Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: ci

on:
push:
branches: [main]
pull_request:
branches: [main]

permissions:
contents: read

jobs:
test:
name: test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- name: go vet
run: go vet ./...

- name: go test
run: go test ./... -race -coverprofile=coverage.out -covermode=atomic

- name: upload coverage
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage.out
retention-days: 7

lint:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- uses: golangci/golangci-lint-action@v9
with:
version: v2.12

build:
name: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true

- run: go build ./...
69 changes: 69 additions & 0 deletions .github/workflows/security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: security

on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 6 * * 1'

permissions:
contents: read
security-events: write

jobs:
gosec:
name: gosec
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Run gosec
uses: securego/gosec@v2.26.1
with:
args: '-no-fail -fmt sarif -out gosec.sarif ./...'

- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: gosec.sarif
category: gosec

govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: 'stable'
cache: true

- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest

- name: Run govulncheck
run: govulncheck ./...

trivy:
name: trivy-fs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@v0.36.0
with:
scan-type: fs
format: sarif
output: trivy.sarif
ignore-unfixed: true
severity: CRITICAL,HIGH

- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: trivy.sarif
category: trivy
42 changes: 42 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
version: "2"

run:
timeout: 5m
tests: true

linters:
default: none
enable:
- bodyclose
- errcheck
- gocritic
- govet
- ineffassign
- misspell
- nilerr
- prealloc
- revive
- staticcheck
- unconvert
- unused
settings:
govet:
enable-all: true
disable:
- fieldalignment
gocritic:
enabled-tags:
- diagnostic
- performance
- style
exclusions:
rules:
- path: _test\.go
linters:
- errcheck
- prealloc

formatters:
enable:
- gofmt
- goimports
24 changes: 24 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
.PHONY: test lint security build tidy cover

test:
go test ./... -race -cover

cover:
go test ./... -race -coverprofile=coverage.out -covermode=atomic
go tool cover -func=coverage.out

build:
go build ./...

tidy:
go mod tidy

lint:
@which golangci-lint > /dev/null || (echo "install golangci-lint: https://golangci-lint.run" && exit 1)
golangci-lint run

security:
@which gosec > /dev/null || go install github.com/securego/gosec/v2/cmd/gosec@latest
gosec ./...
@which govulncheck > /dev/null || go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
Loading
Loading