	build:

	runs-on: ubuntu-latest

	env:
	OPENSSL_DIR: /opt/openssl

	defaults:
	run:
	working-directory: ./ledger

	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	submodules: recursive
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of Sonar analysis

	- name: Use go >= 1.18
	uses: actions/setup-go@v3
	with:
	go-version: '>=1.18'

	- uses: actions/cache@v3
	id: cache-openssl
	with:
	path: ${{ env.OPENSSL_DIR }}
	key: ${{ runner.os }}-openssl

	# Inspired from https://github.com/sfackler/rust-openssl/blob/master/.github/workflows/ci.yml
	- name: Build OpenSSL
	if: steps.cache-openssl.outputs.cache-hit != 'true'
	run: \|
	url="https://openssl.org/source/openssl-3.0.3.tar.gz"
	OS_COMPILER=linux-x86_64

	mkdir /tmp/build
	cd /tmp/build
	curl -L $url \| tar --strip-components=1 -xzf -
	./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS no-shared
	make
	make install_sw

	- name: Install ZMQ
	run: sudo apt install libzmq3-dev

	- name: Test all
	run: \|
	go test -v -coverpkg=./... -coverprofile=coverage.out ./... -json > report.json

	- name: Run code analysis
	uses: SonarSource/sonarcloud-github-action@master
	with:
	projectBaseDir: ledger
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_LEDGER }}

Provide feedback