Requested changes #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Opaque | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| raw.githubusercontent.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 | |
| with: | |
| go-version-file: ./go.mod | |
| # Linting | |
| - name: Linting | |
| uses: golangci/golangci-lint-action@9d1e0624a798bb64f6c3cea93db47765312263dc | |
| with: | |
| version: latest | |
| args: --config=./.github/.golangci.yml ./... | |
| only-new-issues: true | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go: [ '1.22', '1.21' ] | |
| steps: | |
| - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| github.com:443 | |
| proxy.golang.org:443 | |
| storage.googleapis.com:443 | |
| sum.golang.org:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 | |
| with: | |
| go-version: ${{ matrix.go }} | |
| # Test | |
| - name: Run Tests | |
| run: cd .github && make test | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8 | |
| with: | |
| disable-sudo: true | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.codecov.io:443 | |
| api.github.com:443 | |
| cli.codecov.io:443 | |
| ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 | |
| github.com:443 | |
| objects.githubusercontent.com:443 | |
| proxy.golang.org:443 | |
| scanner.sonarcloud.io:443 | |
| sonarcloud.io:443 | |
| storage.googleapis.com:443 | |
| - name: Checkout repo | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 | |
| with: | |
| go-version-file: ./go.mod | |
| # Coverage | |
| - name: Run coverage | |
| run: cd .github && make cover | |
| # Codecov | |
| - name: Codecov | |
| uses: codecov/codecov-action@dad251dcaf4fdaa10dfaa1c32aab58f9cb23a448 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| file: .github/coverage.out | |
| # Sonar | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| with: | |
| args: > | |
| -Dsonar.organization=bytemare-github | |
| -Dsonar.projectKey=bytemare_opaque | |
| -Dsonar.go.coverage.reportPaths=.github/coverage.out | |
| -Dsonar.sources=. | |
| -Dsonar.exclusions=examples_test.go | |
| -Dsonar.test.exclusions=examples_test.go,tests/** | |
| -Dsonar.coverage.exclusions=examples_test.go,tests/** | |
| -Dsonar.tests=tests/ | |
| -Dsonar.verbose=true |