brouzouf/ftp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secure GitHub workflows

Browse Source
This commit is contained in:
Julien Laffaye 2022-09-07 18:14:30 -04:00
parent f1ba13192b
commit 260999f2de
No known key found for this signature in database
GPG Key ID: 890C3E5C169AE841
3 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/codeql-analysis.yml vendored
View File

@ -20,6 +20,9 @@ on:
schedule: schedule:
- cron: '20 19 * * 2' - cron: '20 19 * * 2'
permissions:
contents: read
jobs: jobs:
analyze: analyze:
name: Analyze name: Analyze
@ -52,12 +55,6 @@ jobs:
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality # queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell. # Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@ -69,4 +66,4 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh # ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2 uses: github/codeql-action/analyze@b398f525a5587552e573b247ac661067fafa920b

7
.github/workflows/golangci-lint.yaml vendored
View File

@ -5,9 +5,12 @@ jobs:
golangci-lint: golangci-lint:
name: lint name: lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@7884fcad6b5d53d10323aee724dc68d8b9096a2e
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@v2 uses: golangci/golangci-lint-action@5c56cd6c9dc07901af25baab6f2b0d9f3b7c3018
with: with:
only-new-issues: true only-new-issues: true

12
.github/workflows/unit_tests.yaml vendored
View File

@ -5,12 +5,12 @@ jobs:
name: test name: test
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@master - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
- name: Setup go - name: Setup go
uses: actions/setup-go@v2 uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492
with: with:
go-version: 1.17 go-version: 1.19
- uses: actions/cache@v2 - uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with: with:
path: | path: |
~/go/pkg/mod ~/go/pkg/mod
@ -21,9 +21,9 @@ jobs:
- name: Run tests - name: Run tests
run: go test -v -covermode=count -coverprofile=coverage.out run: go test -v -covermode=count -coverprofile=coverage.out
- name: Convert coverage to lcov - name: Convert coverage to lcov
uses: jandelgado/gcov2lcov-action@v1.0.8 uses: jandelgado/gcov2lcov-action@2477d9ec11814a9326e7fdde8d315783d163edb7
- name: Coveralls - name: Coveralls
uses: coverallsapp/github-action@v1.1.2 uses: coverallsapp/github-action@8cbef1dea373ebce56de0a14c68d6267baa10b44
with: with:
github-token: ${{ secrets.github_token }} github-token: ${{ secrets.github_token }}
path-to-lcov: coverage.lcov path-to-lcov: coverage.lcov