From dea6490495cfeea64fc85e00fa000d9388d60ab9 Mon Sep 17 00:00:00 2001 From: nscuro Date: Mon, 11 Apr 2022 19:57:29 +0200 Subject: [PATCH] build(actions): set permissions and timeouts Signed-off-by: nscuro --- .github/workflows/ci.yml | 81 +++++++++++++++++--------------- .github/workflows/goreleaser.yml | 51 +++++++++++--------- 2 files changed, 71 insertions(+), 61 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 94a217b..c1ca41d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,62 +3,67 @@ name: CI on: push: branches: - - master + - master pull_request: branches: - - master + - master + +permissions: { } jobs: licensecheck: name: License Check + timeout-minutes: 5 runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v3.0.0 - - name: Check license headers - uses: apache/skywalking-eyes@v0.2.0 - with: - config: .licenserc.yml + - name: Checkout Repository + uses: actions/checkout@v3.0.0 + - name: Check license headers + uses: apache/skywalking-eyes@v0.2.0 + with: + config: .licenserc.yml lint: name: Lint + timeout-minutes: 5 runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v3.0.0 - - name: Setup Go - uses: actions/setup-go@v3.0.0 - with: - go-version: "1.17" - check-latest: true - - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.1.0 - with: - version: latest + - name: Checkout Repository + uses: actions/checkout@v3.0.0 + - name: Setup Go + uses: actions/setup-go@v3.0.0 + with: + go-version: "1.17" + check-latest: true + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3.1.0 + with: + version: latest test: name: Test + timeout-minutes: 5 runs-on: ubuntu-latest strategy: matrix: go: - - "1.15" - - "1.16" - - "1.17" + - "1.15" + - "1.16" + - "1.17" steps: - - name: Setup Go - uses: actions/setup-go@v3.0.0 - with: - go-version: ${{ matrix.go }} - check-latest: true - - name: Setup CycloneDX CLI - run: | - mkdir -p "$HOME/.local/bin" - echo "$HOME/.local/bin" >> $GITHUB_PATH - wget -O "$HOME/.local/bin/cyclonedx" https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.22.0/cyclonedx-linux-x64 - echo "ae39404a9dc8b2e7be0a9559781ee9fe3492201d2629de139d702fd4535ffdd6 $HOME/.local/bin/cyclonedx" | sha256sum -c - chmod +x "$HOME/.local/bin/cyclonedx" - - name: Checkout Repository - uses: actions/checkout@v3.0.0 - - name: Test - run: make test + - name: Setup Go + uses: actions/setup-go@v3.0.0 + with: + go-version: ${{ matrix.go }} + check-latest: true + - name: Setup CycloneDX CLI + run: | + mkdir -p "$HOME/.local/bin" + echo "$HOME/.local/bin" >> $GITHUB_PATH + wget -O "$HOME/.local/bin/cyclonedx" https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.22.0/cyclonedx-linux-x64 + echo "ae39404a9dc8b2e7be0a9559781ee9fe3492201d2629de139d702fd4535ffdd6 $HOME/.local/bin/cyclonedx" | sha256sum -c + chmod +x "$HOME/.local/bin/cyclonedx" + - name: Checkout Repository + uses: actions/checkout@v3.0.0 + - name: Test + run: make test diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml index 3a89868..e5ed896 100644 --- a/.github/workflows/goreleaser.yml +++ b/.github/workflows/goreleaser.yml @@ -1,32 +1,37 @@ -name: goreleaser +name: GoReleaser on: push: tags: - - 'v*' + - 'v*' + +permissions: + contents: write jobs: goreleaser: + name: Release + timeout-minutes: 5 runs-on: ubuntu-latest steps: - - name: Checkout Repository - uses: actions/checkout@v3.0.0 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v3.0.0 - with: - go-version: "1.17" - check-latest: true - - name: Generate SBOM - uses: CycloneDX/gh-gomod-generate-sbom@v1 - with: - version: v1 - args: mod -licenses -json -output bom.json -type library -verbose - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 - with: - version: latest - args: release --rm-dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout Repository + uses: actions/checkout@v3.0.0 + with: + fetch-depth: 0 + - name: Setup Go + uses: actions/setup-go@v3.0.0 + with: + go-version: "1.17" + check-latest: true + - name: Generate SBOM + uses: CycloneDX/gh-gomod-generate-sbom@v1 + with: + version: v1 + args: mod -licenses -json -output bom.json -type library -verbose + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}