diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 95b6f70..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Open a single PR each for go modules and GitHub actions -# for security related updates only on a weekly basis. -version: 2 -updates: - - package-ecosystem: gomod - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 0 - commit-message: - prefix: "go.mod:" - assignees: - - willnorris - groups: - all: - patterns: - - "*" - - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 0 - commit-message: - prefix: ".github:" - assignees: - - willnorris - groups: - all: - patterns: - - "*" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1943c20..34c450b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,3 +1,4 @@ +name: tests on: push: branches: @@ -5,48 +6,92 @@ on: pull_request: branches: - "**" + schedule: # daily at 07:30 UTC + - cron: "30 7 * * *" workflow_dispatch: -name: tests -env: - GO111MODULE: on - +permissions: + contents: read +concurrency: + group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} + cancel-in-progress: true jobs: test: strategy: + fail-fast: false matrix: - go-version: - # support the two most recent major go versions - - stable - - oldstable + go: + # test with the two most recent major go versions, + # as well as the minimum supported from go.mod. + - { go-version: stable } + - { go-version: oldstable } + - { go-version-file: go.mod } platform: [ubuntu-latest] include: - # minimum go version that works. This is not necessarily supported in - # any way, and will be bumped up without notice as needed. But it at - # least lets us know what go version should work. - - go-version: 1.23 - platform: ubuntu-latest - # include windows, but only with the latest Go version, since there # is very little in the library that is platform specific - - go-version: stable + - go: { go-version: stable } platform: windows-latest # only update test coverage stats with most recent go version on linux - - go-version: stable + - go: { go-version: stable } platform: ubuntu-latest update-coverage: true runs-on: ${{ matrix.platform }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0 + - uses: actions/checkout@v6 with: - go-version: ${{ matrix.go-version }} - + persist-credentials: false + - uses: actions/setup-go@v6 + with: + go-version: ${{ matrix.go.go-version }} + go-version-file: ${{ matrix.go.go-version-file }} - name: Run go test run: go test -v -race -coverprofile coverage.txt -covermode atomic ./... - - name: Upload coverage to Codecov if: ${{ matrix.update-coverage }} uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 + test-latest: + strategy: + fail-fast: false + matrix: + go: + - { go-version: stable } + - { go-version-file: go.mod } + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-go@v6 + with: + go-version: ${{ matrix.go.go-version }} + go-version-file: ${{ matrix.go.go-version-file }} + - uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1 + with: + run: | + go get -u -t ./... + go test -race ./... + staticcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-go@v6 + with: + go-version: stable + - uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1 + with: + run: go run honnef.co/go/tools/cmd/staticcheck@latest ./... + govulncheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + with: + persist-credentials: false + - uses: actions/setup-go@v6 + with: + go-version: stable + - uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1 + with: + run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...