Skip to content

Commit

Permalink
create a separate workflow for go analyse
Browse files Browse the repository at this point in the history
  • Loading branch information
eljohnson92 committed Apr 25, 2024
1 parent 3ff0933 commit e518023
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 48 deletions.
48 changes: 0 additions & 48 deletions .github/workflows/build_test_ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -70,54 +70,6 @@ jobs:
token: ${{ secrets.CODECOV_TOKEN }}
slug: linode/cluster-api-provider-linode


go-analyse:
needs: go-build-test
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
proxy.golang.org:443
sum.golang.org:443
objects.githubusercontent.com:443
registry-1.docker.io:443
auth.docker.io:443
production.cloudflare.docker.com:443
vuln.go.dev:443
storage.googleapis.com:443
- uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
check-latest: true

- name: Docker cache
uses: ScribeMD/[email protected]
with:
key: docker-${{ runner.os }}-${{ hashFiles('go.sum') }}

- name: Lint
run: make lint

- name: Gosec
run: make gosec

- name: Vulncheck
continue-on-error: true
run: make vulncheck

- name: Nilcheck
run: make nilcheck

e2e-test:
needs: [go-build-test, docker-build]
runs-on: ubuntu-latest
Expand Down
77 changes: 77 additions & 0 deletions .github/workflows/go-analyze.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
name: Go Analyze

on:
push:
branches:
- main
pull_request:
branches:
- "*"
workflow_dispatch:

permissions:
contents: read
pull-requests: read

jobs:
changes:
runs-on: ubuntu-latest
outputs:
# Expose matched filters as job 'src' output variable
src: ${{ steps.filter.outputs.src }}
steps:
- uses: actions/checkout@v4
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
- uses: dorny/paths-filter@v3
id: filter
with:
predicate-quantifier: 'every'
filters: |
src:
- '!**/**.md'
- '!docs/**'
go-analyze:
needs: changes
runs-on: ubuntu-latest
if: ${{ needs.changes.outputs.src == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@v2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
proxy.golang.org:443
sum.golang.org:443
objects.githubusercontent.com:443
raw.githubusercontent.com:443
auth.docker.io:443
production.cloudflare.docker.com:443
vuln.go.dev:443
storage.googleapis.com:443
- uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
check-latest: true
cache: false

- name: lint
uses: golangci/golangci-lint-action@v4
with:
version: latest

- name: Nilcheck
run: make nilcheck

0 comments on commit e518023

Please sign in to comment.