mirrors/git-get
6
0
Fork 0
mirror of https://github.com/grdl/git-get.git synced 2026-02-04 12:46:46 +00:00
Code Activity

Update GitHub actions workflows

Browse Source
This commit is contained in:
Grzegorz Dlugoszewski
2025-08-11 22:42:10 +02:00
parent 6215297f4b
commit a4b92d5c9d
8 changed files with 422 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,39 @@
version: 2
updates:
# Go modules
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
open-pull-requests-limit: 5
reviewers:
- "grdl"
assignees:
- "grdl"
commit-message:
prefix: "deps"
include: "scope"
labels:
- "dependencies"
- "go"
# GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "09:00"
open-pull-requests-limit: 3
reviewers:
- "grdl"
assignees:
- "grdl"
commit-message:
prefix: "ci"
include: "scope"
labels:
- "dependencies"
- "github-actions"

19
.github/workflows/build.yml vendored
View File

@@ -1,19 +0,0 @@
name: build
on:
- pull_request
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
- name: Set up Git
run: git config --global user.email "grdl@example.com" && git config --global user.name "grdl"
- name: Run go test
run: CGO_ENABLED=0 GOOS=linux go test ./... -v

137
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,137 @@
name: CI
on:
push:
branches: [master, main]
pull_request:
branches: [master, main]
permissions:
contents: read
security-events: write
jobs:
test:
name: Test
strategy:
matrix:
go-version: ['1.24']
os: [ubuntu-latest, windows-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
- name: Download dependencies
run: go mod download
- name: Verify dependencies
run: go mod verify
- name: Set up Git (for tests)
run: |
git config --global user.email "test@example.com"
git config --global user.name "CI Test"
- name: Run tests with coverage
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
- name: Upload coverage to Codecov
if: matrix.os == 'ubuntu-latest' && matrix.go-version == '1.24'
uses: codecov/codecov-action@v4
with:
file: ./coverage.out
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
cache: true
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
args: --timeout=5m
security:
name: Security
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
cache: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
build:
name: Build
needs: [test, lint, security]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
cache: true
- name: Build binaries
run: |
go build -v -o bin/git-get ./cmd/get
go build -v -o bin/git-list ./cmd/list
- name: Test binaries
run: |
./bin/git-get --version
./bin/git-list --version
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: binaries
path: bin/
retention-days: 30

71
.github/workflows/codeql-analysis.yml vendored
View File

@@ -1,71 +0,0 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ master ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ master ]
schedule:
- cron: '34 21 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

46
.github/workflows/codeql.yml vendored Normal file
View File

@@ -0,0 +1,46 @@
name: "CodeQL Security Analysis"
on:
push:
branches: [master, main]
pull_request:
branches: [master, main]
schedule:
- cron: '30 2 * * 1' # Run weekly on Mondays at 2:30 AM UTC
permissions:
actions: read
contents: read
security-events: write
jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-latest
timeout-minutes: 360
strategy:
fail-fast: false
matrix:
include:
- language: go
build-mode: autobuild
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# Enable additional security-and-quality query pack
queries: +security-and-quality
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

24
.github/workflows/release-simple.yml vendored Normal file
View File

@@ -0,0 +1,24 @@
name: release
on:
push:
tags:
- '*'
jobs:
goreleaser:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_TOKEN }}

60
.github/workflows/release.yml vendored
View File

@@ -1,20 +1,63 @@
name: release
name: Release
on:
push:
tags:
- '*'
- 'v*'
permissions:
contents: write
security-events: write
id-token: write # For SLSA provenance
jobs:
goreleaser:
validate:
name: Validate Release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
cache: true
- name: Run tests
run: go test -race ./...
- name: Run lints
uses: golangci/golangci-lint-action@v6
with:
version: latest
- name: Validate GoReleaser config
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: check
release:
name: GoReleaser
runs-on: ubuntu-latest
needs: validate
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
cache: true
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
@@ -22,3 +65,14 @@ jobs:
args: release --clean
env:
GITHUB_TOKEN: ${{ secrets.GORELEASER_TOKEN }}
provenance:
name: Generate SLSA Provenance
needs: release
if: startsWith(github.ref, 'refs/tags/')
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: "${{ needs.release.outputs.hashes }}"
upload-assets: true
secrets:
registry-password: ${{ secrets.GITHUB_TOKEN }}

119
.golangci.yml Normal file
View File

@@ -0,0 +1,119 @@
run:
timeout: 5m
go: '1.24'
linters-settings:
errcheck:
check-type-assertions: true
check-blank: true
govet:
enable-all: true
disable:
- shadow
gocyclo:
min-complexity: 15
dupl:
threshold: 100
goconst:
min-len: 3
min-occurrences: 3
lll:
line-length: 120
unparam:
check-exported: false
nakedret:
max-func-lines: 30
prealloc:
simple: true
range-loops: true
for-loops: false
gocritic:
enabled-tags:
- diagnostic
- experimental
- opinionated
- performance
- style
funlen:
lines: 100
statements: 50
godox:
keywords:
- NOTE
- OPTIMIZE
- HACK
dogsled:
max-blank-identifiers: 2
whitespace:
multi-if: false
multi-func: false
linters:
disable-all: true
enable:
- bodyclose
- depguard
- dogsled
- dupl
- errcheck
- exportloopref
- funlen
- gochecknoinits
- goconst
- gocritic
- gocyclo
- gofmt
- goimports
- goprintffuncname
- gosec
- gosimple
- govet
- ineffassign
- lll
- misspell
- nakedret
- noctx
- nolintlint
- revive
- staticcheck
- stylecheck
- typecheck
- unconvert
- unparam
- unused
- whitespace
issues:
exclude-rules:
- path: _test\.go
linters:
- gomnd
- funlen
- goconst
- path: pkg/git/test/
linters:
- gomnd
- goconst
exclude-use-default: false
max-issues-per-linter: 0
max-same-issues: 0
output:
format: colored-line-number
print-issued-lines: true
print-linter-name: true