| # Copyright 2023 The Shac Authors |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| on: [push, pull_request] |
| name: Run tests |
| jobs: |
| # Runs go test both with code coverage sent to codecov, race detector and |
| # benchmarks. At the end do a quick check to ensure the tests to not leave |
| # files in the tree. |
| test: |
| name: "test: go${{matrix.gover}}.x/${{matrix.os}}" |
| runs-on: "${{matrix.os}}" |
| continue-on-error: true |
| defaults: |
| run: |
| shell: bash |
| strategy: |
| fail-fast: false |
| matrix: |
| os: [ubuntu-latest, macos-latest, windows-latest] |
| # Do not forget to bump every 6 months! |
| gover: ["1.21"] |
| env: |
| PYTHONDONTWRITEBYTECODE: x |
| steps: |
| - name: Turn off git core.autocrlf |
| if: matrix.os == 'windows-latest' |
| run: git config --global core.autocrlf false |
| - uses: actions/checkout@v3 |
| with: |
| fetch-depth: 2 |
| - uses: actions/setup-go@v4 |
| with: |
| go-version: "~${{matrix.gover}}.0" |
| - name: 'go install necessary tools' |
| if: always() |
| run: | |
| go install github.com/maruel/pat/cmd/ba@latest |
| - name: 'Check: go test -cover' |
| if: always() |
| run: go test -timeout=5m -covermode=count -coverprofile coverage.txt -bench=. -benchtime=1x ./... |
| # Don't send code coverage if anything failed to reduce spam. |
| - uses: codecov/codecov-action@v3 |
| - name: 'Cleanup' |
| if: always() |
| run: rm coverage.txt |
| - name: 'Check: go test -race' |
| run: go test -timeout=5m -race -bench=. -benchtime=1x ./... |
| - name: 'Check: benchmark 📈' |
| run: ba -against HEAD~1 |
| - name: 'Check: go test -short (CGO_ENABLED=0)' |
| env: |
| CGO_ENABLED: 0 |
| run: go test -timeout=5m -short -bench=. -benchtime=1x ./... |
| - name: 'Check: go test -short (32 bits)' |
| if: matrix.os != 'macos-latest' |
| env: |
| GOARCH: 386 |
| run: go test -timeout=5m -short -bench=. -benchtime=1x ./... |
| - name: 'Install shac' |
| if: always() |
| run: go install . |
| - name: 'Check: shac check' |
| if: always() |
| run: shac check |
| - name: "Check: tree is clean" |
| if: always() |
| run: | |
| # Nothing should have changed in the tree up to that point and no |
| # unsuspected file was created. |
| # TODO(olivernewman): Add --ignored flag once go tools are installed |
| # outside the checkout instead of in the .tools directory. |
| TOUCHED=$(git status --porcelain) |
| if ! test -z "$TOUCHED"; then |
| echo "Oops, something touched these files, please cleanup:" |
| echo "$TOUCHED" |
| git diff |
| false |
| fi |
| |
| |
| # Run linters. This workflow can be merged with the test_all one if desired |
| # to cut on runtime, at the cost of latency. I dislike waiting for results |
| # so I prefer to run them in parallel. |
| lint: |
| name: "lint: go${{matrix.gover}}.x/${{matrix.os}}" |
| runs-on: "${{matrix.os}}" |
| continue-on-error: true |
| defaults: |
| run: |
| shell: bash |
| strategy: |
| fail-fast: false |
| matrix: |
| # You may want to run only on linux to save on cost. Projects with |
| # OS-specific code benefits from explicitly linting on macOS and |
| # Windows. |
| os: [ubuntu-latest, macos-latest, windows-latest] |
| # Do not forget to bump every 6 months! |
| gover: ["1.21"] |
| env: |
| PYTHONDONTWRITEBYTECODE: x |
| steps: |
| - name: Turn off git core.autocrlf |
| if: matrix.os == 'windows-latest' |
| run: git config --global core.autocrlf false |
| - uses: actions/checkout@v3 |
| - uses: actions/setup-go@v4 |
| with: |
| go-version: "~${{matrix.gover}}.0" |
| - name: "Debug" |
| run: | |
| echo HOME = $HOME |
| echo GITHUB_WORKSPACE = $GITHUB_WORKSPACE |
