Skip to content

chore(deps): bump step-security/harden-runner from 2.8.0 to 2.10.1 (#… #128

chore(deps): bump step-security/harden-runner from 2.8.0 to 2.10.1 (#…

chore(deps): bump step-security/harden-runner from 2.8.0 to 2.10.1 (#… #128

Workflow file for this run

name: Go Report Card
on:
push:
branches:
- main
pull_request:
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
goreportcard:
strategy:
matrix:
go: ['stable']
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
with:
egress-policy: audit
- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: ${{ matrix.go }}
cache: false
- name: Checkout gojp/goreportcard repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: gojp/goreportcard
path: goreportcard
- name: Install goreportcard-cli
# goreportcard-cli requires the following linters:
# 1. gometalinter
# 2. golint
# 3. gocyclo
# 4. ineffassign
# 5. misspell
# among which, the linter gometalinter is deprecated. However, goreportcard repo has a vendor version of it.
# Hence installing from the repo instead of `go install`. Refer https://github.com/gojp/goreportcard/issues/301
run: |
cd goreportcard
# Install prerequisite linter binaries: gometalinter, golint, gocyclo, ineffassign & misspell
# Refer: https://github.com/gojp/goreportcard?tab=readme-ov-file#command-line-interface
make install
# Install goreportcard-cli binary
go install ./cmd/goreportcard-cli
- name: Checkout Boeing/config-file-validator repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run goreportcard
run: |
# Failure threshold is set to 100% to fail at any errors. Default is 75%.
goreportcard-cli -t 100