Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update GitHub workflows #82

Merged
merged 2 commits into from
Oct 18, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/issues.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Add issues or pull-requests created to the project.
# Add all the issues created to the project.
name: Add issue or pull request to Project

on:
Expand Down
37 changes: 37 additions & 0 deletions .github/workflows/security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Security
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
jobs:
scan:
strategy:
matrix:
go: ['1.20','1.21']
fail-fast: true
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
cache: false

- name: Run GoSec
uses: securego/gosec@master
with:
args: -exclude-dir examples ./...

- name: Run GoVulnCheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ${{ matrix.go }}
go-package: ./...
29 changes: 3 additions & 26 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -1,20 +1,18 @@
name: CI
name: Test
on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

jobs:
verify-and-test-and-fuzz:
unit:
strategy:
matrix:
go: ['1.19','1.20']
go: ['1.20','1.21']
os: [ubuntu-latest, macos-latest, windows-latest]
fail-fast: true
runs-on: ${{ matrix.os }}
Expand All @@ -28,30 +26,9 @@ jobs:
go-version: ${{ matrix.go }}
cache: false

- name: Run GolangCI-Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53
args: --timeout=5m

- name: Run GoSec
if: matrix.os == 'ubuntu-latest'
uses: securego/gosec@master
with:
args: ./...

- name: Run GoVulnCheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ${{ matrix.go }}
go-package: ./...

- name: Run Tests
run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./...

- name: Run Fuzz Tests
run: go test -v -fuzz FuzzEncodeDecode -fuzztime 60s

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
Expand Down
32 changes: 32 additions & 0 deletions .github/workflows/verify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Verify
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
contents: read
jobs:
lint:
strategy:
matrix:
go: ['1.20','1.21']
fail-fast: true
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
cache: false

- name: Run GolangCI-Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53
args: --timeout=5m
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module github.com/gorilla/securecookie

go 1.19
go 1.20

require github.com/google/gofuzz v1.2.0