diff --git a/.github/actions/setup-go/action.yml b/.github/actions/setup-go/action.yml new file mode 100644 index 0000000..e01ef74 --- /dev/null +++ b/.github/actions/setup-go/action.yml @@ -0,0 +1,24 @@ +name: Setup Go +description: | + Setup Go + +inputs: + go-version: + description: Used Go version + default: '1.19' + +runs: + using: "composite" + steps: + - id: go-version + run: | + echo "Go version is set to ${{ inputs.go-version }}" + echo "GO_VERSION=${{ inputs.go-version }}" >> $GITHUB_ENV + shell: bash + - id: go-setup + uses: actions/setup-go@v3 + with: + go-version: ${{ env.GO_VERSION }} + - run: | + go mod download + shell: bash diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 7b4c4d3..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Set Go version - -env: - GO_VERSION: 1.19 - -on: - workflow_call: - outputs: - GO_VERSION: - description: Used Go version - value: ${{ jobs.set-go-version.outputs.GO_VERSION }} - -jobs: - set-go-version: - name: Set Go version - runs-on: ubuntu-latest - permissions: - contents: none - outputs: - GO_VERSION: ${{ steps.go-version.outputs.GO_VERSION }} - steps: - - name: Get Go version - run: | - echo "Go version is set to ${{ env.GO_VERSION }}" - - name: Set Go version - id: go-version - run: | - echo "::set-output name=GO_VERSION::${{ env.GO_VERSION }}" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml new file mode 100644 index 0000000..815fd76 --- /dev/null +++ b/.github/workflows/lint.yaml @@ -0,0 +1,26 @@ +name: Lint + +on: + pull_request: + push: + branches: + - 'master' + release: + types: [ published ] + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + continue-on-error: true + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Install Go + uses: ./.github/actions/setup-go + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3 + with: + version: v1.50.1 diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml deleted file mode 100644 index 0b394bf..0000000 --- a/.github/workflows/linter.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: golangci-lint - -on: - pull_request: - push: - branches: - - 'master' - release: - types: [ published ] - -jobs: - set-go-version: - name: Set Go version - uses: ./.github/workflows/go.yml - - golangci: - name: Linter - needs: [ set-go-version ] - runs-on: ubuntu-latest - continue-on-error: true - permissions: - contents: read - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: ${{ needs.set-go-version.outputs.GO_VERSION }} - - name: golangci-lint - uses: golangci/golangci-lint-action@v3 - with: - version: v1.48.0 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f7c4a28..0199f8a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,4 +1,4 @@ -name: tests +name: Test on: pull_request: @@ -9,23 +9,16 @@ on: types: [ published ] jobs: - set-go-version: - name: Set Go version - uses: ./.github/workflows/go.yml - go-test: name: Run Go test - needs: [ set-go-version ] runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout repository uses: actions/checkout@v3 - - name: Set up Go - uses: actions/setup-go@v3 - with: - go-version: ${{ needs.set-go-version.outputs.GO_VERSION }} + - name: Install Go + uses: ./.github/actions/setup-go - name: Run Go tests with coverage run: | go test -race -coverprofile=coverage.out -covermode=atomic ./... diff --git a/.github/workflows/vuln-scan.yaml b/.github/workflows/vuln-scan.yaml new file mode 100644 index 0000000..3433710 --- /dev/null +++ b/.github/workflows/vuln-scan.yaml @@ -0,0 +1,33 @@ +name: Vulnerability scan + +on: + pull_request: + push: + branches: + - 'master' + release: + types: [ published ] + +jobs: + vulnerability-scan: + name: Vulnerability scan + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Install Go + uses: ./.github/actions/setup-go + - name: Install govulncheck + run: | + go install golang.org/x/vuln/cmd/govulncheck@latest + - name: Run govulncheck + run: | + govulncheck ./... + - name: Install OSV Scanner + run: | + go install github.com/google/osv-scanner/cmd/osv-scanner@v1 + - name: Run OSV Scanner + run: | + osv-scanner -r .