Skip to content

Commit

Permalink
github actions: redo
Browse files Browse the repository at this point in the history
  • Loading branch information
@maruel
maruel committed Nov 3, 2023
1 parent 2c308d0 commit e0896fd
Showing 1 changed file with 92 additions and 148 deletions.
240 changes: 92 additions & 148 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,15 @@
# Use of this source code is governed under the Apache License, Version 2.0
# that can be found in the LICENSE file.

# References:
# https://developer.github.com/webhooks/event-payloads/
# https://github.com/actions/cache
# https://github.com/actions/checkout
# https://github.com/actions/setup-go
# https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#using-the-github_token-in-a-workflow
# https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions/
# https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions

on: [push, pull_request]
name: Run tests
jobs:
test_all:
# Runs go test both with code coverage sent to codecov, race detector and
# benchmarks. At the end do a quick check to ensure the tests to not leave
# files in the tree.
test:
name: "test: go${{matrix.gover}}.x/${{matrix.os}}"
runs-on: "${{matrix.os}}"
continue-on-error: true
defaults:
run:
Expand All @@ -24,148 +20,49 @@ jobs:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
# Do not forget to bump every 6 months!
gover: ["1.18"]
runs-on: "${{matrix.os}}"
name: "go${{matrix.gover}}.x on ${{matrix.os}}"
gover: ["1.21"]
env:
CGO_ENABLED: 0
PYTHONDONTWRITEBYTECODE: x
steps:
- uses: actions/setup-go@v3
with:
go-version: "~${{matrix.gover}}.0"

# Checkout and print debugging information.
- name: Turn off git core.autocrlf
if: matrix.os == 'windows-latest'
run: git config --global core.autocrlf false
- uses: actions/checkout@v3
- name: "Debug"
run: |
echo HOME = $HOME
echo GITHUB_WORKSPACE = $GITHUB_WORKSPACE
echo PATH = $PATH
echo ""
echo $ ls -l $HOME/go/bin
ls -la $HOME/go/bin
- name: 'Cache: ~/go'
uses: actions/cache@v2
with:
path: ~/go
key: "${{runner.os}}-gopkg-${{hashFiles('go.sum', '.github/workflows/*.yml')}}"

# Fetch the tools before checking out, so they don't modify go.mod/go.sum.
- name: 'go install necessary tools'
run: |
go install -v github.com/gordonklaus/ineffassign@latest
go install -v github.com/securego/gosec/cmd/gosec@latest
go install -v golang.org/x/tools/go/analysis/passes/shadow/cmd/shadow@latest
go install -v honnef.co/go/tools/cmd/staticcheck@latest
- name: 'go install necessary tools (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
go install -v github.com/client9/misspell/cmd/misspell@latest
go install -v github.com/google/addlicense@latest
# Now run proper checks.
- name: 'Check: go vet'
if: always()
run: go vet ./...
- name: 'Check: go vet shadow; shadowed variables'
run: |
SHADOW_TOOL="$(which shadow)"
if [ -f "${SHADOW_TOOL}.exe" ]; then
SHADOW_TOOL="${SHADOW_TOOL}.exe"
fi
go vet -vettool=$SHADOW_TOOL ./...
- name: 'Check: inefficient variable assignment'
if: always()
run: ineffassign ./...
- name: 'Check: staticcheck'
if: always()
run: staticcheck -checks inherit,-SA1019 ./...
# Still broken on go1.18. :(
#- name: 'Check: gosec (only G104)'
# run: gosec -include=G104 -fmt=golint -quiet ./...

# The following checks are not dependent on the OS or go build tags. Only
# run them on ubuntu-latest since it's the fastest one.
- name: 'Check: no executable was committed (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
if find . -path ./.git -prune -o -type f -executable -print | grep -e . ; then
echo 'Do not commit executables'
false
fi
- name: 'Check: gofmt; code is well formatted (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
FILES=$(gofmt -s -l .)
if ! test -z "$FILES"; then
echo 'Please run `gofmt -s -w` on the following files:' >> _gofmt.txt
echo "" >> _gofmt.txt
for FILE in ${FILES}; do
echo "- ${FILE}" >> _gofmt.txt
done
cat _gofmt.txt
echo "## ⚠ gofmt Failed" >> _comments.txt
echo "" >> _comments.txt
cat _gofmt.txt >> _comments.txt
echo "" >> _comments.txt
false
fi
- name: 'Check: addlicense; all sources have a license header (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: addlicense -check .
- name: "Check: misspelling; code doesn't contain misspelling (ubuntu)"
if: always() && matrix.os == 'ubuntu-latest'
run: |
ERR=$(misspell .)
if ! test -z "$ERR"; then
echo "$ERR"
echo "## ⚠ misspell Failed" >> _comments.txt
echo "" >> _comments.txt
echo "$ERR" >> _comments.txt
echo "" >> _comments.txt
false
fi
# Run tests last since it's potentially the slowest step.
fetch-depth: 2
- uses: actions/setup-go@v4
with:
go-version: "~${{matrix.gover}}.0"
- name: 'Check: go test -cover'
run: go test -timeout=40s -covermode=count -coverprofile coverage.txt ./...
if: always()
run: go test -timeout=5m -covermode=count -coverprofile coverage.txt -bench=. -benchtime=1x ./...
# Don't send code coverage if anything failed to reduce spam.
- uses: codecov/codecov-action@v2
- uses: codecov/codecov-action@v3
- name: 'Cleanup'
if: always()
run: rm coverage.txt
# Don't run go test -race if anything failed, to speed up the results.
- name: 'Check: go test -race'
run: go test -timeout=60s -race ./...
- name: 'Check: go test -bench .'
run: go test -timeout=40s -bench . -benchtime=100ms -cpu=1 ./...
- name: 'Check: CGO_ENABLED=0 go test -short'
run: CGO_ENABLED=0 go test -timeout=40s -short ./...

