From d8a2747e33b9fc1582c1cb2285412ed4b0c9a5f4 Mon Sep 17 00:00:00 2001 From: Jonathan Yu Date: Sun, 20 Jun 2021 00:24:16 +0000 Subject: [PATCH] Update GitHub Actions workflows * Reduce permissions for GITHUB_TOKEN issued during build * Remove "go get" for downloading dependencies, as the build step will do this automatically for Go module projects * Upgrade minimum Go version from 1.13 to 1.16 * Fix phony targets in Makefile (.PHONEY -> .PHONY) --- .github/workflows/go.yml | 36 ++++++++++++++++------------- .github/workflows/golangci-lint.yml | 17 ++++++++++++++ .github/workflows/snyk.yml | 14 +++++++++++ Makefile | 20 ++++++++-------- go.mod | 2 +- 5 files changed, 62 insertions(+), 27 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index c813222..723e317 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -2,12 +2,26 @@ name: Go on: push: - branches: [ master ] + branches: + - master + pull_request: - branches: [ master ] + branches: + - master + +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none jobs: - build: name: Build runs-on: ubuntu-latest @@ -16,30 +30,20 @@ jobs: - name: Set up Go 1.x uses: actions/setup-go@v2 with: - go-version: ^1.13 + go-version: ^1.16 id: go - name: Check out code into the Go module directory uses: actions/checkout@v2 - - name: Get dependencies - run: | - go get -v -t -d ./... - if [ -f Gopkg.toml ]; then - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh - dep ensure - fi - - name: Build - run: go build -v . + run: make build - name: Test run: make test - name: Cover - run: | - make install-go-tools - make cover + run: make install-go-tools cover - name: Upload coverage to Codecov uses: codecov/codecov-action@v1 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 156e791..d8bd9eb 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -1,11 +1,28 @@ name: golangci-lint + on: push: tags: - v* branches: - master + pull_request: + branches: + - master + +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + jobs: golangci: name: lint diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index 58b544f..0f7f292 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -1,5 +1,19 @@ name: Snyk + on: push + +permissions: + actions: none + checks: none + contents: read + deployments: none + issues: none + packages: none + pull-requests: none + repository-projects: none + security-events: none + statuses: none + jobs: security: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 98faef8..a196283 100644 --- a/Makefile +++ b/Makefile @@ -1,42 +1,42 @@ current_dir = $(shell pwd) -.PHONEY: lint +.PHONY: lint lint: golangci-lint run ./... -.PHONEY: build +.PHONY: build build: go build -o gomodguard cmd/gomodguard/main.go -.PHONEY: run +.PHONY: run run: build ./gomodguard -.PHONEY: test +.PHONY: test test: go test -v -coverprofile coverage.out -.PHONEY: cover +.PHONY: cover cover: gocover-cobertura < coverage.out > coverage.xml -.PHONEY: dockerrun +.PHONY: dockerrun dockerrun: dockerbuild docker run -v "${current_dir}/.gomodguard.yaml:/.gomodguard.yaml" ryancurrah/gomodguard:latest -.PHONEY: release +.PHONY: release release: goreleaser --rm-dist -.PHONEY: clean +.PHONY: clean clean: rm -rf dist/ rm -f gomodguard coverage.xml coverage.out -.PHONEY: install-tools-mac +.PHONY: install-tools-mac install-tools-mac: brew install goreleaser/tap/goreleaser -.PHONEY: install-go-tools +.PHONY: install-go-tools install-go-tools: go get github.com/t-yuki/gocover-cobertura diff --git a/go.mod b/go.mod index de5cc75..3a19311 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/ryancurrah/gomodguard -go 1.14 +go 1.16 require ( github.com/Masterminds/semver v1.5.0