forked from openbao/openbao
-
Notifications
You must be signed in to change notification settings - Fork 0
93 lines (85 loc) · 2.8 KB
/
code-checker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
name: Run linters
on:
merge_group:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
push:
branches:
- main
- release/**
concurrency:
group: ${{ github.head_ref || github.run_id }}-lint
cancel-in-progress: true
jobs:
deprecations:
name: Deprecated functions
runs-on: ubuntu-latest
if: github.base_ref == 'main'
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: ./.github/actions/set-up-go
- run: make ci-deprecations
name: Check deprecations
vulnerabilities:
name: Vulnerable dependencies
runs-on: ubuntu-latest
if: github.base_ref == 'main'
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: ./.github/actions/set-up-go
- run: make vulncheck
name: Check dependencies for vulnerabilities
codechecker:
name: Code checks
runs-on: ubuntu-latest
if: github.base_ref == 'main'
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- uses: ./.github/actions/set-up-go
# Note: if there is a function we want to ignore the nilnil check for,
# You can add 'ignore-nil-nil-function-check' somewhere in the
# godoc for the function.
- run: make ci-vet-codechecker
name: Check custom linters
format:
name: Format
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./.github/actions/set-up-go
- name: Go format
run: |
make ci-bootstrap
echo "Using gofumpt version $(go run mvdan.cc/gofumpt -version)"
make fmt
if ! git diff --exit-code; then
echo "Code has formatting errors. Run 'make fmt' to fix"
exit 1
fi
semgrep:
name: Semgrep
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep@sha256:ffc6f3567654f9431456d49fd059dfe548f007c494a7eb6cd5a1a3e50d813fb3
# Skip any PR created by dependabot and any check triggered by merge group
if: (github.actor != 'dependabot[bot]') && (github.event != 'merge_group')
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run Semgrep Rules
id: semgrep
run: semgrep ci --include '*.go' --config 'tools/semgrep/ci'
gomod:
name: Go mod checks
runs-on: ubuntu-latest
if: github.base_ref == 'main'
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./.github/actions/set-up-go
- run: make ci-tidy-all
name: Run go mod tidy to check for differences