status-checks.yml

# Workflow to check whether changes to the main branch fulfill all requirements.
name: Status checks

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  schedule:
    # Run every monday on 9:00 in the morning (UTC).
    - cron: "0 9 * * 1"
  # Make it possible to trigger the checks manually.
  workflow_dispatch:

jobs:

  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: ^1.18

      - name: Build
        run: go build -v -o uniqueid-issuer-linux-amd64
      
  lint:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3

    - name: Set up Go
      uses: actions/setup-go@v3
      with:
        go-version: ^1.18

    - name: Run gofmt
      # gofmt does not return non-zero exit codes on failure, so we have to check that there are no issues using grep.
      run: gofmt -d -e . | (! grep ^)
      
    - name: Run go vet
      run: go vet ./...
      
    - name: Install ineffassign
      run: go install github.com/gordonklaus/ineffassign@latest
      
    - name: Run ineffassign
      run: ineffassign ./...
      
    - name: Install misspell
      run: go install github.com/client9/misspell/cmd/misspell@latest
      
    - name: Run misspell
      run: misspell -error .

  analyze:
    # Require successful build to make sure analysis does not fail on syntax errors.
    needs: build
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Set up Go
        uses: actions/setup-go@v4
        with:
          go-version-file: go.mod

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        with:
          languages: go
          queries: +security-and-quality

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2