Skip to content

fix(security): replace deprecated libraries. (#479) #149

fix(security): replace deprecated libraries. (#479)

fix(security): replace deprecated libraries. (#479) #149

Workflow file for this run

name: Go
on:
push:
tags:
- v*
branches:
- main
paths:
- ".golangci.yml"
- ".goreleaser.yaml"
- "**.go"
- ".github/workflows/go.yml"
pull_request:
paths:
- ".golangci.yml"
- ".goreleaser.yaml"
- "**.go"
- ".github/workflows/go.yml"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
# Check if there any dirty change for go mod tidy
go-mod:
name: "Check go modules declaration"
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
objects.githubusercontent.com:443
github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: "1.22"
-
name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Check go mod and go.sum
run: |
go mod tidy -v
git --no-pager diff go.mod go.sum
git --no-pager diff --quiet go.mod go.sum
# Try compiple all binaries first
compile-dryrun:
name: "Compile"
strategy:
fail-fast: true
matrix:
go-version:
- "1.21"
- "1.22"
permissions:
actions: write
runs-on: ubuntu-latest
needs: [go-mod, golangci-lint]
steps:
-
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Set up Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: ${{ matrix.go-version }}
check-latest: true
-
name: Cache Go modules
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ matrix.go-version }}-
-
name: Fetch dependencies
run: go mod download
-
name: Build Harp
run: |
go mod vendor && go build -mod=vendor -o bin/harp zntr.io/harp/v2/cmd/harp
# Run golangci-lint
golangci-lint:
name: "GolangCI-lint"
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.22'
-
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Lint code
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
with:
version: v1.55.2
working-directory: .
only-new-issues: false
args: --timeout=10m
tests-on-linux:
name: "Tests (linux)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: ubuntu-latest
permissions:
actions: write
steps:
-
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
with:
disable-sudo: true
disable-telemetry: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.22' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.11.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...
tests-on-windows:
name: "Tests (windows)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: windows-latest
permissions:
actions: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.22' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.11.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...
tests-on-macos:
name: "Tests (darwin)"
needs: [go-mod, compile-dryrun, golangci-lint] # run after golangci-lint action to not produce duplicated errors
runs-on: macos-latest
permissions:
actions: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
with:
egress-policy: audit
-
name: Cancel previous workflows
uses: styfle/cancel-workflow-action@01ce38bf961b4e243a6342cbade0dbc8ba3f0432 # 0.12.0
with:
access_token: ${{ secrets.GITHUB_TOKEN }}
-
name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '' # test only the latest go version to speed up CI
-
name: Cache Go modules
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
-
name: Fetch dependencies
run: go mod download
-
name: Setup gotestsum
uses: autero1/action-gotestsum@7263b9d73912eec65f46337689e59fac865c425f # v2.0.0
with:
gotestsum_version: '1.11.0'
-
name: Run tests
run: gotestsum --format short-verbose ./pkg/...