SEC-090: Automated trusted workflow pinning (2024-04-29) #335

	name: consul-telemetry-checks

	on:
	push:
	branches:
	- main
	- 'release/..x'
	pull_request:

	jobs:
	get-go-version:
	name: "Determine Go toolchain version"
	runs-on: ubuntu-latest
	outputs:
	go-version: ${{ steps.get-go-version.outputs.go-version }}
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- name: Determine Go version
	id: get-go-version
	# We use .go-version as our source of truth for current Go
	# version, because "goenv" can react to it automatically.
	run: \|
	echo "Building with Go $(cat .go-version)"
	echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT

	test:
	runs-on: ubuntu-latest
	needs:
	- get-go-version
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: ${{ needs.get-go-version.outputs.go-version }}
	- name: Deps
	run: \|
	make deps
	- name: Test
	run: \|
	make go/test

	golangci:
	name: lint
	needs:
	- get-go-version
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	- uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: ${{ needs.get-go-version.outputs.go-version }}
	- name: Deps
	run: \|
	make deps
	- name: Lint
	run: \|
	export PATH=$(go env GOPATH)/bin:$PATH
	make go/lint

	e2e:
	if: github.repository == 'hashicorp/consul-telemetry-collector' && contains(github.event.pull_request.labels.*.name, 'e2e')
	needs:
	[test, golangci]
	uses: ./.github/workflows/e2e.yml
	secrets: inherit

Provide feedback