Update release.yaml - OpenSSF Scorecard, permissions at the job level #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| # We run the CI checks on any pull request updates or pushes to the main branch after PR merge. | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Fetch all tags | |
| run: git fetch --force --tags | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Run Go Vet | |
| run: go vet ./... | |
| - name: Run Go Tests | |
| run: go test ./... -cover -race | |
| - name: Build binary | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser | |
| version: '~> v2' | |
| args: build --snapshot | |
| - name: Install license check tool | |
| run: go install github.com/google/addlicense@v1 | |
| - name: Check licenses | |
| run: addlicense -l apache -check -v -ignore '**/*.yaml' -c Humanitec ./cmd ./internal/ | |
| - name: Build docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| load: true | |
| tags: score-compose:test | |
| - name: Test docker image | |
| run: | | |
| docker run --rm score-compose:test --version | |
| docker run -v .:/score-compose --rm score-compose:test init | |
| cat score.yaml |