Update ubuntu version test.yml (#124) #252
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| paths: | |
| - '.github/workflows/test.yml' | |
| - '**/*.go' | |
| - 'makefile' | |
| - 'go.mod' | |
| - 'go.sum' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| program: "cbridge" | |
| # Declare default permissions as read only. | |
| permissions: read-all | |
| jobs: | |
| copyright: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Check out repository code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Check copyright notice | |
| run: | | |
| pip install \ | |
| pre-commit \ | |
| python-magic==0.4.18 \ | |
| comment-parser>=1.2.3 | |
| pre-commit run --all-files | |
| lint: | |
| name: Lint | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Check out repository code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| - name: Lint with golangci-lint | |
| uses: golangci/golangci-lint-action@2e788936b09dd82dc280e845628a40d2ba6b204c # v6.3.1 | |
| with: | |
| version: latest | |
| format: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Check out repository code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| - name: Check formatting | |
| run: make format-check | |
| gosec: | |
| runs-on: ubuntu-latest | |
| env: | |
| GO111MODULE: on | |
| steps: | |
| - name: Checkout Source | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Run Gosec Security Scanner | |
| uses: securego/gosec@e0cca6fe95306b7e7790d6f1bf6a7bec6d622459 # v2.22.0 | |
| with: | |
| args: '-severity high -exclude-dir=testdata -exclude=*_test.go ./...' | |
| vulnerability-check: | |
| name: "Vulnerability check" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Scan for Vulnerabilities | |
| uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| go-package: ./... | |
| test: | |
| strategy: | |
| matrix: | |
| platform: [ubuntu-latest, windows-latest, macos-latest] | |
| arch: [amd64, arm64] | |
| include: | |
| - platform: ubuntu-latest | |
| target: linux | |
| - platform: windows-latest | |
| target: windows | |
| - platform: macos-latest | |
| target: darwin | |
| name: 'Test (${{ matrix.target }}, ${{ matrix.arch }})' | |
| runs-on: ${{ matrix.platform }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Set up Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| - name: Install go-junit-report | |
| run: go install github.com/jstemmer/go-junit-report/v2@14d61e6e75e3f3c74551d757ad936e8e88014464 # v2.1.0 | |
| - name: Run tests | |
| run: | | |
| mkdir -p build | |
| set GOOS=${{ matrix.target }} && set GOARCH=${{ matrix.arch }} && go test -v ./... > build/${{ env.program }}-${{ matrix.target }}-${{ matrix.arch }}.txt | |
| - name: Generate HTML report | |
| if: success() || failure() | |
| run: | | |
| go-junit-report -set-exit-code -in build/${{ env.program }}-${{ matrix.target }}-${{ matrix.arch }}.txt -iocopy -out build/${{ env.program }}-testreport-${{ matrix.target }}-${{ matrix.arch }}.xml | |
| - name: Archive test results | |
| uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 | |
| with: | |
| name: ${{ env.program }}-test-result-${{ matrix.target }}-${{ matrix.arch }} | |
| path: ./build/${{ env.program }}-testreport-*.xml | |
| retention-days: 1 | |
| if-no-files-found: error | |
| publish-test-results: | |
| if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.event_name != 'release' }} | |
| name: "Publish Tests Results" | |
| needs: [ test ] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| path: artifacts | |
| - name: publish test results | |
| uses: EnricoMi/publish-unit-test-result-action/composite@170bf24d20d201b842d7a52403b73ed297e6645b # v2.18.0 | |
| with: | |
| commit: ${{ github.event.workflow_run.head_sha }} | |
| junit_files: "artifacts/**/${{ env.program }}-testreport-*.xml" | |
| report_individual_runs: true | |
| coverage: | |
| if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.event_name != 'release' }} | |
| needs: [ test ] | |
| name: 'Coverage check' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 | |
| with: | |
| egress-policy: audit | |
| - name: Check out repository code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install Go | |
| uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 | |
| with: | |
| go-version-file: go.mod | |
| check-latest: true | |
| - name: Coverage check | |
| run: | | |
| make coverage-check | |
| - name: Publish coverage report to Code Climate | |
| uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0 | |
| env: | |
| CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }} | |
| with: | |
| debug: true | |
| coverageLocations: ./cover.out:gocov | |
| prefix: github.com/open-cmsis-pack/generator-bridge |