Skip to content

Commit

Permalink
ci: Follow OpenSSF best practices (#124)
Browse files Browse the repository at this point in the history
  • Loading branch information
bodgit authored Nov 7, 2023
1 parent d362ed8 commit 894d188
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 10 deletions.
21 changes: 16 additions & 5 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ on:
schedule:
- cron: 0 0 * * 1

permissions:
contents: read

jobs:
test:
name: Build and Test
Expand All @@ -21,17 +24,22 @@ jobs:
- '1.19'
- '1.20'

permissions:
checks: write
contents: read
pull-requests: read

steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

- name: Set up Go
uses: actions/setup-go@v4
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: ${{ matrix.go }}

- name: golangci-lint
uses: golangci/golangci-lint-action@v3
uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0
if: github.event_name == 'pull_request'
with:
only-new-issues: true
Expand All @@ -40,7 +48,7 @@ jobs:
run: go test -v -coverprofile=cover.out ./...

- name: Send coverage
uses: shogo82148/actions-goveralls@v1
uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0
with:
path-to-profile: cover.out
flag-name: Go-${{ matrix.go }}
Expand All @@ -50,7 +58,10 @@ jobs:
needs: test
runs-on: ubuntu-latest

permissions:
checks: write

steps:
- uses: shogo82148/actions-goveralls@v1
- uses: shogo82148/actions-goveralls@7b1bd2871942af030d707d6574e5f684f9891fb2 # v1.8.0
with:
parallel-finished: true
9 changes: 6 additions & 3 deletions .github/workflows/pr-lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
- edited
- synchronize

permissions:
contents: read

jobs:
main:
name: Validate PR title
Expand All @@ -16,12 +19,12 @@ jobs:
pull-requests: write

steps:
- uses: amannn/action-semantic-pull-request@v5
- uses: amannn/action-semantic-pull-request@c3cd5d1ea3580753008872425915e343e351ab54 # v5.2.0
id: lint_pr_title
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- uses: marocchino/sticky-pull-request-comment@v2
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: always() && steps.lint_pr_title.outputs.error_message != null
with:
header: pr-title-lint-error
Expand All @@ -36,7 +39,7 @@ jobs:
${{ steps.lint_pr_title.outputs.error_message }}
```
- uses: marocchino/sticky-pull-request-comment@v2
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: steps.lint_pr_title.outputs.error_message == null
with:
header: pr-title-lint-error
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,16 @@ on:
branches:
- main

permissions:
contents: read

jobs:
release-please:
runs-on: ubuntu-latest

steps:
- name: Run release-please
uses: google-github-actions/release-please-action@v3
uses: google-github-actions/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3.7.13
with:
command: manifest
token: ${{ secrets.RELEASE_TOKEN }}
18 changes: 18 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace
- repo: https://github.com/commitizen-tools/commitizen
rev: v3.5.3
hooks:
- id: commitizen
- repo: https://github.com/golangci/golangci-lint
rev: v1.54.1
hooks:
- id: golangci-lint
- repo: https://github.com/gitleaks/gitleaks
rev: v8.18.0
hooks:
- id: gitleaks
1 change: 0 additions & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,3 @@ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/bodgit/sevenzip/badge)](https://securityscorecards.dev/viewer/?uri=github.com/bodgit/sevenzip)
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6882/badge)](https://www.bestpractices.dev/projects/6882)
[![GitHub release](https://img.shields.io/github/v/release/bodgit/sevenzip)](https://github.com/bodgit/sevenzip/releases)
[![Build Status](https://img.shields.io/github/actions/workflow/status/bodgit/sevenzip/build.yml?branch=main)](https://github.com/bodgit/sevenzip/actions?query=workflow%3ABuild)
[![Coverage Status](https://coveralls.io/repos/github/bodgit/sevenzip/badge.svg?branch=master)](https://coveralls.io/github/bodgit/sevenzip?branch=master)
Expand Down

0 comments on commit 894d188

Please sign in to comment.