Compare commits

...

6 Commits

Author SHA1 Message Date
Valentin Maerten
1ce604da1c ci(github): fold govulncheck into the CI workflow
Move the govulncheck job from security.yml into ci.yml and add it to
the ci-status gate so it shares the CI concurrency group and is covered
by the single required check. Drop the now-redundant security.yml.
2026-07-02 11:04:00 +02:00
Valentin Maerten
d1c1e079e9 ci(github): carry over action pinning and version bumps from main
Preserve security hardening and version updates that main applied to the
now-removed lint.yml/test.yml: pin actions by commit SHA, bump Go matrix
to 1.25.10/1.26.x, golangci-lint to v2.12.2, and add read-only
permissions.
2026-07-01 21:58:44 +02:00
Valentin Maerten
f4a062453c ci(github): use setup-task with output grouping for tests
Restore the --output group options for better GitHub Actions log
grouping, while keeping the separate build job for compilation check.
2026-07-01 21:56:46 +02:00
Valentin Maerten
13a35982de ci(github): merge build step into test job 2026-07-01 21:56:46 +02:00
Valentin Maerten
e8d6795432 ci(github): improve workflow structure and add build job 2026-07-01 21:56:46 +02:00
Valentin Maerten
9d5e8e4577 ci(github): consolidate test and lint into single workflow 2026-07-01 21:56:46 +02:00
4 changed files with 122 additions and 98 deletions

122
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,122 @@
name: CI
on:
pull_request:
push:
tags:
- v*
branches:
- main
concurrency:
group: ci-${{ github.head_ref || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: 🔨 Build (${{ matrix.go-version }})
strategy:
fail-fast: false
matrix:
go-version: [1.25.10, 1.26.x]
runs-on: ubuntu-latest
steps:
- name: 📥 Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: ⬇️ Setup Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{ matrix.go-version }}
- name: 🔨 Build
run: go build -v ./cmd/task
test:
name: 🧪 Test (${{ matrix.go-version }}, ${{ matrix.platform }})
strategy:
fail-fast: false
matrix:
go-version: [1.25.10, 1.26.x]
platform: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.platform }}
steps:
- name: 📥 Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: ⬇️ Setup Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{ matrix.go-version }}
- name: ⬇️ Setup Task
uses: go-task/setup-task@v1
- name: 🧪 Test
run: task test --output group --output-group-begin '::group::{{.TASK}}' --output-group-end '::endgroup::'
lint:
name: 🔍 Lint (${{ matrix.go-version }})
strategy:
fail-fast: false
matrix:
go-version: [1.25.10, 1.26.x]
runs-on: ubuntu-latest
steps:
- name: 📥 Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: ⬇️ Setup Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{ matrix.go-version }}
- name: 🔍 Lint
uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0
with:
version: v2.12.2
lint-jsonschema:
name: 📋 Lint JSON Schema
runs-on: ubuntu-latest
steps:
- name: 📥 Checkout
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: ⬇️ Setup Python
uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: 3.14
- name: ⬇️ Install check-jsonschema
run: python -m pip install 'check-jsonschema==0.27.3'
- name: 📋 Validate JSON Schema
run: check-jsonschema --check-metaschema website/src/public/schema.json
govulncheck:
name: 🛡️ Vulnerabilities
runs-on: ubuntu-latest
steps:
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
ci-status:
name: ✅ CI
runs-on: ubuntu-latest
needs: [build, test, lint, lint-jsonschema, govulncheck]
if: always()
steps:
- name: ✅ Check CI status
run: |
if [[ "${{ needs.build.result }}" != "success" ]] || \
[[ "${{ needs.test.result }}" != "success" ]] || \
[[ "${{ needs.lint.result }}" != "success" ]] || \
[[ "${{ needs.lint-jsonschema.result }}" != "success" ]] || \
[[ "${{ needs.govulncheck.result }}" != "success" ]]; then
echo "CI failed"
exit 1
fi
echo "CI passed"

View File

@@ -1,46 +0,0 @@
name: Lint
on:
pull_request:
push:
tags:
- v*
branches:
- main
permissions:
contents: read
jobs:
lint:
name: Lint
strategy:
matrix:
go-version: [1.25.10, 1.26.x]
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{matrix.go-version}}
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: golangci-lint
uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0
with:
version: v2.12.2
lint-jsonschema:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
with:
python-version: 3.14
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: install check-jsonschema
run: python -m pip install 'check-jsonschema==0.27.3'
- name: check-jsonschema (metaschema)
run: check-jsonschema --check-metaschema website/src/public/schema.json

View File

@@ -1,19 +0,0 @@
name: Security
on:
pull_request:
push:
tags:
- v*
branches:
- main
permissions:
contents: read
jobs:
govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4

View File

@@ -1,33 +0,0 @@
name: Test
on:
pull_request:
push:
tags:
- v*
branches:
- main
permissions:
contents: read
jobs:
test:
name: Test
strategy:
fail-fast: false
matrix:
go-version: [1.25.10, 1.26.x]
platform: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{matrix.platform}}
steps:
- name: Check out code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Set up Go ${{matrix.go-version}}
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version: ${{matrix.go-version}}
- name: Test
run: go run ./cmd/task test