-
Notifications
You must be signed in to change notification settings - Fork 4
130 lines (118 loc) · 3.68 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: VOPRF
on:
pull_request:
branches:
- main
permissions:
contents: read
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@6d3c2fe731c8f225990c8018cb71c337c0d9dfcd
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: ./go.mod
# Linting
- name: Linting
uses: golangci/golangci-lint-action@66f63c74bb4cdd7d445cb7c8c18dee38449cb1c5
with:
version: latest
args: --config=./.github/.golangci.yml ./...
only-new-issues: true
test:
name: Test
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
go: [ '1.22', '1.21' ]
steps:
- uses: step-security/harden-runner@6d3c2fe731c8f225990c8018cb71c337c0d9dfcd
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
github.com:443
proxy.golang.org:443
storage.googleapis.com:443
sum.golang.org:443
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version: ${{ matrix.go }}
# Test
- name: Run Tests
run: cd .github && make test
analyze:
name: Analyze
runs-on: ubuntu-latest
steps:
- uses: step-security/harden-runner@6d3c2fe731c8f225990c8018cb71c337c0d9dfcd
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.codecov.io:443
api.github.com:443
cli.codecov.io:443
ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
scanner.sonarcloud.io:443
sonarcloud.io:443
storage.googleapis.com:443
- name: Checkout repo
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32
with:
go-version-file: ./go.mod
# Coverage
- name: Run coverage
run: cd .github && make cover
# Codecov
- name: Codecov
uses: codecov/codecov-action@893cfea3da0870ceb77096be8b5fe014720f3c32
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: .github/coverage.out
# Sonar
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@e44258b109568baa0df60ed515909fc6c72cba92
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=bytemare
-Dsonar.projectKey=voprf
-Dsonar.go.coverage.reportPaths=.github/coverage.out
-Dsonar.sources=.
-Dsonar.test.exclusions=examples_test.go,tests/**
-Dsonar.coverage.exclusions=examples_test.go,tests/**
-Dsonar.tests=tests/
-Dsonar.verbose=true