Skip to content

lint

lint #1535

Workflow file for this run

name: lint
on:
push:
branches: [main, master]
pull_request:
branches: '**'
merge_group:
types: [checks_requested]
jobs:
golangci:
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
name: lint
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: './go.mod'
check-latest: true
cache: false
- run: make deps
- name: golangci-lint
uses: golangci/golangci-lint-action@v6
with:
skip-save-cache: true
# Run again as a workaround for https://github.com/golangci/golangci-lint-action/issues/362
- name: golangci-lint
if: ${{ always() }}
run: golangci-lint run
govulncheck:
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
name: govulncheck
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- id: govulncheck
uses: golang/govulncheck-action@v1
with:
go-version-file: './go.mod'
check-latest: true
go-package: ./...
output-format: json
output-file: govulncheck.json
# Exclude GO-2024-3166 since we do not believe it applies to go-tuf before v2, and additionally
# because we do not believe it applies to our usage since we do not use delegates.
- name: Evaluate govulncheck results
shell: bash
run: |
findingCount=$(jq -r '.finding | select ( . != null ) | .osv | select ( . != "GO-2024-3166")' govulncheck.json | wc -l)
findingCount=$((findingCount + 0))
if [[ $findingCount -ne 0 ]]; then
printf "govulncheck reports %d findings" "$findingCount"
jq -r '.finding | select ( . != null )' govulncheck.json
exit 1
fi
# This job is here as a github status check -- it allows us to move
# the merge dependency from being on all the jobs to this single
# one.
lint_mergeable:
runs-on: ubuntu-latest
steps:
- run: true
needs:
- golangci
- govulncheck