Skip to content

Commit

Permalink
use reusable workflows (#61)
Browse files Browse the repository at this point in the history
  • Loading branch information
capnspacehook authored Sep 22, 2023
1 parent 8902063 commit ffbdfca
Show file tree
Hide file tree
Showing 7 changed files with 59 additions and 186 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Run CodeQL

on:
push:
branches:
- master
pull_request:
branches:
- "*"
schedule:
- cron: "00 13 * * 1"

workflow_dispatch: {}

jobs:
codeql:
permissions:
actions: write
contents: read
security-events: write
uses: capnspacehook/go-workflows/.github/workflows/codeql.yml@master
3 changes: 0 additions & 3 deletions .github/workflows/constants.env

This file was deleted.

25 changes: 3 additions & 22 deletions .github/workflows/lint-actions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,25 +9,6 @@ on:

jobs:
lint-workflows:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Lint workflow files
run: |
echo "::add-matcher::.github/actionlint-matcher.json"
go install github.com/rhysd/actionlint/cmd/actionlint@latest
actionlint
permissions:
contents: read
uses: capnspacehook/go-workflows/.github/workflows/lint-actions.yml@master
77 changes: 3 additions & 74 deletions .github/workflows/lint-go.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,78 +11,7 @@ on:
workflow_dispatch: {}

jobs:
check-mod-tidy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Ensure go.mod was tidied
run: |
go mod tidy -compat ${{ env.GO_VERSION }}
STATUS=$(git status --porcelain go.mod go.sum)
if [ -n "$STATUS" ]; then
echo "Running go mod tidy modified go.mod and/or go.sum"
exit 1
fi
exit 0
staticcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Lint with staticcheck
uses: dominikh/[email protected]
with:
install-go: false

golangci-lint:
runs-on: ubuntu-latest
lint-go:
permissions:
pull-requests: read
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Lint with golangci-lint
uses: golangci/[email protected]
with:
only-new-issues: true
contents: read
uses: capnspacehook/go-workflows/.github/workflows/lint-go.yml@master
40 changes: 5 additions & 35 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,41 +8,11 @@ on:
- "v*.*.*"

jobs:
release-binary:
runs-on: ubuntu-latest
if: github.ref_type == 'tag'
release:
permissions:
id-token: write
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Checkout tags
run: git fetch --force --tags

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Install cosign
uses: sigstore/cosign-installer@main

- name: Build and release with goreleaser
uses: goreleaser/goreleaser-action@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
distribution: goreleaser
version: latest
args: release
packages: write
uses: capnspacehook/go-workflows/.github/workflows/release.yml@master
with:
release-image: false
51 changes: 21 additions & 30 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,21 +13,18 @@ on:
jobs:
race-test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v4
uses: WillAbides/setup-go[email protected]
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true
go-version-file: go.mod

- name: Cache Go files
uses: capnspacehook/cache-go@v1

- name: Ensure main package builds
run: |
Expand All @@ -41,21 +38,18 @@ jobs:
binary-test:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v4
uses: WillAbides/setup-go[email protected]
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true
go-version-file: go.mod

- name: Cache Go files
uses: capnspacehook/cache-go@v1

# run the same tests as above but use a binary to process packets
# to test with landlock and seccomp filters active
Expand All @@ -68,21 +62,18 @@ jobs:
fuzz:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env
uses: actions/checkout@v4

- name: Install Go
uses: actions/setup-go@v4
uses: WillAbides/setup-go[email protected]
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true
go-version-file: go.mod

- name: Cache Go files
uses: capnspacehook/cache-go@v1

- run: |
go test -fuzz Fuzz -run Config -fuzztime 10m
28 changes: 6 additions & 22 deletions .github/workflows/vuln.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,29 +7,13 @@ on:
pull_request:
branches:
- "*"
schedule:
- cron: "00 13 * * 1"

workflow_dispatch: {}

jobs:
govulncheck:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Export constant environmental variables
uses: cardinalby/export-env-action@v2
with:
envFile: .github/workflows/constants.env

- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ env.GO_VERSION }}.x
check-latest: true
cache: true

- name: Scan for known vulnerable dependencies
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck -v ./...
vuln-check:
permissions:
contents: read
uses: capnspacehook/go-workflows/.github/workflows/vuln.yml@master

0 comments on commit ffbdfca

Please sign in to comment.