mirror of
https://github.com/FiloSottile/age.git
synced 2025-12-23 05:25:14 +00:00
.github/workflows: update and harden GitHub Actions workflows
This commit is contained in:
Filippo Valsorda
committed by
Filippo Valsorda
Filippo Valsorda
parent
de158f906b
commit
d7409cdc74
5
.github/workflows/build.yml
vendored
5
.github/workflows/build.yml
vendored
@@ -16,19 +16,20 @@ jobs:
|
|||||||
- {GOOS: linux, GOARCH: amd64}
|
- {GOOS: linux, GOARCH: amd64}
|
||||||
- {GOOS: linux, GOARCH: arm, GOARM: 6}
|
- {GOOS: linux, GOARCH: arm, GOARM: 6}
|
||||||
- {GOOS: linux, GOARCH: arm64}
|
- {GOOS: linux, GOARCH: arm64}
|
||||||
- {GOOS: darwin, GOARCH: amd64}
|
|
||||||
- {GOOS: darwin, GOARCH: arm64}
|
- {GOOS: darwin, GOARCH: arm64}
|
||||||
- {GOOS: windows, GOARCH: amd64}
|
- {GOOS: windows, GOARCH: amd64}
|
||||||
- {GOOS: freebsd, GOARCH: amd64}
|
- {GOOS: freebsd, GOARCH: amd64}
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v5
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
persist-credentials: false
|
||||||
- name: Install Go
|
- name: Install Go
|
||||||
uses: actions/setup-go@v5
|
uses: actions/setup-go@v5
|
||||||
with:
|
with:
|
||||||
go-version: 1.x
|
go-version: 1.x
|
||||||
|
cache: false
|
||||||
- name: Build binary
|
- name: Build binary
|
||||||
run: |
|
run: |
|
||||||
cp LICENSE "$RUNNER_TEMP/LICENSE"
|
cp LICENSE "$RUNNER_TEMP/LICENSE"
|
||||||
|
|||||||
42
.github/workflows/ronn.yml
vendored
42
.github/workflows/ronn.yml
vendored
@@ -13,23 +13,23 @@ jobs:
|
|||||||
name: Ronn
|
name: Ronn
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- uses: actions/checkout@v5
|
||||||
uses: actions/checkout@v4
|
with:
|
||||||
- name: Install ronn
|
persist-credentials: false
|
||||||
run: sudo apt-get update && sudo apt-get install -y ronn
|
- uses: geomys/sandboxed-step@v1.2.1
|
||||||
- name: Run ronn
|
with:
|
||||||
run: bash -O globstar -c 'ronn **/*.ronn'
|
persist-workspace-changes: true
|
||||||
- name: Undo email mangling
|
run: |
|
||||||
# rdiscount randomizes the output for no good reason, which causes
|
sudo apt-get update && sudo apt-get install -y ronn
|
||||||
# changes to always get committed. Sigh.
|
bash -O globstar -c 'ronn **/*.ronn'
|
||||||
# https://github.com/davidfstr/rdiscount/blob/6b1471ec3/ext/generate.c#L781-L795
|
# rdiscount randomizes the output for no good reason, which causes
|
||||||
run: |-
|
# changes to always get committed. Sigh.
|
||||||
for f in doc/*.html; do
|
# https://github.com/davidfstr/rdiscount/blob/6b1471ec3/ext/generate.c#L781-L795
|
||||||
awk '/Filippo Valsorda/ { $0 = "<p>Filippo Valsorda <a href=\"mailto:age@filippo.io\" data-bare-link=\"true\">age@filippo.io</a></p>" } { print }' "$f" > "$f.tmp"
|
for f in doc/*.html; do
|
||||||
mv "$f.tmp" "$f"
|
awk '/Filippo Valsorda/ { $0 = "<p>Filippo Valsorda <a href=\"mailto:age@filippo.io\" data-bare-link=\"true\">age@filippo.io</a></p>" } { print }' "$f" > "$f.tmp"
|
||||||
done
|
mv "$f.tmp" "$f"
|
||||||
- name: Upload generated files
|
done
|
||||||
uses: actions/upload-artifact@v4
|
- uses: actions/upload-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: man-pages
|
name: man-pages
|
||||||
path: |
|
path: |
|
||||||
@@ -42,10 +42,10 @@ jobs:
|
|||||||
contents: write
|
contents: write
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- uses: actions/checkout@v5
|
||||||
uses: actions/checkout@v4
|
with:
|
||||||
- name: Download generated files
|
persist-credentials: true
|
||||||
uses: actions/download-artifact@v4
|
- uses: actions/download-artifact@v4
|
||||||
with:
|
with:
|
||||||
name: man-pages
|
name: man-pages
|
||||||
path: doc/
|
path: doc/
|
||||||
|
|||||||
96