| echo PATH = $PATH |
| echo "" |
| echo $ ls -l $HOME/go/bin |
| ls -la $HOME/go/bin |
| - name: Install protoc |
| # See https://github.com/arduino/setup-protoc/issues/33 |
| if: ${{ false }} |
| uses: arduino/setup-protoc@v1 |
| with: |
| version: '21.12' |
| - name: 'go install necessary tools (ubuntu)' |
| if: always() && matrix.os == 'ubuntu-latest' |
| run: | |
| go install github.com/client9/misspell/cmd/misspell@latest |
| go install github.com/google/addlicense@latest |
| - name: 'Check: go vet' |
| if: always() |
| run: go vet -unsafeptr=false ./... |
| # run them on ubuntu-latest since it's the fastest one. |
| - name: 'Check: no executable was committed (ubuntu)' |
| if: always() && matrix.os == 'ubuntu-latest' |
| run: | |
| if find . -path '*.sh' -prune -o \ |
| -path ./.git -prune -o \ |
| -path './internal/sandbox/nsjail-linux-*' -prune -o \ |
| -type f -executable -print | grep -e . ; then |
| echo 'Do not commit executables beside shell scripts' |
| false |
| fi |
| - name: 'Check: addlicense; all sources have a license header (ubuntu)' |
| if: always() && matrix.os == 'ubuntu-latest' |
| run: addlicense -check -ignore 'vendor/**' . |
| - name: "Check: misspelling; code doesn't contain misspelling (ubuntu)" |
| if: always() && matrix.os == 'ubuntu-latest' |
| run: | |
| ERR=$(find . -type f | grep -v vendor/ | xargs misspell) |
| if ! test -z "$ERR"; then |
| echo "$ERR" |
| echo "## âš misspell Failed" >> ../_comments.txt |
| echo "" >> ../_comments.txt |
| echo "$ERR" >> ../_comments.txt |
| echo "" >> ../_comments.txt |
| false |
| fi |
| - name: 'Send comments' |
| if: failure() |
| run: | |
| if [ -f ../_comments.txt ]; then |
| URL="${{github.event.issue.pull_request.url}}" |
| if test -z "$URL"; then |
| URL="${{github.api_url}}/repos/${{github.repository}}/commits/${{github.sha}}/comments" |
| fi |
| echo "Sending $(cat ../_comments.txt|wc -l) lines of comments to ${URL}" |
| curl -sS --request POST \ |
| --header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \ |
| --header "Content-Type: application/json" \ |
| --data "$(cat ../_comments.txt | jq -R --slurp '{body: .}')" \ |
| "${URL}" > /dev/null |
| rm ../_comments.txt |
| fi |
| - name: "Check: go generate doesn't modify files" |
| # See https://github.com/arduino/setup-protoc/issues/33 |
| if: ${{ false }} |
| #if: always() |
| run: | |
| go generate ./... |
| # Also test for untracked files. go generate should not generate ignored |
| # files either. |
| TOUCHED=$(git status --porcelain --ignored) |
| if ! test -z "$TOUCHED"; then |
| echo "go generate created these files, please fix:" |
| echo "$TOUCHED" |
| false |
| fi |
| - name: "Check: go mod tidy doesn't modify files" |
| if: always() |
| run: | |
| go mod tidy |
| TOUCHED=$(git status --porcelain --ignored) |
| if ! test -z "$TOUCHED"; then |
| echo "go mod tidy was not clean, please update:" |
| git diff |
| false |
| fi |
| |
| |
| codeql: |
| name: "codeql: go${{matrix.gover}}.x/${{matrix.os}}" |
| runs-on: "${{matrix.os}}" |
| continue-on-error: true |
| strategy: |
| fail-fast: false |
| matrix: |
| os: [ubuntu-latest] |
| # Do not forget to bump every 6 months! |
| gover: ["1.21"] |
| permissions: |
| security-events: write |
| steps: |
| - uses: actions/checkout@v3 |
| - uses: actions/setup-go@v4 |
| with: |
| go-version: "~${{matrix.gover}}.0" |
| - name: Initialize CodeQL |
| uses: github/codeql-action/init@v2 |
| with: |
| languages: go |
| - name: Autobuild |
| uses: github/codeql-action/autobuild@v2 |
| - name: Perform CodeQL Analysis |
| uses: github/codeql-action/analyze@v2 |