[StepSecurity] Apply security best practices #272

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- master
	pull_request:

	env:
	go_version: 1.16
	GO111MODULE: on
	COVERALLS_TOKEN: ${{ secrets.COVERALLS_TOKEN }}

	permissions:
	contents: read

	jobs:
	Build:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1
	with:
	go-version: ${{ env.go_version }}
	- run: make build
	Test:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1
	with:
	go-version: ${{ env.go_version }}
	- run: make test
	Lint:
	permissions:
	contents: read # for actions/checkout to fetch code
	pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1
	with:
	go-version: ${{ env.go_version }}
	- uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
	with:
	version: latest
	args: --timeout 3m

	Check-License:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	version: latest
	- uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1
	with:
	go-version: ${{ env.go_version }}
	- run: make check-license

	Check-format:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	version: latest
	- run: make check-format

	Coverage:
	runs-on: ubuntu-latest
	steps:
	- name: Harden the runner (Audit all outbound calls)
	uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	version: latest
	- uses: actions/setup-go@be3c94b385c4f180051c996d336f57a34c397495 # v3.6.1
	with:
	go-version: ${{ env.go_version }}
	- run: make test-cover COVERALLS_TOKEN="$COVERALLS_TOKEN"

	# Salus:
	# runs-on: ubuntu-latest
	# steps:
	# - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	# with:
	# version: latest
	# - run: make salus

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[StepSecurity] Apply security best practices #272

Workflow file

[StepSecurity] Apply security best practices #272

Uh oh!

Workflow file for this run