use network:app:appID:pubKey for subject #201
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
env: | |
commit_msg: "" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: {} | |
# Inputs are available under: github.event.inputs.{name} | |
# inputs: | |
# name: | |
# description: 'Variable description' | |
# required: true | |
# default: 'default value here' | |
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch | |
jobs: | |
# Scan direct Go dependencies for known vulnerabilities | |
scan: | |
name: scan for vulnerabilities | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# List direct dependencies | |
- name: List dependencies | |
run: go list -mod=readonly -f '{{if not .Indirect}}{{.}}{{end}}' -m all > go.list | |
# Scan dependencies using Nancy | |
# Can be excluded if the commit message contains: [scan-deps skip] | |
# https://github.com/sonatype-nexus-community/nancy-github-action | |
- name: Scan dependencies | |
id: scan-deps | |
if: ${{ !contains(env.commit_msg, '[scan-deps skip]') }} | |
uses: sonatype-nexus-community/nancy-github-action@v1.0.2 | |
# Validate the protocol buffer definitions on the project | |
# using 'buf'. Remove if not required. | |
protos: | |
name: validate protobuf definitions | |
needs: scan | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# Setup buf | |
- name: Setup buf | |
id: buf-setup | |
uses: bufbuild/buf-setup-action@v1.29.0 | |
with: | |
version: 1.29.0 | |
github_token: ${{ github.token }} | |
# Static analysis | |
- name: Static analysis | |
id: buf-lint | |
uses: bufbuild/buf-lint-action@v1.0.3 | |
if: ${{ steps.buf-setup.outcome == 'success' }} | |
# Detect breaking changes | |
- name: Detect breaking changes | |
id: buf-breaking | |
uses: bufbuild/buf-breaking-action@v1.1.2 | |
if: steps.buf-lint.outcome == 'success' && !contains(env.commit_msg, '[buf-breaking skip]') | |
with: | |
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.repository.default_branch }}" | |
env: | |
BUF_INPUT_HTTPS_USERNAME: ${{ github.actor }} | |
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.ACCESS_TOKEN }} | |
# Runs on every push and pull request on the selected branches. | |
# Can also be executed manually. | |
test: | |
name: code quality and correctness | |
needs: protos | |
strategy: | |
matrix: | |
go-version: [1.19.x, 1.20.x, 1.21.x] | |
os: [ubuntu-latest] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 15 | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go-version }} | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# Style consistency and static analysis using 'golangci-lint' | |
# https://github.com/marketplace/actions/run-golangci-lint | |
- name: Static analysis | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.54.2 | |
# Run unit tests | |
- name: Test | |
run: make test | |
# Ensure project compile and build successfully | |
- name: Build | |
run: make build-for os=linux arch=amd64 | |
# Save artifacts | |
- name: Save artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: assets | |
path: | | |
coverage.html |