Skip to content

Commit

Permalink
uplift Go and harden Github action workflows
Browse files Browse the repository at this point in the history
Gets the library to Go 1.21 and uplifts the Github action workflows to
use a security-hardened setup that matches github.com/jaypipes/ghw.

Signed-off-by: Jay Pipes <[email protected]>
  • Loading branch information
jaypipes committed Jun 1, 2024
1 parent d9773c6 commit 4330de5
Show file tree
Hide file tree
Showing 6 changed files with 167 additions and 93 deletions.
35 changes: 35 additions & 0 deletions .github/workflows/fmtcheck.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: fmtcheck

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

permissions:
contents: read

jobs:
fmtcheck:
runs-on: ubuntu-latest
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: 1.21
- name: check fmt
run: 'bash -c "diff -u <(echo -n) <(gofmt -d .)"'

91 changes: 0 additions & 91 deletions .github/workflows/go.yml

This file was deleted.

40 changes: 40 additions & 0 deletions .github/workflows/lint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: lint

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

permissions:
contents: read
pull-requests: read # needed for only-new-issues option below

jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: 1.21
- name: lint
uses: golangci/golangci-lint-action@639cd343e1d3b897ff35927a75193d57cfcba299 # v3.6.0
with:
version: v1.53
args: --timeout=5m0s --verbose
only-new-issues: true

90 changes: 90 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: test

on:
push:
branches: [ main ]
pull_request:
branches: [ main ]

permissions:
contents: read

# see: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
jobs:
ubuntu-latest:
runs-on: ubuntu-latest
strategy:
matrix:
go: [ '1.19', '1.20', '1.21' ]
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
run: go test -v ./...

windows-latest:
runs-on: windows-latest
strategy:
matrix:
# NOTE(jaypipes): Only running on a single Go version because we fetch
# the pciids file from the Internet on Windows and don't want to
# overload pciids.cz
go: [ '1.21' ]
steps:
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
env:
PCIDB_ENABLE_NETWORK_FETCH: "1"
run: go test -v ./...

macos-latest:
runs-on: macos-latest
strategy:
matrix:
go: [ '1.20', '1.21' ]
steps:
- name: harden runner
uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.4.1
with:
egress-policy: block
disable-sudo: true
allowed-endpoints: >
github.com:443
api.github.com:443
proxy.github.com:443
raw.githubusercontent.com:443
objects.githubusercontent.com:443
- name: checkout code
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
fetch-depth: 0
- name: setup go
uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
with:
go-version: ${{ matrix.go }}
- name: run unit-tests
run: go test -v ./...
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# `pcidb` - the Golang PCI DB library

[![Build Status](https://github.com/jaypipes/pcidb/actions/workflows/go.yml/badge.svg?branch=main)](https://github.com/jaypipes/pcidb/actions)
[![Build Status](https://github.com/jaypipes/pcidb/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/jaypipes/pcidb/actions)
[![Go Report Card](https://goreportcard.com/badge/github.com/jaypipes/pcidb)](https://goreportcard.com/report/github.com/jaypipes/pcidb)
[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-2.1-4baaaa.svg)](CODE_OF_CONDUCT.md)

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
module github.com/jaypipes/pcidb

go 1.17
go 1.21

require github.com/mitchellh/go-homedir v1.0.0

0 comments on commit 4330de5

Please sign in to comment.