Merge pull request #16 from jaypipes/lint

update GH actions
gdt-dev · Jun 21, 2024 · 3e24bea · 3e24bea
2 parents c0c72de + b215c88
commit 3e24bea
Show file tree

Hide file tree

Showing 3 changed files with 86 additions and 5 deletions.
diff --git a/.github/workflows/fmtcheck.yml b/.github/workflows/fmtcheck.yml
@@ -0,0 +1,36 @@
+name: fmtcheck
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+
+jobs:
+  fmtcheck:
+    runs-on: ubuntu-latest
+    steps:
+     - name: harden runner
+       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+       with:
+         egress-policy: block
+         disable-sudo: true
+         allowed-endpoints: >
+           github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           proxy.golang.org:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
+           proxy.golang.org:443
+     - name: checkout code
+       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+     - name: setup go
+       uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+       with:
+         go-version: 1.21
+     - name: check fmt
+       run: 'bash -c "diff -u <(echo -n) <(gofmt -d .)"'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,41 @@
+name: lint
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+permissions:
+  contents: read
+  pull-requests: read # needed for only-new-issues option below
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+     - name: harden runner
+       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+       with:
+         egress-policy: block
+         disable-sudo: true
+         allowed-endpoints: >
+           github.com:443
+           api.github.com:443
+           proxy.github.com:443
+           proxy.golang.org:443
+           raw.githubusercontent.com:443
+           objects.githubusercontent.com:443
+           proxy.golang.org:443
+     - name: checkout code
+       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+     - name: setup go
+       uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+       with:
+         go-version: 1.21
+     - name: lint
+       uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
+       with:
+         version: v1.59.1
+         args: --timeout=5m0s --verbose
+         only-new-issues: true
diff --git a/.github/workflows/gate-tests.yml → .github/workflows/test.yml b/.github/workflows/gate-tests.yml → .github/workflows/test.yml
@@ -18,19 +18,20 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
      - name: harden runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
        with:
          egress-policy: block
          disable-sudo: true
          allowed-endpoints: >
            github.com:443
            api.github.com:443
            proxy.github.com:443
+           proxy.golang.org:443
            raw.githubusercontent.com:443
            objects.githubusercontent.com:443
            proxy.golang.org:443
      - name: checkout code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: setup go
        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with:
@@ -47,19 +48,22 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
      - name: harden runner
-       uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
+       uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
        with:
          egress-policy: audit
-         disable-sudo: false
+         disable-sudo: true
          allowed-endpoints: >
            github.com:443
            api.github.com:443
            proxy.github.com:443
+           proxy.golang.org:443
            raw.githubusercontent.com:443
            objects.githubusercontent.com:443
            proxy.golang.org:443
+           storage.googleapis.com:443
+           *.docker.io:443
      - name: checkout code
-       uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: setup go
        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
        with: