Status checks #517
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow to check whether changes to master fulfill all requirements. | |
| name: Status checks | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| schedule: | |
| # Run every monday on 9:00 in the morning (UTC). | |
| - cron: "0 9 * * 1" | |
| # Make it possible to trigger the checks manually. | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| os: [ linux, darwin, windows ] | |
| arch: [ amd64, 386, arm, arm64 ] | |
| exclude: | |
| - os: darwin | |
| arch: 386 | |
| - os: darwin | |
| arch: arm | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Build artifact | |
| uses: ./.github/actions/build | |
| with: | |
| os: ${{ matrix.os }} | |
| arch: ${{ matrix.arch }} | |
| docker-build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # We only run the build stage to prevent that the IRMA schemes are downloaded. | |
| - name: Run Dockerfile build stage | |
| run: docker build -t privacybydesign/irma:build --target build . | |
| - name: Test Docker image | |
| # Because we have only run the build stage, we have to explicitly set irma as entrypoint. | |
| run: docker run --entrypoint irma privacybydesign/irma:build version | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: ^1.18 | |
| - name: Run gofmt | |
| # gofmt does not return non-zero exit codes on failure, so we have to check that there are no issues using grep. | |
| run: gofmt -d -e . | (! grep ^) | |
| - name: Run go vet | |
| run: go vet ./... | |
| - name: Install ineffassign | |
| run: go install github.com/gordonklaus/ineffassign@latest | |
| - name: Run ineffassign | |
| run: ineffassign ./... | |
| - name: Install misspell | |
| run: go install github.com/client9/misspell/cmd/misspell@latest | |
| - name: Run misspell | |
| run: misspell -error . | |
| - name: Install staticcheck | |
| run: go install honnef.co/go/tools/cmd/[email protected] | |
| - name: Run staticcheck | |
| run: staticcheck -checks "all,-ST1000,-ST1003,-SA1019,-SA1029" ./... | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run all unit tests | |
| run: docker-compose run test -v ./... | |
| analyze: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: go | |
| queries: +security-and-quality | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 |