From f0ae1a5cccd6a1d7c57b5bc7951df6aeca62318c Mon Sep 17 00:00:00 2001
From: sunhailinLeo <379978424@qq.com>
Date: Fri, 27 Dec 2024 00:54:26 +0800
Subject: [PATCH] add workflows

---
 .github/dependabot.yml          | 19 +++++++++++++++++++
 .github/workflows/lint.yml      | 27 +++++++++++++++++++++++++++
 .github/workflows/sercurity.yml | 21 +++++++++++++++++++++
 .github/workflows/vulncheck.yml | 30 ++++++++++++++++++++++++++++++
 4 files changed, 97 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/lint.yml
 create mode 100644 .github/workflows/sercurity.yml
 create mode 100644 .github/workflows/vulncheck.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..38a983c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/" # Location of package manifests
+    labels:
+      - "🤖 Dependencies"
+    schedule:
+      interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily
+    labels:
+      - "🤖 Dependencies"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000..bc8b21d
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,27 @@
+name: Lint Check
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: read
+  checks: write
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+      - run: go version
+      #- run: diff -u <(echo -n) <(gofmt -d .)
+      - name: Run golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: v1.56.2
+          args: --enable=nolintlint,gochecknoinits,bodyclose,gocritic --verbose
\ No newline at end of file
diff --git a/.github/workflows/sercurity.yml b/.github/workflows/sercurity.yml
new file mode 100644
index 0000000..eb4253b
--- /dev/null
+++ b/.github/workflows/sercurity.yml
@@ -0,0 +1,21 @@
+name: Security Check
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: [1.22.x]
+        platform: [ubuntu-latest]
+    runs-on: ${{ matrix.platform }}
+    env:
+      GO111MODULE: on
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@v2.21.4
+        with:
+          args: '-exclude=G103,G104,G304,G402 ./...'
\ No newline at end of file
diff --git a/.github/workflows/vulncheck.yml b/.github/workflows/vulncheck.yml
new file mode 100644
index 0000000..8c66c52
--- /dev/null
+++ b/.github/workflows/vulncheck.yml
@@ -0,0 +1,30 @@
+name: Vulnerability Check
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**'
+      - '!**.md'
+  pull_request:
+    paths:
+      - '**'
+      - '!**.md'
+jobs:
+  Security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.22.x
+          check-latest: true
+      - name: Fetch Repository
+        uses: actions/checkout@v4
+      - name: Install Govulncheck
+        run: |
+          export GO111MODULE=on
+          export PATH=${PATH}:`go env GOPATH`/bin
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+      - name: Run Govulncheck
+        run: "cd test && `go env GOPATH`/bin/govulncheck ./..."
\ No newline at end of file