Skip to content

use network:app:appID:pubKey for subject #201

use network:app:appID:pubKey for subject

use network:app:appID:pubKey for subject #201

Workflow file for this run

name: ci
env:
commit_msg: ""
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch: {}
# Inputs are available under: github.event.inputs.{name}
# inputs:
# name:
# description: 'Variable description'
# required: true
# default: 'default value here'
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch
jobs:
# Scan direct Go dependencies for known vulnerabilities
scan:
name: scan for vulnerabilities
runs-on: ubuntu-latest
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.21.x
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# List direct dependencies
- name: List dependencies
run: go list -mod=readonly -f '{{if not .Indirect}}{{.}}{{end}}' -m all > go.list
# Scan dependencies using Nancy
# Can be excluded if the commit message contains: [scan-deps skip]
# https://github.com/sonatype-nexus-community/nancy-github-action
- name: Scan dependencies
id: scan-deps
if: ${{ !contains(env.commit_msg, '[scan-deps skip]') }}
uses: sonatype-nexus-community/nancy-github-action@v1.0.2
# Validate the protocol buffer definitions on the project
# using 'buf'. Remove if not required.
protos:
name: validate protobuf definitions
needs: scan
runs-on: ubuntu-latest
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.21.x
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# Setup buf
- name: Setup buf
id: buf-setup
uses: bufbuild/buf-setup-action@v1.29.0
with:
version: 1.29.0
github_token: ${{ github.token }}
# Static analysis
- name: Static analysis
id: buf-lint
uses: bufbuild/buf-lint-action@v1.0.3
if: ${{ steps.buf-setup.outcome == 'success' }}
# Detect breaking changes
- name: Detect breaking changes
id: buf-breaking
uses: bufbuild/buf-breaking-action@v1.1.2
if: steps.buf-lint.outcome == 'success' && !contains(env.commit_msg, '[buf-breaking skip]')
with:
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.repository.default_branch }}"
env:
BUF_INPUT_HTTPS_USERNAME: ${{ github.actor }}
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.ACCESS_TOKEN }}
# Runs on every push and pull request on the selected branches.
# Can also be executed manually.
test:
name: code quality and correctness
needs: protos
strategy:
matrix:
go-version: [1.19.x, 1.20.x, 1.21.x]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 15
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# Style consistency and static analysis using 'golangci-lint'
# https://github.com/marketplace/actions/run-golangci-lint
- name: Static analysis
uses: golangci/golangci-lint-action@v3
with:
version: v1.54.2
# Run unit tests
- name: Test
run: make test
# Ensure project compile and build successfully
- name: Build
run: make build-for os=linux arch=amd64
# Save artifacts
- name: Save artifacts
uses: actions/upload-artifact@v3
with:
name: assets
path: |
coverage.html