diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..6339683 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,76 @@ +name: CI + +on: + push: + pull_request: + +permissions: + contents: read + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache-dependency-path: "**/go.sum" + - name: Setup Swagger + run: | + go install github.com/swaggo/swag/cmd/swag@v1.16.2 + swag init -g cmd/main.go + - uses: golangci/golangci-lint-action@v6 + with: + version: v1.60 + + unit-tests: + name: Unit Tests + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache-dependency-path: "**/go.sum" + - name: Setup Swagger + run: | + go install github.com/swaggo/swag/cmd/swag@v1.16.2 + swag init -g cmd/main.go + - name: Run tests + run: go test -race ./... + + detect-secrets: + name: Detect Secrets + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: detect-secrets + uses: reviewdog/action-detect-secrets@v0.27 + with: + reporter: github-pr-review + fail-on-error: true + detect_secrets_flags: --exclude-files '.*_test\.go$' + + govulncheck: + name: Run govulncheck + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache-dependency-path: "**/go.sum" + - name: Setup Swagger + run: | + go install github.com/swaggo/swag/cmd/swag@v1.16.2 + swag init -g cmd/main.go + - name: Run govulncheck + run: | + go install golang.org/x/vuln/cmd/govulncheck@v1.1.3 + govulncheck -C . -format text ./...