Add package documentation for pkg.go.dev directories view #18
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened, labeled] | |
| permissions: | |
| contents: read | |
| jobs: | |
| test: | |
| if: >- | |
| github.event_name == 'push' || | |
| github.event.action == 'opened' || | |
| contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| - name: Format check and vet | |
| run: make check | |
| - name: Lint (golangci-lint) | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.1 | |
| - name: Validate built-in rules | |
| run: make validate-rules | |
| - name: Verify rulepack signatures | |
| run: | | |
| PUBKEY=rulepacks/signing/rulepack-signing.pub.pem | |
| FAIL=0 | |
| for sig in $(find rulepacks/campaigns -name '*.json.sig'); do | |
| pack="${sig%.sig}" | |
| if ! go run ./cmd/skeptic verify-rulepack --public-key "$PUBKEY" --rules-file "$pack"; then | |
| echo "::error::Signature verification failed: $pack" | |
| FAIL=1 | |
| fi | |
| done | |
| if [ "$FAIL" -eq 1 ]; then exit 1; fi | |
| - name: Validate rulepack corpus tests | |
| run: make validate-rulepacks | |
| - name: Unit tests (race detector) | |
| run: make test-race | |
| - name: Integration tests | |
| run: make integration | |
| - name: Coverage gate | |
| run: make coverage-check | |
| - name: Benchmarks | |
| run: make bench-save | |
| - name: Upload benchmark results | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: skeptic-bench-${{ matrix.os }} | |
| path: bench-results.txt | |
| retention-days: 30 | |
| - name: Self-scan (SARIF) | |
| if: always() | |
| run: go run ./cmd/skeptic --path . --format sarif > skeptic-results.sarif 2>/dev/null || true | |
| - name: Upload SARIF artifact | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 | |
| with: | |
| name: skeptic-sarif-${{ matrix.os }} | |
| path: skeptic-results.sarif | |
| retention-days: 30 |