diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 0c8b086..3f80ede 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,23 +8,36 @@ on: jobs: build: - name: Build + name: Build and Test runs-on: ubuntu-latest + strategy: + matrix: + go-version: ['1.21', '1.22', '1.23'] steps: - - name: Set up Go 1.x - uses: actions/setup-go@v2 + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v4 with: - go-version: ^1.17 + go-version: ${{ matrix.go-version }} id: go - - name: Set up linter - run: go get -u github.com/mgechev/revive - - - name: Check out code into the Go module directory - uses: actions/checkout@v2 + - name: Cache Go modules + uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go-${{ matrix.go-version }}- - name: Get dependencies - run: go get -v -t -d ./... + run: go mod download + + - name: Set up linter + run: go install github.com/mgechev/revive@latest - name: Lint run: revive -config revive.toml -formatter stylish -exclude ./vendor/... ./... @@ -32,5 +45,58 @@ jobs: - name: Vet run: go vet ./... - - name: Test - run: go test -v ./... + - name: Build + run: go build -v ./... + + - name: Test with coverage + run: go test -v -race -coverprofile=coverage.out ./... + + - name: Upload coverage to Codecov + if: matrix.go-version == '1.23' + uses: codecov/codecov-action@v3 + with: + file: ./coverage.out + flags: unittests + name: codecov-umbrella + + security: + name: Security Scan + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ^1.23 + + - name: Run Go security checks + run: | + # Run go mod tidy to ensure clean module state + go mod tidy + + # Run comprehensive go vet checks + go vet ./... + + # Install and run staticcheck for additional security analysis + go install honnef.co/go/tools/cmd/staticcheck@latest + ~/go/bin/staticcheck ./... + + dependency-check: + name: Dependency Check + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: ^1.23 + + - name: Verify dependencies + run: | + go mod verify + go mod tidy + git diff --exit-code go.mod go.sum diff --git a/go.mod b/go.mod index 6a3533e..8366be3 100644 --- a/go.mod +++ b/go.mod @@ -1,16 +1,16 @@ module github.com/go-waitfor/waitfor-http -go 1.17 +go 1.23 require ( github.com/go-waitfor/waitfor v1.0.0 - github.com/jarcoal/httpmock v1.0.8 - github.com/stretchr/testify v1.7.0 + github.com/jarcoal/httpmock v1.4.1 + github.com/stretchr/testify v1.11.1 ) require ( github.com/cenkalti/backoff v2.2.1+incompatible // indirect - github.com/davecgh/go-spew v1.1.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 6789481..0138486 100644 --- a/go.sum +++ b/go.sum @@ -1,17 +1,18 @@ github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/go-waitfor/waitfor v1.0.0 h1:KX6SpTtEM2OOwJu5QP6MXvdi0Llq55d8dywSSZD+gSI= github.com/go-waitfor/waitfor v1.0.0/go.mod h1:a5e6B1hss5InR3moU7xAOP2thPsbjbTArD5+Kud4YaQ= -github.com/jarcoal/httpmock v1.0.8 h1:8kI16SoO6LQKgPE7PvQuV+YuD/inwHd7fOOe2zMbo4k= -github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= +github.com/jarcoal/httpmock v1.4.1 h1:0Ju+VCFuARfFlhVXFc2HxlcQkfB+Xq12/EotHko+x2A= +github.com/jarcoal/httpmock v1.4.1/go.mod h1:ftW1xULwo+j0R0JJkJIIi7UKigZUXCLLanykgjwBXL0= +github.com/maxatome/go-testdeep v1.14.0 h1:rRlLv1+kI8eOI3OaBXZwb3O7xY3exRzdW5QyX48g9wI= +github.com/maxatome/go-testdeep v1.14.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=