Skip to content

Harden remote plugin installs #3051

Harden remote plugin installs

Harden remote plugin installs #3051

Workflow file for this run

#
# This GitHub action runs basic linting checks for Packer.
#
name: "Go Validate"
on:
push:
branches:
- 'main'
- release/**
pull_request:
permissions:
contents: read
jobs:
get-go-version:
runs-on: ubuntu-latest
outputs:
go-version: ${{ steps.get-go-version.outputs.go-version }}
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: 'Determine Go version'
id: get-go-version
run: |
echo "Found Go $(cat .go-version)"
echo "go-version=$(cat .go-version)" >> $GITHUB_OUTPUT
check-mod-tidy:
needs:
- get-go-version
runs-on: ubuntu-latest
name: Go Mod Tidy
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- run: go mod tidy
check-lint:
needs:
- get-go-version
runs-on: ubuntu-latest
name: Lint
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- run: echo "$GITHUB_SHA"
- run: git fetch --all
- run: echo $(git merge-base origin/main $GITHUB_SHA)
- run: make ci-lint
check-fmt:
needs:
- get-go-version
runs-on: ubuntu-latest
name: Fmt check
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- run: make fmt-check
check-generate:
needs:
- get-go-version
runs-on: ubuntu-latest
name: Generate check
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ needs.get-go-version.outputs.go-version }}
- run: make generate-check