Merge pull request #5 from matsest/dependabot/go_modules/golang-other… #64
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - '**/*.go' | |
| - '**/go.mod' | |
| - '**/go.sum' | |
| - '**/*.sh' | |
| - '.github/workflows/test.yml' | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - '**/*.go' | |
| - '**/go.mod' | |
| - '**/go.sum' | |
| - '**/*.sh' | |
| - '.github/workflows/test.yml' | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.26.2' | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Check formatting | |
| run: | | |
| if [ "$(gofmt -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files need formatting:" | |
| gofmt -l . | |
| exit 1 | |
| fi | |
| - name: Check for sensitive data in Log() calls | |
| run: | | |
| # Per AGENTS.md privacy guidelines - never log sensitive data | |
| # Check for sensitive variable names being passed as arguments to Log() | |
| # Safe boolean indicators (e.g., has_upn=%v) are allowed | |
| # Excludes test files (where we intentionally test for violations) | |
| # Pattern explanation: | |
| # - Find lines with Log( calls | |
| # - Exclude test files and safe boolean patterns (has_*) | |
| # - Look for sensitive variable names as actual arguments (not in format strings) | |
| violations=$(grep -rn 'utils\.Log\|Log(' --include="*.go" . | \ | |
| grep -v "_test.go" | \ | |
| grep -vE "(has_upn|has_subscription|has_tenant|has_resource|has_object|has_display)" | \ | |
| grep -E "\b(userPrincipalName|subscriptionID|tenantID|resourceID|objectID|displayName)\b" || true) | |
| if [ -n "$violations" ]; then | |
| echo "ERROR: Potential sensitive data logging detected:" | |
| echo "$violations" | |
| echo "" | |
| echo "Per AGENTS.md privacy guidelines, debug logs must not contain:" | |
| echo " - User Principal Names (UPN/email addresses)" | |
| echo " - Display names" | |
| echo " - Tenant IDs or Object IDs" | |
| echo " - Resource IDs (full Azure resource IDs, subscription IDs, resource group IDs)" | |
| echo "" | |
| echo "Use safe alternatives:" | |
| echo " ✓ has_upn=%v (boolean indicator)" | |
| echo " ✓ Found at index 5 (position instead of ID)" | |
| echo " ✓ Loaded 20 subscriptions (count)" | |
| echo " ✓ resource-1 (anonymized identifier)" | |
| exit 1 | |
| fi | |
| echo "✓ No sensitive data logging patterns detected" | |
| - name: Run tests | |
| run: make test-ci | |
| - name: Install tmux | |
| run: sudo apt-get update && sudo apt-get install -y tmux | |
| - name: Run integration tests | |
| run: make test-integration | |
| - name: Print version info | |
| run: ./lazyazure --version | |
| - name: Run tests with race detector | |
| run: make test-race |