fix(security): replace deprecated libraries. #142
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go | |
on: | |
push: | |
tags: | |
- v* | |
branches: | |
- main | |
paths: | |
- ".golangci.yml" | |
- ".goreleaser.yaml" | |
- "**.go" | |
- ".github/workflows/go.yml" | |
pull_request: | |
paths: | |
- ".golangci.yml" | |
- ".goreleaser.yaml" | |
- "**.go" | |
- ".github/workflows/go.yml" | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
permissions: # added using https://github.com/step-security/secure-repo | |
contents: read | |
jobs: | |
# Check if there any dirty change for go mod tidy | |
go-mod: | |
name: "Check go modules declaration" | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
steps: | |
- | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | |
with: | |
disable-sudo: true | |
disable-telemetry: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
objects.githubusercontent.com:443 | |
github.com:443 | |
proxy.golang.org:443 | |
raw.githubusercontent.com:443 | |
storage.googleapis.com:443 | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: "1.22" | |
- | |
name: Checkout code | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Check go mod and go.sum | |
run: | | |
go mod tidy -v | |
git --no-pager diff go.mod go.sum | |
git --no-pager diff --quiet go.mod go.sum | |
# Try compiple all binaries first | |
compile-dryrun: | |
name: "Compile" | |
strategy: | |
fail-fast: true | |
matrix: | |
go-version: | |
- "1.21" | |
- "1.22" | |
permissions: | |
actions: write | |
runs-on: ubuntu-latest | |
needs: [go-mod, golangci-lint] | |
steps: | |
- | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | |
with: | |
disable-sudo: true | |
disable-telemetry: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
proxy.golang.org:443 | |
raw.githubusercontent.com:443 | |
storage.googleapis.com:443 | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Set up Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: ${{ matrix.go-version }} | |
check-latest: true | |
- | |
name: Cache Go modules | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-${{ matrix.go-version }}- | |
- | |
name: Fetch dependencies | |
run: go mod download | |
- | |
name: Build Harp | |
run: | | |
go mod vendor && go build -mod=vendor -o bin/harp zntr.io/harp/v2/cmd/harp | |
# Run golangci-lint | |
golangci-lint: | |
name: "GolangCI-lint" | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
steps: | |
- | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | |
with: | |
disable-sudo: true | |
disable-telemetry: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
proxy.golang.org:443 | |
raw.githubusercontent.com:443 | |
storage.googleapis.com:443 | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: '1.22' | |
- | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Lint code | |
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 | |
with: | |
version: v1.55.2 | |
working-directory: . | |
only-new-issues: false | |
args: --timeout=10m | |
tests-on-linux: | |
name: "Tests (linux)" | |
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors | |
runs-on: ubuntu-latest | |
permissions: | |
actions: write | |
steps: | |
- | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 | |
with: | |
disable-sudo: true | |
disable-telemetry: true | |
egress-policy: block | |
allowed-endpoints: > | |
api.github.com:443 | |
github.com:443 | |
objects.githubusercontent.com:443 | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: '1.22' # test only the latest go version to speed up CI | |
- | |
name: Cache Go modules | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- | |
name: Fetch dependencies | |
run: go mod download | |
- | |
name: Setup gotestsum | |
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0 | |
with: | |
gotestsum_version: '1.11.0' | |
- | |
name: Run tests | |
run: gotestsum --format short-verbose ./pkg/... | |
tests-on-windows: | |
name: "Tests (windows)" | |
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors | |
runs-on: windows-latest | |
permissions: | |
actions: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: '1.22' # test only the latest go version to speed up CI | |
- | |
name: Cache Go modules | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- | |
name: Fetch dependencies | |
run: go mod download | |
- | |
name: Setup gotestsum | |
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0 | |
with: | |
gotestsum_version: '1.11.0' | |
- | |
name: Run tests | |
run: gotestsum --format short-verbose ./pkg/... | |
tests-on-macos: | |
name: "Tests (darwin)" | |
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors | |
runs-on: macos-latest | |
permissions: | |
actions: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
with: | |
egress-policy: audit | |
- | |
name: Cancel previous workflows | |
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0 | |
with: | |
access_token: ${{ secrets.GITHUB_TOKEN }} | |
- | |
name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- | |
name: Install Go | |
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 | |
with: | |
go-version: '' # test only the latest go version to speed up CI | |
- | |
name: Cache Go modules | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ~/go/pkg/mod | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- | |
name: Fetch dependencies | |
run: go mod download | |
- | |
name: Setup gotestsum | |
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0 | |
with: | |
gotestsum_version: '1.11.0' | |
- | |
name: Run tests | |
run: gotestsum --format short-verbose ./pkg/... |