From af9070cf42f389c1ce3f07ac8a1536714cd59ee9 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:25:47 +0200 Subject: [PATCH 01/14] add dependency review --- .github/workflows/dependency-review.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..2092c52 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,24 @@ +# This file adheres to the YAML5 style. +{ + "name": "Go", + "on": ["push", "pull_request"], + "permissions": { + "contents": "read", + }, + "jobs": { + "dependence-review": { + "name": "Dependence Review", + "runs-on": "ubuntu-latest", + "steps": [ + { + "name": "Checkout repository", + "uses": "actions/checkout@v4" + }, + { + "name": "Dependency Review", + "uses": "actions/dependency-review-action@v4" + }, + ], + }, + }, +} From f99e4d6f1165fb9208feb1e27014a0eacca53f08 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:28:20 +0200 Subject: [PATCH 02/14] try fix dependency review --- .github/workflows/dependency-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 2092c52..9c9221d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,6 +1,6 @@ # This file adheres to the YAML5 style. { - "name": "Go", + "name": "Dependence Review", "on": ["push", "pull_request"], "permissions": { "contents": "read", @@ -16,7 +16,7 @@ }, { "name": "Dependency Review", - "uses": "actions/dependency-review-action@v4" + "uses": "actions/dependency-review-action@v3" }, ], }, From aa0668c3138434d5daab139bbd9c41bf04a0b9d8 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:30:58 +0200 Subject: [PATCH 03/14] try fix dependency review again --- .github/workflows/dependency-review.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 9c9221d..f9c5e00 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -1,7 +1,7 @@ # This file adheres to the YAML5 style. { "name": "Dependence Review", - "on": ["push", "pull_request"], + "on": ["pull_request"], "permissions": { "contents": "read", }, @@ -16,7 +16,7 @@ }, { "name": "Dependency Review", - "uses": "actions/dependency-review-action@v3" + "uses": "actions/dependency-review-action@v4" }, ], }, From 49d621dcac28d4495b7561f0fadc06bb2792d3c8 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:32:54 +0200 Subject: [PATCH 04/14] add badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 94ebf4c..ad8df56 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![GoDoc](https://pkg.go.dev/badge/github.com/quasilyte/go-consistent)](http://pkg.go.dev/github.com/quasilyte/go-consistent) [![Go](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/quasilyte/go-consistent)](https://goreportcard.com/report/github.com/quasilyte/go-consistent) +[![Dependency Review](https://github.com/quasilyte/go-consistent/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/dependency-review.yml) [![License](https://img.shields.io/github/license/quasilyte/go-consistent)](./LICENSE) Source code analyzer that helps you to make your Go programs more consistent. From cd3812744ef70b5af2ae3bda46ee3f631709ef41 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:37:42 +0200 Subject: [PATCH 05/14] fix warning about setup go cache, see https://github.com/actions/setup-go/blob/6c1fd22b67f7a7c42ad9a45c0f4197434035e429/docs/adrs/0000-caching-dependencies.md#example-of-real-use-cases --- .github/workflows/go.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 15007e3..9ef1e56 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -17,6 +17,8 @@ "uses": "actions/setup-go@v5", "with": {"go-version": "${{ matrix.go }}" }, "id": "go", + "cache": "true", + "cache-dependency-path": "**/go.sum", }, {"name": "Check out code into the Go module directory", "uses": "actions/checkout@v4"}, {"name": "Lint", "run": "make lint"}, @@ -24,4 +26,4 @@ ], }, }, -} \ No newline at end of file +} From 1c4ebfc418dae0d35ee005eb4700b11836bc41d6 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:40:24 +0200 Subject: [PATCH 06/14] remove option cache --- .github/workflows/go.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 9ef1e56..cda31d7 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -17,7 +17,6 @@ "uses": "actions/setup-go@v5", "with": {"go-version": "${{ matrix.go }}" }, "id": "go", - "cache": "true", "cache-dependency-path": "**/go.sum", }, {"name": "Check out code into the Go module directory", "uses": "actions/checkout@v4"}, From 2acd9101150c37e59203f924245e5769391a5f93 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 16:41:49 +0200 Subject: [PATCH 07/14] fix cache directive --- .github/workflows/go.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index cda31d7..4f7fb3b 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,9 +15,12 @@ { "name": "Set up Go ${{ matrix.go }}", "uses": "actions/setup-go@v5", - "with": {"go-version": "${{ matrix.go }}" }, + "with": { + "go-version": "${{ matrix.go }}", + "cache": true, + "cache-dependency-path": "**/go.sum", + }, "id": "go", - "cache-dependency-path": "**/go.sum", }, {"name": "Check out code into the Go module directory", "uses": "actions/checkout@v4"}, {"name": "Lint", "run": "make lint"}, From 4b473320f8ac50f3212751abff4eb00b4e241c26 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:06:38 +0200 Subject: [PATCH 08/14] rename file --- .github/workflows/{dependency-review.yml => govulncheck.yml} | 0 README.