-
Notifications
You must be signed in to change notification settings - Fork 2
158 lines (133 loc) · 5.51 KB
/
pushes.yaml
File metadata and controls
158 lines (133 loc) · 5.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Actions CI
# This `name:` is used in the badge.svg rendering in the README.md.
permissions: {}
# Control the GITHUB_TOKEN permissions.
# By having this block, all permissions not listed here are set to none.
# Available permissions listed at:
# <https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token>
# Which API calls need which permissions at what level, listed at:
# <https://docs.github.com/en/rest/reference/permissions-required-for-github-apps>
#
on:
push:
branches-ignore:
- 'exp'
- 'exp/*'
- 'exp-*'
- 'exp_*'
- 'wip'
- 'wip/*'
- 'wip-*'
- 'wip_*'
pull_request:
# We don't want to cancel for a push, but do if superseded by a PR update
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request_number || github.ref }}
cancel-in-progress: true
jobs:
test:
name: Build & Test
runs-on: ubuntu-latest
permissions:
contents: read
# checks: write # uncomment if re-enable the reviewdog/action-staticcheck step
# statuses: write # unsure, I think this was probably a mistake, I don't see anything here using the status API
strategy:
matrix:
include:
- go: 'stable'
canonical: true
# hunspell requires at least Go 1.17
# but we only really need to bother once, so do it on the stable run only
spellcheck: true
- go: 'oldstable'
canonical: false
spellcheck: false
steps:
- name: Install OS packages
run: |
sudo apt-get -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" install -y libhunspell-dev hunspell-en-us
if: matrix.spellcheck
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
# We're not using release process or version stamping which needs Git History in this workflow.
# Thus we do not need to set with.fetch-depth to 0. We can live with a shallow clone.
with:
# security posture improvement:
persist-credentials: false
- name: Set up Go
uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version: ${{ matrix.go }}
check-latest: true
- id: go-settings
name: Export Go environment to Actions outputs
run: |
echo >> "$GITHUB_OUTPUT" "arch=$(go env GOARCH)"
echo >> "$GITHUB_OUTPUT" "hostarch=$(go env GOHOSTARCH)"
echo >> "$GITHUB_OUTPUT" "os=$(go env GOOS)"
echo >> "$GITHUB_OUTPUT" "hostos=$(go env GOHOSTOS)"
echo >> "$GITHUB_OUTPUT" "go-version=$(go env GOVERSION)"
# Use with:
# ${{ steps.go-settings.outputs.go-version }}
# which will look like `go1.17.1` if matrix `1.17.x` matches `1.17.1`.
# These are independent of how the matrix is setup, or if a matrix is even used.
# As of actions/setup-go@v4, go modules and build outputs are cached by default.
# The go module cache has much read-only content and using our own cache
# to restore those areas results in a lot of write errors.
# So we no longer use a manual invocation of actions/cache.
- name: Download all Go dependencies
# nb: `go mod download` is heavyweight and extends beyond the actual dependencies
run: |
go list all
- name: Install additional check/lint tools
run: |
go install github.com/kortschak/gospel@latest
if: matrix.spellcheck
- name: Version / Environment Reporting
run: |
./build/show.versions
- name: Basic Go integrity checks
run: |
t="$(gofmt -s -l .)"
if [ ".$t" != "." ]; then printf 'gofmt would modify files:\n%s\n' "$t"; exit 1; fi
go vet ./...
t="$(go list -m -retracted -f '{{if .Retracted}}::error file=go.mod::{{.Path}} is retracted{{end}}' all)"
if [ ".$t" != "." ]; then printf '%s\n' "$t"; exit 1; fi
- name: Spelling checks
run: |
t="$(gospel .)"
if [ ".$t" != "." ]; then printf 'gospel found spelling issues:\n%s\n' "$t"; exit 1; fi
if: matrix.spellcheck
# This doesn't actually invoke static checks unless in a pull-request
# Leaving present-but-commented-out as an easy reference.
# Revisit the permissions: block if re-enabling this.
# - name: Go static checks
# uses: reviewdog/action-staticcheck@v1
# with:
# filter_mode: nofilter
# fail_on_error: true
# if: matrix.canonical
- name: Go build & test
run: |
go build ./...
go test -v -coverprofile="${RUNNER_TEMP}/profile.cov" -coverpkg ./... ./...
- name: Send coverage
uses: shogo82148/actions-goveralls@25f5320d970fb565100cf1993ada29be1bb196a1 # v1.10.0
with:
path-to-profile: ${{ runner.temp }}/profile.cov
flag-name: ${{ steps.go-settings.outputs.go-version }}
parallel: true
report:
name: Report Results
needs: test
runs-on: ubuntu-latest
steps:
- name: coveralls.io completion notification
uses: shogo82148/actions-goveralls@25f5320d970fb565100cf1993ada29be1bb196a1 # v1.10.0
with:
parallel-finished: true
- name: Notify PT Slack
uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_PT_AUTOBUILDS }}