- name: "Check: tree is clean"
run: |
# Nothing should have changed in the tree up to that point and no
# unsuspected file was created.
TOUCHED=$(git status --porcelain --ignored)
if ! test -z "$TOUCHED"; then
echo "Oops, something touched these files, please cleanup:"
echo "$TOUCHED"
git diff
false
fi
run: go test -timeout=5m -race -bench=. -benchtime=1x ./...
env:
CGO_ENABLED: 1
- name: 'Install'
if: always()
run: go install .
- name: "Check: go generate doesn't modify files"
if: always()
run: |
go generate ./...
# Also test for untracked files.
# Also test for untracked files. go generate should not generate ignored
# files either.
TOUCHED=$(git status --porcelain --ignored)
if ! test -z "$TOUCHED"; then
echo "go generate created these files, please fix:"
echo "$TOUCHED"
false
fi
- name: "Check: go mod tidy doesn't modify files"
if: always()
run: |
go mod tidy
TOUCHED=$(git status --porcelain --ignored)
Expand All @@ -174,33 +71,80 @@ jobs:
git diff
false
fi
- name: 'go install necessary tools (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
go install github.com/client9/misspell/cmd/misspell@latest
go install github.com/google/addlicense@latest
- name: 'Check: go vet'
if: always()
run: go vet -unsafeptr=false ./...
# run them on ubuntu-latest since it's the fastest one.
- name: 'Check: no executable was committed (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: |
if find . -path '*.sh' -prune -o \
-path ./.git -prune -o \
-path './internal/sandbox/nsjail-linux-*' -prune -o \
-type f -executable -print | grep -e . ; then
echo 'Do not commit executables beside shell scripts'
false
fi
- name: 'Check: addlicense; all sources have a license header (ubuntu)'
if: always() && matrix.os == 'ubuntu-latest'
run: addlicense -check -ignore 'vendor/**' .
- name: "Check: misspelling; code doesn't contain misspelling (ubuntu)"
if: always() && matrix.os == 'ubuntu-latest'
run: |
ERR=$(find . -type f | grep -v vendor/ | xargs misspell)
if ! test -z "$ERR"; then
echo "$ERR"
echo "## ⚠ misspell Failed" >> ../_comments.txt
echo "" >> ../_comments.txt
echo "$ERR" >> ../_comments.txt
echo "" >> ../_comments.txt
false
fi
- name: 'Send comments'
if: failure() && github.event_name == 'pull_request'
if: failure()
run: |
if [ -f _comments.txt ]; then
URL=$(cat ${GITHUB_EVENT_PATH} | jq -r .pull_request.comments_url)
echo "Sending $(cat _comments.txt|wc -l) lines of comments to ${URL}"
PAYLOAD=$(echo '{}' | jq --arg body "$(cat _comments.txt)" '.body = $body')
if [ -f ../_comments.txt ]; then
URL="${{github.event.issue.pull_request.url}}"
if test -z "$URL"; then
URL="${{github.api_url}}/repos/${{github.repository}}/commits/${{github.sha}}/comments"
fi
echo "Sending $(cat ../_comments.txt|wc -l) lines of comments to ${URL}"
curl -sS --request POST \
--header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \
--header "Content-Type: application/json" \
--data "${PAYLOAD}" "${URL}" > /dev/null
--data "$(cat ../_comments.txt | jq -R --slurp '{body: .}')" \
"${URL}" > /dev/null
rm ../_comments.txt
fi
test_short:
codeql:
name: "codeql: go${{matrix.gover}}.x/${{matrix.os}}"
runs-on: "${{matrix.os}}"
continue-on-error: true
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest]
gover: ['1.11.13']
runs-on: "${{matrix.os}}"
name: "go${{matrix.gover}} on ${{matrix.os}} (quick)"
# Do not forget to bump every 6 months!
gover: ["1.21"]
permissions:
security-events: write
steps:
- uses: actions/setup-go@v3
with:
go-version: "${{matrix.gover}}"
- uses: actions/checkout@v3
- name: 'Check: go test'
run: go test -timeout=40s ./...
- uses: actions/setup-go@v4
with:
go-version: "~${{matrix.gover}}.0"
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

0 comments on commit e0896fd

Please sign in to comment.