Skip to content

chore(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 (#231) #99

chore(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 (#231)

chore(deps): bump step-security/harden-runner from 2.4.1 to 2.5.0 (#231) #99

Workflow file for this run

name: Go
on:
push:
tags:
- v*
branches:
- main
paths:
- ".golangci.yml"
- ".goreleaser.yaml"
- "**.go"
- ".github/workflows/go.yml"
pull_request:
paths:
- ".golangci.yml"
- ".goreleaser.yaml"
- "**.go"
- ".github/workflows/go.yml"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
# Check if there any dirty change for go mod tidy
go-mod:
name: "Check go modules declaration"
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
objects.githubusercontent.com:443
github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Install Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: "1.20"
-
name: Checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Check go mod and go.sum
run: |
go mod tidy -v
git --no-pager diff go.mod go.sum
git --no-pager diff --quiet go.mod go.sum
# Try compiple all binaries first
compile-dryrun:
name: "Compile"
strategy:
fail-fast: true
matrix:
go-version:
- "1.19"
- "1.20"
permissions:
actions: write
runs-on: ubuntu-latest
needs: [go-mod, golangci-lint]
steps:
-
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Set up Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go-version }}
check-latest: true
-
name: Cache Go modules
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ matrix.go-version }}-
-
name: Fetch dependencies
run: go mod download
-
name: Build Harp
run: |
go mod vendor && go build -mod=vendor -o bin/harp zntr.io/harp/v2/cmd/harp
# Run golangci-lint
golangci-lint:
name: "GolangCI-lint"
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Install Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: '1.20'
-
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Lint code
uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
with:
version: v1.53.1
working-directory: .
only-new-issues: false
args: --timeout=10m
tests-on-linux:
name: "Tests (linux)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Install Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: '1.20' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.9.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...
tests-on-windows:
name: "Tests (windows)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: windows-latest
permissions:
actions: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Install Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: '1.20' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.9.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...
tests-on-macos:
name: "Tests (darwin)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: macos-latest
permissions:
actions: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.5.0
with:
egress-policy: audit
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@b173b6ec0100793626c2d9e6b90435061f4fc3e5 # 0.11.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
name: Install Go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: '1.20' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.9.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...