name: build on: push: branches: - "main" pull_request: paths: - "go.*" - "**/*.go" - "Taskfile.yml" - "Dockerfile" - ".github/workflows/*.yml" permissions: contents: read jobs: govulncheck: uses: caarlos0/meta/.github/workflows/govulncheck.yml@main semgrep: uses: caarlos0/meta/.github/workflows/semgrep.yml@main ruleguard: uses: caarlos0/meta/.github/workflows/ruleguard.yml@main with: args: "-disable largeloopcopy" test: runs-on: ubuntu-latest env: DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v3 with: fetch-depth: 0 - uses: arduino/setup-task@e26d8975574116b0097a1161e0fe16ba75d84c1c # v1 with: version: 3.x repo-token: ${{ secrets.GITHUB_TOKEN }} - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v2 - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v2 - name: setup-snapcraft # FIXME: the mkdirs are a hack for https://github.com/goreleaser/goreleaser/issues/1715 run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft mkdir -p $HOME/.cache/snapcraft/download mkdir -p $HOME/.cache/snapcraft/stage-packages - uses: crazy-max/ghaction-upx@v3 with: install-only: true - uses: cachix/install-nix-action@v25 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v4 with: go-version: stable - uses: sigstore/cosign-installer@v3.3.0 - uses: anchore/sbom-action/download-syft@v0.15.7 - name: setup-validate-krew-manifest run: go install sigs.k8s.io/krew/cmd/validate-krew-manifest@latest - name: setup-tparse run: go install github.com/mfridman/tparse@latest - name: setup run: | task setup task build - name: test run: ./scripts/test.sh - uses: codecov/codecov-action@ab904c41d6ece82784817410c45d8b8c02684457 # v3 with: file: ./coverage.txt - run: ./goreleaser check - run: git diff