Skip to content

uplift Go and harden Github action workflows #4

uplift Go and harden Github action workflows

uplift Go and harden Github action workflows #4

Workflow file for this run

name: test
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: read
# see: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
jobs:
ubuntu-latest:
runs-on: ubuntu-latest
strategy:
matrix:
go: [ '1.19', '1.20', '1.21' ]
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
run: go test -v ./...
windows-latest:
runs-on: windows-latest
strategy:
matrix:
# NOTE(jaypipes): Only running on a single Go version because we fetch
# the pciids file from the Internet on Windows and don't want to
# overload pciids.cz
go: [ '1.21' ]
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
env:
PCIDB_ENABLE_NETWORK_FETCH: "1"
run: go test -v ./...
macos-latest:
runs-on: macos-latest
strategy:
matrix:
# NOTE(jaypipes): Only running on a single Go version because we fetch
# the pciids file from the Internet on MacOS and don't want to
# overload pciids.cz
go: [ '1.21' ]
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
run: go test -v ./...
env:
PCIDB_ENABLE_NETWORK_FETCH: "1"