github actions: redo #13
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2022 Marc-Antoine Ruel. All rights reserved. | |
# Use of this source code is governed under the Apache License, Version 2.0 | |
# that can be found in the LICENSE file. | |
on: [push, pull_request] | |
name: Run tests | |
jobs: | |
# Runs go test both with code coverage sent to codecov, race detector and | |
# benchmarks. At the end do a quick check to ensure the tests to not leave | |
# files in the tree. | |
test: | |
name: "test: go${{matrix.gover}}.x/${{matrix.os}}" | |
runs-on: "${{matrix.os}}" | |
continue-on-error: true | |
defaults: | |
run: | |
shell: bash | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
# Do not forget to bump every 6 months! | |
gover: ["1.21"] | |
env: | |
CGO_ENABLED: 0 | |
PYTHONDONTWRITEBYTECODE: x | |
steps: | |
- name: Turn off git core.autocrlf | |
if: matrix.os == 'windows-latest' | |
run: git config --global core.autocrlf false | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "~${{matrix.gover}}.0" | |
- name: 'Check: go test -cover' | |
if: always() | |
run: go test -timeout=5m -covermode=count -coverprofile coverage.txt -bench=. -benchtime=1x ./... | |
# Don't send code coverage if anything failed to reduce spam. | |
- uses: codecov/codecov-action@v3 | |
- name: 'Cleanup' | |
if: always() | |
run: rm coverage.txt | |
- name: 'Check: go test -race' | |
run: go test -timeout=5m -race -bench=. -benchtime=1x ./... | |
env: | |
CGO_ENABLED: 1 | |
- name: 'Install' | |
if: always() | |
run: go install . | |
- name: "Check: go generate doesn't modify files" | |
if: always() | |
run: | | |
go generate ./... | |
# Also test for untracked files. go generate should not generate ignored | |
# files either. | |
TOUCHED=$(git status --porcelain --ignored) | |
if ! test -z "$TOUCHED"; then | |
echo "go generate created these files, please fix:" | |
echo "$TOUCHED" | |
false | |
fi | |
- name: "Check: go mod tidy doesn't modify files" | |
if: always() | |
run: | | |
go mod tidy | |
TOUCHED=$(git status --porcelain --ignored) | |
if ! test -z "$TOUCHED"; then | |
echo "go mod tidy was not clean, please update:" | |
git diff | |
false | |
fi | |
- name: 'go install necessary tools (ubuntu)' | |
if: always() && matrix.os == 'ubuntu-latest' | |
run: | | |
go install github.com/client9/misspell/cmd/misspell@latest | |
go install github.com/google/addlicense@latest | |
- name: 'Check: go vet' | |
if: always() | |
run: go vet -unsafeptr=false ./... | |
# run them on ubuntu-latest since it's the fastest one. | |
- name: 'Check: no executable was committed (ubuntu)' | |
if: always() && matrix.os == 'ubuntu-latest' | |
run: | | |
if find . -path '*.sh' -prune -o \ | |
-path ./.git -prune -o \ | |
-path './internal/sandbox/nsjail-linux-*' -prune -o \ | |
-type f -executable -print | grep -e . ; then | |
echo 'Do not commit executables beside shell scripts' | |
false | |
fi | |
- name: 'Check: addlicense; all sources have a license header (ubuntu)' | |
if: always() && matrix.os == 'ubuntu-latest' | |
run: addlicense -check -ignore 'vendor/**' . | |
- name: "Check: misspelling; code doesn't contain misspelling (ubuntu)" | |
if: always() && matrix.os == 'ubuntu-latest' | |
run: | | |
ERR=$(find . -type f | grep -v vendor/ | xargs misspell) | |
if ! test -z "$ERR"; then | |
echo "$ERR" | |
echo "## ⚠ misspell Failed" >> ../_comments.txt | |
echo "" >> ../_comments.txt | |
echo "$ERR" >> ../_comments.txt | |
echo "" >> ../_comments.txt | |
false | |
fi | |
- name: 'Send comments' | |
if: failure() | |
run: | | |
if [ -f ../_comments.txt ]; then | |
URL="${{github.event.issue.pull_request.url}}" | |
if test -z "$URL"; then | |
URL="${{github.api_url}}/repos/${{github.repository}}/commits/${{github.sha}}/comments" | |
fi | |
echo "Sending $(cat ../_comments.txt|wc -l) lines of comments to ${URL}" | |
curl -sS --request POST \ | |
--header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \ | |
--header "Content-Type: application/json" \ | |
--data "$(cat ../_comments.txt | jq -R --slurp '{body: .}')" \ | |
"${URL}" > /dev/null | |
rm ../_comments.txt | |
fi | |
codeql: | |
name: "codeql: go${{matrix.gover}}.x/${{matrix.os}}" | |
runs-on: "${{matrix.os}}" | |
continue-on-error: true | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest] | |
# Do not forget to bump every 6 months! | |
gover: ["1.21"] | |
permissions: | |
security-events: write | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: "~${{matrix.gover}}.0" | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: go | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v2 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 |