Add package documentation for pkg.go.dev directories view (#14) #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Action Integration Test | |
| on: | |
| push: | |
| branches: [main] | |
| paths: | |
| - 'action.yml' | |
| - '.github/workflows/action-integration-test.yml' | |
| - 'cmd/**' | |
| - 'internal/**' | |
| pull_request: | |
| branches: [main] | |
| types: [opened, synchronize, reopened, labeled] | |
| permissions: | |
| contents: read | |
| jobs: | |
| changes: | |
| if: >- | |
| github.event_name == 'push' || | |
| github.event.action == 'opened' || | |
| contains(github.event.pull_request.labels.*.name, 'ok-to-test') | |
| runs-on: ubuntu-latest | |
| outputs: | |
| action: ${{ steps.filter.outputs.action }} | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - id: filter | |
| run: | | |
| if [ "${{ github.event_name }}" = "push" ]; then | |
| echo "action=true" >> "$GITHUB_OUTPUT" | |
| exit 0 | |
| fi | |
| BASE="${{ github.event.pull_request.base.sha }}" | |
| HEAD="${{ github.event.pull_request.head.sha }}" | |
| CHANGED=$(git diff --name-only "$BASE"..."$HEAD") | |
| if echo "$CHANGED" | grep -qE '^(action\.yml|cmd/|internal/|\.github/workflows/action-integration-test\.yml)'; then | |
| echo "action=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "action=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| test-action: | |
| needs: [changes] | |
| if: needs.changes.outputs.action == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Scan proof fixtures (advisory) | |
| id: advisory-scan | |
| uses: ./ | |
| with: | |
| path: testdata/proof | |
| fail-on: none | |
| format: sarif | |
| sarif-upload: 'false' | |
| - name: Verify advisory scan passed | |
| shell: bash | |
| run: | | |
| if [ "${{ steps.advisory-scan.outputs.exit-code }}" != "0" ]; then | |
| echo "::error::Expected exit code 0 for advisory scan, got ${{ steps.advisory-scan.outputs.exit-code }}" | |
| exit 1 | |
| fi | |
| - name: Scan proof fixtures (gated) | |
| id: gated-scan | |
| uses: ./ | |
| continue-on-error: true | |
| with: | |
| path: testdata/proof | |
| fail-on: low | |
| format: json | |
| sarif-upload: 'false' | |
| - name: Verify gated scan triggered policy failure | |
| shell: bash | |
| run: | | |
| if [ "${{ steps.gated-scan.outputs.exit-code }}" != "3" ]; then | |
| echo "::error::Expected exit code 3 for gated scan, got ${{ steps.gated-scan.outputs.exit-code }}" | |
| exit 1 | |
| fi | |
| - name: Verify JSON result file exists | |
| shell: bash | |
| run: | | |
| RESULT="${{ steps.gated-scan.outputs.result-file }}" | |
| if [ ! -f "${RESULT}" ]; then | |
| echo "::error::Result file not found: ${RESULT}" | |
| exit 1 | |
| fi | |
| if ! head -c 1 "${RESULT}" | grep -q '{'; then | |
| echo "::error::Result file does not appear to be JSON" | |
| exit 1 | |
| fi | |
| - name: Scan clean fixture | |
| id: clean-scan | |
| uses: ./ | |
| with: | |
| path: testdata/proof/clean-repo | |
| fail-on: low | |
| format: text | |
| sarif-upload: 'false' | |
| - name: Verify clean scan passed | |
| shell: bash | |
| run: | | |
| if [ "${{ steps.clean-scan.outputs.exit-code }}" != "0" ]; then | |
| echo "::error::Expected exit code 0 for clean scan, got ${{ steps.clean-scan.outputs.exit-code }}" | |
| exit 1 | |
| fi | |
| test-action-result: | |
| if: always() | |
| needs: [changes, test-action] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: | | |
| if [ "${{ needs.test-action.result }}" = "failure" ] || [ "${{ needs.changes.result }}" = "failure" ]; then | |
| exit 1 | |
| fi |