checks.yaml

name: Checks
on:
  push:
    tags:
      - v*
    branches:
      - main
  pull_request:

permissions:
  checks: write
  contents: read

jobs:
  checks:
    name: Checks
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'
      - run: go mod edit -json | jq -r .Go | echo "GO_VERSION_FROM_PROJECT=$(cut -d' ' -f2)" >>${GITHUB_ENV}
      - name: Dependency Review
        uses: actions/dependency-review-action@v4
        with:
          base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
          deny-licenses: AGPL-1.0, AGPL-3.0, GPL-1.0, GPL-2.0, GPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, BUSL-1.1
          fail-on-severity: moderate
          head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
      - name: Run govulncheck
        uses: golang/govulncheck-action@v1
        with:
          go-version-input: "${{ env.GO_VERSION_FROM_PROJECT }}"
      - name: Check for spelling errors
        uses: reviewdog/action-misspell@v1
        with:
          fail_on_error: true
          github_token: ${{ secrets.GITHUB_TOKEN }}
          ignore: importas
          reporter: github-check
      - name: Check if source code files have license header
        run: |
          shopt -s globstar
          go install github.com/google/addlicense@latest
          addlicense --check -- **/*.go