67559b67a4
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 9.1.0 to 9.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](e7fa5ac41e...1e7e51e771)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-version: 9.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
84 lines
2.8 KiB
YAML
84 lines
2.8 KiB
YAML
name: Lint
|
|
on:
|
|
push:
|
|
branches:
|
|
- trunk
|
|
paths:
|
|
- "**.go"
|
|
- go.mod
|
|
- go.sum
|
|
- ".github/licenses.tmpl"
|
|
- "script/licenses*"
|
|
pull_request:
|
|
paths:
|
|
- "**.go"
|
|
- go.mod
|
|
- go.sum
|
|
- ".github/licenses.tmpl"
|
|
- "script/licenses*"
|
|
permissions:
|
|
contents: read
|
|
jobs:
|
|
lint:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v6
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
- name: Ensure go.mod and go.sum are up to date
|
|
run: |
|
|
STATUS=0
|
|
assert-nothing-changed() {
|
|
local diff
|
|
"$@" >/dev/null || return 1
|
|
if ! diff="$(git diff -U1 --color --exit-code)"; then
|
|
printf '\e[31mError: running `\e[1m%s\e[22m` results in modifications that you must check into version control:\e[0m\n%s\n\n' "$*" "$diff" >&2
|
|
git checkout -- .
|
|
STATUS=1
|
|
fi
|
|
}
|
|
assert-nothing-changed go mod tidy
|
|
exit $STATUS
|
|
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
|
|
with:
|
|
version: v2.6.0
|
|
|
|
# actions/setup-go does not setup the installed toolchain to be preferred over the system install,
|
|
# which causes go-licenses to raise "Package ... does not have module info" errors.
|
|
# For more information, https://github.com/google/go-licenses/issues/244#issuecomment-1885098633
|
|
#
|
|
# go-licenses has been pinned for automation use.
|
|
- name: Check licenses
|
|
run: |
|
|
export GOROOT=$(go env GOROOT)
|
|
export PATH=${GOROOT}/bin:$PATH
|
|
go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e # v2.0.1
|
|
make licenses-check
|
|
|
|
# Discover vulnerabilities within Go standard libraries used to build GitHub CLI using govulncheck.
|
|
govulncheck:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out code
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v6
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
|
|
# `govulncheck` exits unsuccessfully if vulnerabilities are found, providing results in stdout.
|
|
# See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes for more information on exit codes.
|
|
#
|
|
# On go1.25, To make `-mode binary` work we need to make sure the binary is built with `go build -buildvcs=false`
|
|
# Since our builds do not use `-buildvcs=false`, we run in source mode here instead.
|
|
- name: Check Go vulnerabilities
|
|
run: |
|
|
go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 ./...
|