chore(ci): add security.yml version marker + document >5-repos switchover #44
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # Default-deny at workflow level; jobs grant only what they need. | |
| permissions: {} | |
| jobs: | |
| markdown-lint: | |
| name: markdown lint | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| - uses: DavidAnson/markdownlint-cli2-action@b4c9feab76d8025d1e83c653fa3990936df0e6c8 # v16.0.0 | |
| with: | |
| globs: '**/*.md' | |
| go: | |
| name: go vet + test | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1 | |
| - id: detect | |
| name: detect go module | |
| run: | | |
| if [ -f go.mod ]; then | |
| echo "has_go=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "has_go=false" >> "$GITHUB_OUTPUT" | |
| echo "::notice::No go.mod present; skipping go vet and go test." | |
| fi | |
| - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 | |
| if: steps.detect.outputs.has_go == 'true' | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: go vet | |
| if: steps.detect.outputs.has_go == 'true' | |
| run: go vet ./... | |
| - name: go test | |
| if: steps.detect.outputs.has_go == 'true' | |
| run: go test ./... | |
| compat: | |
| name: compat module (vet + self-test) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: detect | |
| name: detect compat module | |
| run: | | |
| if [ -f compat/go.mod ]; then | |
| echo "has_compat=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "has_compat=false" >> "$GITHUB_OUTPUT" | |
| echo "::notice::No compat/go.mod present; skipping compat job." | |
| fi | |
| - uses: actions/setup-go@v5 | |
| if: steps.detect.outputs.has_compat == 'true' | |
| with: | |
| go-version-file: compat/go.mod | |
| # compat is stdlib-only; no module cache needed. | |
| cache: false | |
| - name: go vet (compat) | |
| if: steps.detect.outputs.has_compat == 'true' | |
| working-directory: compat | |
| run: go vet ./... | |
| - name: gofmt (compat) | |
| if: steps.detect.outputs.has_compat == 'true' | |
| working-directory: compat | |
| run: | | |
| diff="$(gofmt -l .)" | |
| if [ -n "$diff" ]; then | |
| echo "gofmt diff in:" | |
| echo "$diff" | |
| echo "---" | |
| gofmt -d . | |
| exit 1 | |
| fi | |
| - name: go test (compat self-test) | |
| if: steps.detect.outputs.has_compat == 'true' | |
| working-directory: compat | |
| run: go test ./... |