apunkt/imageproxy
1
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2026-05-29 22:05:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

.github: replace dependabot with daily test and govulncheck

Browse source 
Trying out Filippo's recommendation from
https://words.filippo.io/dependabot/
This commit is contained in:
Will Norris 2026-03-30 09:12:47 -07:00
parent 69ec880864
commit 080f5d05f1
2 changed files with 68 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

31
.github/dependabot.yml vendored
View file

@ -1,31 +0,0 @@
# Open a single PR each for go modules and GitHub actions
# for security related updates only on a weekly basis.
version: 2
updates:
- package-ecosystem: gomod
directory: "/"
schedule:
interval: weekly
open-pull-requests-limit: 0
commit-message:
prefix: "go.mod:"
assignees:
- willnorris
groups:
all:
patterns:
- "*"
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: weekly
open-pull-requests-limit: 0
commit-message:
prefix: ".github:"
assignees:
- willnorris
groups:
all:
patterns:
- "*"

91
.github/workflows/tests.yml vendored
View file

@ -1,3 +1,4 @@
name: tests
on: on:
push: push:
branches: branches:
@ -5,48 +6,92 @@ on:
pull_request: pull_request:
branches: branches:
- "**" - "**"
schedule: # daily at 07:30 UTC
- cron: "30 7 * * *"
workflow_dispatch: workflow_dispatch:
name: tests permissions:
env: contents: read
GO111MODULE: on concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs: jobs:
test: test:
strategy: strategy:
fail-fast: false
matrix: matrix:
go-version: go:
# support the two most recent major go versions # test with the two most recent major go versions,
- stable # as well as the minimum supported from go.mod.
- oldstable - { go-version: stable }
- { go-version: oldstable }
- { go-version-file: go.mod }
platform: [ubuntu-latest] platform: [ubuntu-latest]
include: include:
# minimum go version that works. This is not necessarily supported in
# any way, and will be bumped up without notice as needed. But it at
# least lets us know what go version should work.
- go-version: 1.23
platform: ubuntu-latest
# include windows, but only with the latest Go version, since there # include windows, but only with the latest Go version, since there
# is very little in the library that is platform specific # is very little in the library that is platform specific
- go-version: stable - go: { go-version: stable }
platform: windows-latest platform: windows-latest
# only update test coverage stats with most recent go version on linux # only update test coverage stats with most recent go version on linux
- go-version: stable - go: { go-version: stable }
platform: ubuntu-latest platform: ubuntu-latest
update-coverage: true update-coverage: true
runs-on: ${{ matrix.platform }} runs-on: ${{ matrix.platform }}
steps: steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: actions/checkout@v6
- uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with: with:
go-version: ${{ matrix.go-version }} persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ matrix.go.go-version }}
go-version-file: ${{ matrix.go.go-version-file }}
- name: Run go test - name: Run go test
run: go test -v -race -coverprofile coverage.txt -covermode atomic ./... run: go test -v -race -coverprofile coverage.txt -covermode atomic ./...
- name: Upload coverage to Codecov - name: Upload coverage to Codecov
if: ${{ matrix.update-coverage }} if: ${{ matrix.update-coverage }}
uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2 uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
test-latest:
strategy:
fail-fast: false
matrix:
go:
- { go-version: stable }
- { go-version-file: go.mod }
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: ${{ matrix.go.go-version }}
go-version-file: ${{ matrix.go.go-version-file }}
- uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1
with:
run: |
go get -u -t ./...
go test -race ./...
staticcheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: stable
- uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1
with:
run: go run honnef.co/go/tools/cmd/staticcheck@latest ./...
govulncheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: actions/setup-go@v6
with:
go-version: stable
- uses: geomys/sandboxed-step@7d75eb49d17fdeeb3656b3a57d35932d205bcfb9 # v1.2.1
with:
run: go run golang.org/x/vuln/cmd/govulncheck@latest ./...