From cc80472af529a54e875fe46d4064a6ee4560ed96 Mon Sep 17 00:00:00 2001 From: Jay Pipes Date: Fri, 21 Jun 2024 11:03:04 -0400 Subject: [PATCH] update GH actions Signed-off-by: Jay Pipes --- .github/workflows/fmtcheck.yml | 36 ++++++++++++++++ .github/workflows/lint.yml | 41 +++++++++++++++++++ .../workflows/{gate-tests.yml => test.yml} | 16 +++++--- 3 files changed, 87 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/fmtcheck.yml create mode 100644 .github/workflows/lint.yml rename .github/workflows/{gate-tests.yml => test.yml} (76%) diff --git a/.github/workflows/fmtcheck.yml b/.github/workflows/fmtcheck.yml new file mode 100644 index 0000000..51b8e4c --- /dev/null +++ b/.github/workflows/fmtcheck.yml @@ -0,0 +1,36 @@ +name: fmtcheck + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +permissions: + contents: read + +jobs: + fmtcheck: + runs-on: ubuntu-latest + steps: + - name: harden runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: block + disable-sudo: true + allowed-endpoints: > + github.com:443 + api.github.com:443 + proxy.github.com:443 + proxy.golang.org:443 + raw.githubusercontent.com:443 + objects.githubusercontent.com:443 + proxy.golang.org:443 + - name: checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: setup go + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version: 1.21 + - name: check fmt + run: 'bash -c "diff -u <(echo -n) <(gofmt -d .)"' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..50c153f --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,41 @@ +name: lint + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +permissions: + contents: read + pull-requests: read # needed for only-new-issues option below + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: harden runner + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 + with: + egress-policy: block + disable-sudo: true + allowed-endpoints: > + github.com:443 + api.github.com:443 + proxy.github.com:443 + proxy.golang.org:443 + raw.githubusercontent.com:443 + objects.githubusercontent.com:443 + proxy.golang.org:443 + - name: checkout code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: setup go + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + with: + go-version: 1.21 + - name: lint + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + with: + version: v1.59.1 + args: --timeout=5m0s --verbose + only-new-issues: true diff --git a/.github/workflows/gate-tests.yml b/.github/workflows/test.yml similarity index 76% rename from .github/workflows/gate-tests.yml rename to .github/workflows/test.yml index f3f129a..5eea068 100644 --- a/.github/workflows/gate-tests.yml +++ b/.github/workflows/test.yml @@ -18,7 +18,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: harden runner - uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: egress-policy: block disable-sudo: true @@ -26,11 +26,12 @@ jobs: github.com:443 api.github.com:443 proxy.github.com:443 + proxy.golang.org:443 raw.githubusercontent.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 - name: checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: @@ -47,19 +48,22 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: harden runner - uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1 + uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 with: - egress-policy: audit - disable-sudo: false + egress-policy: block + disable-sudo: true allowed-endpoints: > github.com:443 api.github.com:443 proxy.github.com:443 + proxy.golang.org:443 raw.githubusercontent.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 + storage.googleapis.com:443 + docker.io:443 - name: checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: setup go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: