Skip to content
CI

fix: rewrite golangci-lint config in proper v2 format #121

Sign in to view logs

fix: rewrite golangci-lint config in proper v2 format

fix: rewrite golangci-lint config in proper v2 format #121

Workflow file for this run

.github/workflows/ci.yml at 812ccdd
name: CI
on:
push:
branches: [ main, v0.9.0-release, v0.9.10-release ]
pull_request:
branches: [ main, v0.9.0-release, v0.9.10-release ]
workflow_dispatch:
inputs:
run_all:
description: 'Run all jobs'
default: 'false'
required: false
type: boolean
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
cache: true
- name: Get dependencies
run: |
go mod download
go mod verify
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v7
with:
version: v2.10.1
args: --timeout 5m
- name: Check license headers
run: ./scripts/check-license-headers.sh
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
cache: true
- name: Get dependencies
run: |
go mod download
go mod verify
- name: Run govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-input: '1.22'
go-package: ./...
- name: Install gosec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run gosec
run: gosec -fmt=sarif -out=gosec-results.sarif ./...
continue-on-error: true # Don't fail the build yet
- name: Install nancy
run: |
curl -sSfL https://raw.githubusercontent.com/sonatype-nexus-community/nancy/main/scripts/install-nancy.sh | sh -s -- -b $(go env GOPATH)/bin
- name: Run nancy
run: go list -json -m all | nancy sleuth
continue-on-error: true # Don't fail the build yet
- name: Upload gosec results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: gosec-results.sarif
category: gosec
- name: Check gosec issues
run: |
if [ -f gosec-results.sarif ]; then
ISSUES=$(jq '.runs[0].results | length' gosec-results.sarif || echo "0")
if [ "$ISSUES" -gt 0 ]; then
echo "gosec found $ISSUES potential security issues"
exit 1
else
echo "No security issues found by gosec"
fi
else
echo "No gosec results found"
exit 1
fi
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
cache: true
- name: Get dependencies
run: |
go mod download
go mod verify
- name: Run tests with coverage
run: go test -race -coverprofile=coverage.txt -covermode=atomic ./...
- name: Run connection pool integration tests
run: go test -v ./pkg/connection_pools_test.go
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.txt
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ['1.22', '1.23']
steps:
- uses: actions/checkout@v4
- name: Set up Go ${{ matrix.go-version }}
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
- name: Get dependencies
run: |
go mod download
go mod verify
- name: Build
run: go build -v ./pkg/...
- name: Verify package exports
run: ./scripts/verify_exports.sh
- name: Run API availability tests
run: go test -v ./pkg/core/http/...
integration:
name: Integration Tests
runs-on: ubuntu-latest
needs: [build, lint]
# Only run when explicitly triggered or on main builds
if: github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.22'
cache: true
- name: Get dependencies
run: |
go mod download
go mod verify
- name: Run integration tests
run: ./scripts/run_integration_tests.sh
env:
SKIP_INTEGRATION: ${{ secrets.SKIP_INTEGRATION || 'true' }}
GLOBUS_CLIENT_ID: ${{ secrets.GLOBUS_CLIENT_ID }}
GLOBUS_CLIENT_SECRET: ${{ secrets.GLOBUS_CLIENT_SECRET }}