mirror of
https://github.com/caddyserver/caddy.git
synced 2025-07-09 03:04:57 -04:00
2f0fc62b34
Some checks failed
Tests / test (./cmd/caddy/caddy, ~1.24.1, ubuntu-latest, 0, 1.24, linux) (push) Failing after 3m9s
Tests / test (s390x on IBM Z) (push) Has been skipped
Tests / goreleaser-check (push) Has been skipped
Cross-Build / build (~1.24.1, 1.24, aix) (push) Successful in 1m37s
Cross-Build / build (~1.24.1, 1.24, darwin) (push) Successful in 1m32s
Cross-Build / build (~1.24.1, 1.24, dragonfly) (push) Successful in 1m42s
Cross-Build / build (~1.24.1, 1.24, freebsd) (push) Successful in 1m47s
Cross-Build / build (~1.24.1, 1.24, illumos) (push) Successful in 1m44s
Cross-Build / build (~1.24.1, 1.24, linux) (push) Successful in 1m46s
Cross-Build / build (~1.24.1, 1.24, netbsd) (push) Successful in 1m32s
Cross-Build / build (~1.24.1, 1.24, openbsd) (push) Successful in 1m27s
Cross-Build / build (~1.24.1, 1.24, solaris) (push) Successful in 1m26s
Cross-Build / build (~1.24.1, 1.24, windows) (push) Successful in 1m30s
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m18s
Lint / govulncheck (push) Successful in 1m24s
Lint / dependency-review (push) Failing after 1m1s
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 2s
Tests / test (./cmd/caddy/caddy, ~1.24.1, macos-14, 0, 1.24, mac) (push) Has been cancelled
Tests / test (./cmd/caddy/caddy.exe, ~1.24.1, windows-latest, True, 1.24, windows) (push) Has been cancelled
Lint / lint (macos-14, mac) (push) Has been cancelled
Lint / lint (windows-latest, windows) (push) Has been cancelled
* chore: apply security best practices for CI Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * remove redundant codeql job Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> * run scorecard flow on PRs Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com> --------- Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
106 lines
3.0 KiB
YAML
106 lines
3.0 KiB
YAML
name: Lint
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
pull_request:
|
|
branches:
|
|
- master
|
|
- 2.*
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
env:
|
|
# https://github.com/actions/setup-go/issues/491
|
|
GOTOOLCHAIN: local
|
|
|
|
jobs:
|
|
# From https://github.com/golangci/golangci-lint-action
|
|
golangci:
|
|
permissions:
|
|
contents: read # for actions/checkout to fetch code
|
|
pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
|
|
name: lint
|
|
strategy:
|
|
matrix:
|
|
os:
|
|
- linux
|
|
- mac
|
|
- windows
|
|
|
|
include:
|
|
- os: linux
|
|
OS_LABEL: ubuntu-latest
|
|
|
|
- os: mac
|
|
OS_LABEL: macos-14
|
|
|
|
- os: windows
|
|
OS_LABEL: windows-latest
|
|
|
|
runs-on: ${{ matrix.OS_LABEL }}
|
|
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
|
|
with:
|
|
go-version: '~1.24'
|
|
check-latest: true
|
|
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
|
|
with:
|
|
version: latest
|
|
|
|
# Windows times out frequently after about 5m50s if we don't set a longer timeout.
|
|
args: --timeout 10m
|
|
|
|
# Optional: show only new issues if it's a pull request. The default value is `false`.
|
|
# only-new-issues: true
|
|
|
|
govulncheck:
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: govulncheck
|
|
uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
|
|
with:
|
|
go-version-input: '~1.24.1'
|
|
check-latest: true
|
|
|
|
dependency-review:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: 'Checkout Repository'
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- name: 'Dependency Review'
|
|
uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
|
|
with:
|
|
comment-summary-in-pr: on-failure
|
|
# https://github.com/actions/dependency-review-action/issues/430#issuecomment-1468975566
|
|
base-ref: ${{ github.event.pull_request.base.sha || 'master' }}
|
|
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
|