Merge pull request #43 from infosiftr/defense-in-depth #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| schedule: | |
| - cron: 0 0 * * 0 | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: 'bash -Eeuo pipefail -x {0}' | |
| jobs: | |
| test: | |
| name: Smoke Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Bashbrew | |
| run: | | |
| # not doing "uses: docker-library/bashbrew@xxx" because it'll build which is slow and we don't need more than just bashbrew here | |
| mkdir .bin | |
| wget -O .bin/bashbrew 'https://github.com/docker-library/bashbrew/releases/download/v0.1.11/bashbrew-amd64' | |
| echo '6203635644d0efef2886f8ea9c487995a7abc4166db7a4773e94f89c943a4b04 *.bin/bashbrew' | sha256sum --strict --check - | |
| chmod +x .bin/bashbrew | |
| .bin/bashbrew --version | |
| echo "$PWD/.bin" >> "$GITHUB_PATH" | |
| - run: .test/test.sh --deploy | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage | |
| path: | | |
| .test/.coverage/coverage.* | |
| .test/.coverage/GOCOVERDIR/ | |
| if-no-files-found: error | |
| - name: gofmt | |
| run: find -name '*.go' -type f -exec ./.go-env.sh gofmt -l -s -w '{}' + | |
| - run: git diff --exit-code | |
| # TODO download latest coverage artifacts from HEAD / PR target to emulate Codecov but without another flaky third-party service that's begging for write-access to all our repositories via a GitHub App? 👀 |