Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
name: CI

on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

concurrency:
group: ci-${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true

jobs:
build:
name: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- run: go vet ./...
- run: go build ./...

test:
name: test (warn-only)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Unit tests with race detector
run: |
go test -race -shuffle=on -count=1 -timeout=15m \
-coverprofile=coverage.out -covermode=atomic ./...
- name: Upload coverage profile
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage.out
if-no-files-found: ignore

lint:
name: lint (warn-only)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- uses: golangci/golangci-lint-action@v6
with:
version: v1.61.0
args: --timeout=5m

coverage:
name: coverage (warn-only)
needs: test
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: Download coverage profile
uses: actions/download-artifact@v4
with:
name: coverage
- name: Enforce coverage thresholds
run: |
go install github.com/vladopajic/go-test-coverage/v2@v2.11.4
go-test-coverage --config .testcoverage.yml

vulncheck:
name: vulncheck (warn-only)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...

gosec:
name: gosec (warn-only)
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: true
- name: gosec
run: |
go install github.com/securego/gosec/v2/cmd/gosec@v2.21.4
gosec -quiet -severity=medium -confidence=medium ./...
Loading