Skip to content

Commit

Permalink
update GH actions
Browse files Browse the repository at this point in the history
Signed-off-by: Jay Pipes <[email protected]>
  • Loading branch information
jaypipes committed Jun 21, 2024
1 parent c0c72de commit b215c88
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 5 deletions.
36 changes: 36 additions & 0 deletions .github/workflows/fmtcheck.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: fmtcheck

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

permissions:
contents: read

jobs:
fmtcheck:
runs-on: ubuntu-latest
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
- name: checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.21
- name: check fmt
run: 'bash -c "diff -u <(echo -n) <(gofmt -d .)"'
41 changes: 41 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: lint

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

permissions:
contents: read
pull-requests: read # needed for only-new-issues option below

jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: harden runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
- name: checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.21
- name: lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: v1.59.1
args: --timeout=5m0s --verbose
only-new-issues: true
14 changes: 9 additions & 5 deletions .github/workflows/gate-tests.yml → .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,19 +18,20 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
Expand All @@ -47,19 +48,22 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
disable-sudo: false
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
storage.googleapis.com:443
*.docker.io:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
Expand Down

0 comments on commit b215c88

Please sign in to comment.