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{dependency-review.yml => govulncheck.yml} (100%) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/govulncheck.yml similarity index 100% rename from .github/workflows/dependency-review.yml rename to .github/workflows/govulncheck.yml diff --git a/README.md b/README.md index ad8df56..3010937 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![GoDoc](https://pkg.go.dev/badge/github.com/quasilyte/go-consistent)](http://pkg.go.dev/github.com/quasilyte/go-consistent) [![Go](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/quasilyte/go-consistent)](https://goreportcard.com/report/github.com/quasilyte/go-consistent) -[![Dependency Review](https://github.com/quasilyte/go-consistent/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/dependency-review.yml) +[![Dependency Review](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml) [![License](https://img.shields.io/github/license/quasilyte/go-consistent)](./LICENSE) Source code analyzer that helps you to make your Go programs more consistent. From 79b6968dd50a7cfa117cea59a664ae858dba456a Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:11:40 +0200 Subject: [PATCH 09/14] change action to govulncheck --- .github/workflows/govulncheck.yml | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index f9c5e00..dc3cb2b 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -1,22 +1,19 @@ # This file adheres to the YAML5 style. { - "name": "Dependence Review", + "name": "Go vulnerability check", "on": ["pull_request"], - "permissions": { - "contents": "read", - }, "jobs": { - "dependence-review": { - "name": "Dependence Review", + "govulncheck_job": { + "name": "Run govulncheck", "runs-on": "ubuntu-latest", "steps": [ { - "name": "Checkout repository", - "uses": "actions/checkout@v4" - }, - { - "name": "Dependency Review", - "uses": "actions/dependency-review-action@v4" + "id": "govulncheck" + "name": "golang-govulncheck-action", + "uses": "golang/govulncheck-action@v1", + "with": { + "go-package": "./...", + }, }, ], }, From a53b9e29bae54a9d642eb278f154db8331fe4a4b Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:12:55 +0200 Subject: [PATCH 10/14] fix yaml --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index dc3cb2b..f31c532 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -8,7 +8,7 @@ "runs-on": "ubuntu-latest", "steps": [ { - "id": "govulncheck" + "id": "govulncheck", "name": "golang-govulncheck-action", "uses": "golang/govulncheck-action@v1", "with": { From 9a1367f9225170b34e2640bc5cf1e585868f9944 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:15:01 +0200 Subject: [PATCH 11/14] try again --- .github/workflows/govulncheck.yml | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 .github/workflows/govulncheck.yml diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml deleted file mode 100644 index f31c532..0000000 --- a/.github/workflows/govulncheck.yml +++ /dev/null @@ -1,21 +0,0 @@ -# This file adheres to the YAML5 style. -{ - "name": "Go vulnerability check", - "on": ["pull_request"], - "jobs": { - "govulncheck_job": { - "name": "Run govulncheck", - "runs-on": "ubuntu-latest", - "steps": [ - { - "id": "govulncheck", - "name": "golang-govulncheck-action", - "uses": "golang/govulncheck-action@v1", - "with": { - "go-package": "./...", - }, - }, - ], - }, - }, -} From 5b883f99aced0232d77d052b4346f875e2ad3833 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:17:54 +0200 Subject: [PATCH 12/14] try again --- .github/workflows/govulncheck.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .github/workflows/govulncheck.yml diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml new file mode 100644 index 0000000..488ed5c --- /dev/null +++ b/.github/workflows/govulncheck.yml @@ -0,0 +1,17 @@ +# This file adheres to the YAML5 style. +{ + "name": "Go Vulnerability Check", + "on": ["push"], + "jobs": { + "govulncheck_job": { + "name": "Run govulncheck", + "runs-on": "ubuntu-latest", + "steps": [ + { + "uses": "actions/govulncheck-action@v1", + "id": "govulncheck", + }, + ], + }, + }, +} From f91aeb845a0d668e830fb193ac9ab57b1b45f1aa Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:18:41 +0200 Subject: [PATCH 13/14] fix repo --- .github/workflows/govulncheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml index 488ed5c..9aa47f9 100644 --- a/.github/workflows/govulncheck.yml +++ b/.github/workflows/govulncheck.yml @@ -8,7 +8,7 @@ "runs-on": "ubuntu-latest", "steps": [ { - "uses": "actions/govulncheck-action@v1", + "uses": "golang/govulncheck-action@v1", "id": "govulncheck", }, ], From 99a70809bd52fecdafea0d6461d40432fabb2307 Mon Sep 17 00:00:00 2001 From: Tiago Peczenyj Date: Thu, 18 Apr 2024 18:20:21 +0200 Subject: [PATCH 14/14] fix readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3010937..31709f8 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ [![GoDoc](https://pkg.go.dev/badge/github.com/quasilyte/go-consistent)](http://pkg.go.dev/github.com/quasilyte/go-consistent) [![Go](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/go.yml) [![Go Report Card](https://goreportcard.com/badge/github.com/quasilyte/go-consistent)](https://goreportcard.com/report/github.com/quasilyte/go-consistent) -[![Dependency Review](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml) +[![Go Vulnerability Check](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml/badge.svg)](https://github.com/quasilyte/go-consistent/actions/workflows/govulncheck.yml) [![License](https://img.shields.io/github/license/quasilyte/go-consistent)](./LICENSE) Source code analyzer that helps you to make your Go programs more consistent.