Skip to content

Normalize CLI output / Simplify ExecuteCmd output handling in tests. #630

Normalize CLI output / Simplify ExecuteCmd output handling in tests.

Normalize CLI output / Simplify ExecuteCmd output handling in tests. #630

Workflow file for this run

name: GHA Build
# The `name:` here is also used in badge.svg rendering as the left-hand-side
permissions:
# Control the GITHUB_TOKEN permissions.
# By having this block, all permissions not listed here are set to none.
# Available permissions listed at:
# <https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token>
# Which API calls need which permissions at what level, listed at:
# <https://docs.github.com/en/rest/reference/permissions-required-for-github-apps>
#
contents: read
checks: write
statuses: write
on:
push:
branches-ignore:
- 'exp'
- 'exp/*'
- 'exp-*'
- 'exp_*'
- 'wip'
- 'wip/*'
- 'wip-*'
- 'wip_*'
pull_request:
jobs:
test:
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.experimental || false }}
strategy:
# Debugging multi-platform builds, let them all complete (for now)
fail-fast: false
matrix:
# It's called a matrix but in practice I'm just listing out the precise combinations we want, via include.
# The canonical entry is the only one where we run vet/lint/style checks.
# `experimental: true` entries do not cause the tests to fail.
include:
- go: 'stable'
os: ubuntu-latest
canonical: true
- go: 'stable'
os: windows-latest
canonical: false
- go: 'stable'
os: macos-latest
canonical: false
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
# We're not doing releases, just checks, so we can live without check-latest here
- name: Install additional check/lint tools
id: tools-install
run: |
go install honnef.co/go/tools/cmd/[email protected]
if: matrix.canonical
- name: Basic Go integrity checks
id: integrity
run: |
go vet ./...
if: matrix.canonical
- name: Run Tests (with coverage enabled)
id: coverage
run: |
go test -v -failfast -coverpkg=./... -coverprofile=./coverage.out ./...
if: runner.os != 'Windows'
- name: Run Tests (windows)
run: |
go test -v -failfast ./...
if: runner.os == 'Windows'
- name: Upload coverage
uses: coverallsapp/github-action@v2
continue-on-error: true
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
flag-name: ${{ matrix.module }}
file: ./coverage.out
if: runner.os != 'Windows'
- name: Bad versions creep defense
id: go-module-versions
# The go.mod includes tests, and some of our tests explicitly pull in jwtv1, which is unmaintained and has security issues.
# It's only in the tests, so that's not critical enough to need to rewrite things at this time.
# But we don't want the _binary_ to link against v1. So we want to check what the actual binary links against.
# Add whatever other checks we care about here.
run: |
go build
go version -m ./nsc > versions
if grep -qsE '^[[:space:]]+dep[[:space:]]+github\.com/nats-io/jwt[[:space:]]' versions; then
echo "::error title=Bad dependency in binary::JWT library v1 detected"
exit 1
fi
if: matrix.canonical
#EOF