diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 72bfd2e7..9d382bd4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -2,16 +2,16 @@ name: CI on: push: - branches: - - master + branches: [ master ] pull_request: +permissions: + contents: read + jobs: build: name: Build runs-on: ubuntu-latest - env: - GOFLAGS: -mod=readonly services: postgres: @@ -61,14 +61,14 @@ jobs: options: --health-cmd "curl --fail http://localhost:5000/v3" --health-interval 10s --health-timeout 5s --health-retries 5 steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: Set up Go - uses: actions/setup-go@v4 + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: "1.20" - - name: Checkout code - uses: actions/checkout@v3 - - name: Download tool dependencies run: make deps @@ -127,5 +127,44 @@ jobs: DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config + lint: + name: Lint + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Set up Go + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 + with: + go-version: "1.20" + + - name: Download golangci-lint + run: make bin/golangci-lint + - name: Lint run: make lint + + artifacts: + name: Artifacts + uses: ./.github/workflows/artifacts.yaml + with: + publish: ${{ github.event_name == 'push' }} + permissions: + contents: read + packages: write + id-token: write + security-events: write + + dependency-review: + name: Dependency review + runs-on: ubuntu-latest + if: github.event_name == 'pull_request' + + steps: + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + - name: Dependency Review + uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4