Merge pull request #170 from jiaqiluo/gha

.github/workflows/ci-on-pull-request.yaml

@@ -0,0 +1,35 @@
+name: CI on Pull Request
+
+on:
+  pull_request:
+
+jobs:
+  test-build-linux:
+    runs-on: ubuntu-latest
+    container:
+      image: rancher/dapper:v0.6.0
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        os: [ linux ]
+        arch: [ amd64, arm64 ]
+    steps:
+      - name: Fix the not-a-git-repository issue
+        run: |
+          apk -U add git
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set environment variables
+        run: |
+          echo "DAPPER_HOST_ARCH=${{ matrix.arch }}"   >> "$GITHUB_ENV"
+          echo "GH_VERSION=${{ github.ref_name }}"     >> "$GITHUB_ENV"
+          echo "GOARCH=${{ matrix.arch }}"             >> "$GITHUB_ENV"
+          echo "GOOS=${{ matrix.os }}"                 >> "$GITHUB_ENV"
+          echo "CROSS=false"                           >> "$GITHUB_ENV"
+
+      - name: build with Dapper
+        run: dapper gha-ci

.github/workflows/fossa.yaml

@@ -0,0 +1,30 @@
+name: Run Fossa Scan
+
+on:
+  push:
+    branches:
+      - "main"
+  # For manual scans.
+  workflow_dispatch:
+
+jobs:
+  fossa:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # needed for the Vault authentication
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Read FOSSA token
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+
+      - name: FOSSA scan
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+          run-tests: false