test: cover wiretap cache checkpoint helpers #218
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@v9.2.0 | |
| with: | |
| version: v2.12.1 | |
| - name: Install analyzers | |
| run: | | |
| go install honnef.co/go/tools/cmd/staticcheck@v0.7.0 | |
| go install mvdan.cc/gofumpt@v0.9.2 | |
| go install github.com/securego/gosec/v2/cmd/gosec@v2.26.1 | |
| - name: Vet | |
| run: go vet ./... | |
| - name: Staticcheck | |
| run: '"$(go env GOPATH)/bin/staticcheck" ./...' | |
| - name: Gofumpt | |
| run: | | |
| changed="$("$(go env GOPATH)/bin/gofumpt" -l .)" | |
| if [ -n "$changed" ]; then | |
| printf 'gofumpt wants changes in:\n%s\n' "$changed" | |
| exit 1 | |
| fi | |
| - name: Gosec | |
| run: | | |
| "$(go env GOPATH)/bin/gosec" -exclude=G101,G115,G202,G301,G304 ./... | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Test with coverage | |
| run: go test -count=1 ./... -coverprofile=coverage.out | |
| - name: Test with race detector | |
| run: go test -count=1 -race ./... | |
| - name: Enforce coverage floor | |
| run: | | |
| total="$(go tool cover -func=coverage.out | awk '/^total:/ { sub(/%$/, "", $3); print $3 }')" | |
| awk -v total="$total" 'BEGIN { | |
| if (total == "") { | |
| print "missing coverage total" | |
| exit 1 | |
| } | |
| if (total + 0 < 85.0) { | |
| printf("coverage %.1f%% is below 85%%\n", total + 0) | |
| exit 1 | |
| } | |
| printf("coverage %.1f%%\n", total + 0) | |
| }' | |
| - name: Build | |
| run: go build ./cmd/discrawl | |
| deps: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify module cache | |
| run: go mod verify | |
| - name: Check go.mod tidy | |
| run: | | |
| go mod tidy | |
| git diff --exit-code -- go.mod go.sum | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@v1.3.0 | |
| - name: Run govulncheck | |
| run: '"$(go env GOPATH)/bin/govulncheck" ./...' | |
| release-check: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Snapshot release build | |
| uses: goreleaser/goreleaser-action@v7.2.1 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --snapshot --clean --skip=publish | |
| secrets: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Install gitleaks | |
| run: go install github.com/zricethezav/gitleaks/v8@v8.30.1 | |
| - name: Scan git history | |
| run: | | |
| "$(go env GOPATH)/bin/gitleaks" git --no-banner --redact | |
| - name: Scan working tree | |
| run: | | |
| "$(go env GOPATH)/bin/gitleaks" dir . --no-banner --redact |