.github/workflows/test.yml
vendored
96
.github/workflows/test.yml
vendored
@@ -1,55 +1,79 @@
|
|||||||
name: Go tests
|
name: Go tests
|
||||||
on: [push, pull_request]
|
on:
|
||||||
|
push:
|
||||||
|
pull_request:
|
||||||
|
schedule: # daily at 09:42 UTC
|
||||||
|
- cron: '42 9 * * *'
|
||||||
|
workflow_dispatch:
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
jobs:
|
jobs:
|
||||||
test:
|
test:
|
||||||
name: Test
|
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
go: [1.19.x, 1.x]
|
go:
|
||||||
os: [ubuntu-latest, macos-latest, windows-latest]
|
- { go-version: stable }
|
||||||
|
- { go-version: oldstable }
|
||||||
|
- { go-version-file: go.mod }
|
||||||
|
os:
|
||||||
|
- ubuntu-latest
|
||||||
|
- macos-latest
|
||||||
|
- windows-latest
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
steps:
|
steps:
|
||||||
- name: Install Go ${{ matrix.go }}
|
- uses: actions/checkout@v5
|
||||||
uses: actions/setup-go@v5
|
|
||||||
with:
|
with:
|
||||||
go-version: ${{ matrix.go }}
|
persist-credentials: false
|
||||||
- name: Checkout repository
|
- uses: actions/setup-go@v6
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
go-version: ${{ matrix.go.go-version }}
|
||||||
- name: Run tests
|
go-version-file: ${{ matrix.go.go-version-file }}
|
||||||
run: go test -race ./...
|
- run: |
|
||||||
gotip:
|
go test -race ./...
|
||||||
name: Test (Go tip)
|
test-latest:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
strategy:
|
strategy:
|
||||||
fail-fast: false
|
fail-fast: false
|
||||||
matrix:
|
matrix:
|
||||||
os: [ubuntu-latest, macos-latest, windows-latest]
|
go:
|
||||||
runs-on: ${{ matrix.os }}
|
- { go-version: stable }
|
||||||
|
- { go-version: oldstable }
|
||||||
|
- { go-version-file: go.mod }
|
||||||
steps:
|
steps:
|
||||||
- name: Install bootstrap Go
|
- uses: actions/checkout@v5
|
||||||
uses: actions/setup-go@v5
|
with:
|
||||||
|
persist-credentials: false
|
||||||
|
- uses: actions/setup-go@v6
|
||||||
|
with:
|
||||||
|
go-version: ${{ matrix.go.go-version }}
|
||||||
|
go-version-file: ${{ matrix.go.go-version-file }}
|
||||||
|
- uses: geomys/sandboxed-step@v1.2.1
|
||||||
|
with:
|
||||||
|
run: |
|
||||||
|
go get -u -t ./...
|
||||||
|
go test -race ./...
|
||||||
|
staticcheck:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v5
|
||||||
|
with:
|
||||||
|
persist-credentials: false
|
||||||
|
- uses: actions/setup-go@v6
|
||||||
with:
|
with:
|
||||||
go-version: stable
|
go-version: stable
|
||||||
- name: Install Go tip (UNIX)
|
- uses: geomys/sandboxed-step@v1.2.1
|
||||||
if: runner.os != 'Windows'
|
|
||||||
run: |
|
|
||||||
git clone --filter=tree:0 https://go.googlesource.com/go $HOME/gotip
|
|
||||||
cd $HOME/gotip/src && ./make.bash
|
|
||||||
echo "$HOME/gotip/bin" >> $GITHUB_PATH
|
|
||||||
- name: Install Go tip (Windows)
|
|
||||||
if: runner.os == 'Windows'
|
|
||||||
run: |
|
|
||||||
git clone --filter=tree:0 https://go.googlesource.com/go $HOME/gotip
|
|
||||||
cd $HOME/gotip/src && ./make.bat
|
|
||||||
echo "$HOME/gotip/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
run: go run honnef.co/go/tools/cmd/staticcheck@latest ./...
|
||||||
- run: go version
|
govulncheck:
|
||||||
- name: Run tests
|
runs-on: ubuntu-latest
|
||||||
run: go test -race ./...
|
steps:
|
||||||
|
- uses: actions/checkout@v5
|
||||||
|
with:
|
||||||
|
persist-credentials: false
|
||||||
|
- uses: actions/setup-go@v6
|
||||||
|
with:
|
||||||
|
go-version: stable
|
||||||
|
- uses: geomys/sandboxed-step@v1.2.1
|
||||||
|
with:
|
||||||
|
run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...
|
||||||
|
|||||||
Reference in New Issue
Block a user