chore(deps): bump step-security/harden-runner from 2.10.2 to 2.10.3 (… #555
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will build a golang project | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go | |
name: Go Pipeline | |
# Enable this workflow to run for pull requests and | |
# pushes to the main branch | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
permissions: | |
contents: read | |
jobs: | |
download: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: '1.22' | |
- name: Download dependencies | |
run: go mod download | |
lint: | |
needs: download | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: '1.22' | |
- name: Static Analysis | |
run: go vet ./... | |
- name: Check Formatting | |
run: test -z "$(gofmt -s -l -e .)" | |
build: | |
needs: download | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: '1.22' | |
- name: Build | |
run: | | |
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \ | |
go build -ldflags='-w -s -extldflags "-static"' -tags netgo -o validator cmd/validator/validator.go | |
test: | |
needs: download | |
runs-on: ubuntu-latest | |
name: Update coverage badge | |
permissions: | |
contents: write | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
fetch-depth: 0 # otherwise, there would be errors pushing refs to the destination repository. | |
- name: Set up Go | |
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | |
with: | |
go-version: '1.22' | |
- name: Unit test | |
run: go test -v -cover -coverprofile coverage.out ./... | |
- name: Check coverage | |
id: check-coverage | |
env: | |
COVERAGE_THRESHOLD: 94 | |
run: | | |
# Validate that the coverage is above or at the required threshold | |
echo "Checking if test coverage is above threshold ..." | |
echo "Coverage threshold: ${COVERAGE_THRESHOLD} %" | |
totalCoverage=$(go tool cover -func coverage.out | grep 'total' | grep -Eo '[0-9]+\.[0-9]+') | |
echo "Current test coverage : ${totalCoverage} %" | |
if (( $(echo "${COVERAGE_THRESHOLD} <= ${totalCoverage}" | bc -l) )); then | |
echo "Coverage OK" | |
else | |
echo "Current test coverage is below threshold" | |
exit 1 | |
fi | |
echo "total_coverage=${totalCoverage}" >> "${GITHUB_OUTPUT}" | |
- name: Create badge img tag and apply to README files | |
id: generate-badge | |
run: | | |
# Create Badge URL | |
# Badge will always be green because of coverage threshold check | |
# so we just have to populate the total coverage | |
totalCoverage=${{ steps.check-coverage.outputs.total_coverage }} | |
BADGE_URL="https://img.shields.io/badge/Coverage-${totalCoverage}%25-brightgreen" | |
BADGE_IMG_TAG="<img id=\"cov\" src=\"${BADGE_URL}\" alt=\"Code Coverage\">" | |
# Update README.md and index.md | |
for markdown_file in README.md index.md; do | |
sed -i "/id=\"cov\"/c\\${BADGE_IMG_TAG}" "${markdown_file}" | |
done | |
# Check to see if files were updated | |
if git diff --quiet; then | |
echo "badge_updates=false" >> "${GITHUB_OUTPUT}" | |
else | |
echo "badge_updates=true" >> "${GITHUB_OUTPUT}" | |
fi | |
- name: Commit changes | |
if: steps.generate-badge.outputs.badge_updates == 'true' && github.event_name == 'push' | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "GitHub Action" | |
git add -- README.md index.md | |
git commit -m "chore: Updated coverage badge." | |
git push |