Skip to content
CI

CI #17

Sign in to view logs

CI

CI #17

Workflow file for this run

.github/workflows/ci.yml at 7ff0f1e
name: CI
on:
push:
branches: [main, develop]
paths-ignore:
- "**.md"
- "LICENSE.txt"
- ".gitignore"
- "context/**"
- "TODO.md"
- "examples/**/README.md"
pull_request:
branches: [main, develop]
paths-ignore:
- "**.md"
- "LICENSE.txt"
- ".gitignore"
- "context/**"
- "TODO.md"
- "examples/**/README.md"
schedule:
# Run security scan weekly on Mondays at 00:00 UTC
- cron: "0 0 * * 1"
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.25"
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-1.25-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-1.25-
- name: Download dependencies
run: go mod download
- name: Verify dependencies
run: go mod verify
- name: Run tests
shell: bash
run: go test ./...
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.25"
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v8
with:
version: latest
args: --timeout=5m
skip-cache: true
format:
name: Format Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.25"
- name: Check formatting
run: |
if [ -n "$(gofmt -s -l .)" ]; then
echo "Code is not formatted. Please run 'gofmt -s -w .'"
gofmt -s -d .
exit 1
fi
trivy:
name: Vulnerability Scan (Trivy)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH,MEDIUM"
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: moderate
govulncheck:
name: Go Vulnerability Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.25"
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Run govulncheck
run: govulncheck $(go list ./... | grep -v '/examples/' | grep -v '/test/')