-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updating github action workflows (#169)
<!-- For Work In Progress Pull Requests, please use the Draft PR feature, see https://github.blog/2019-02-14-introducing-draft-pull-requests/ for further details. For a timely review/response, please avoid force-pushing additional commits if your PR already received reviews or comments. Before submitting a Pull Request, please ensure that you have: - 📖 Read the Contributing guide: https://github.com/gorilla/.github/blob/main/CONTRIBUTING.md - 📖 Read the Code of Conduct: https://github.com/gorilla/.github/blob/main/CODE_OF_CONDUCT.md - Provide tests for your changes. - Use descriptive commit messages. - Comment your code where appropriate. - Squash your commits - Update any related documentation. - Add gorilla/pull-request-reviewers as a Reviewer --> ## What type of PR is this? (check all applicable) - [x] Refactor - [ ] Feature - [ ] Bug Fix - [ ] Optimization - [ ] Documentation Update - [ ] Go Version Update - [ ] Dependency Update ## Description ## Related Tickets & Documents <!-- For pull requests that relate or close an issue, please include them below. We like to follow [Github's guidance on linking issues to pull requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue). For example having the text: "closes #1234" would connect the current pull request to issue 1234. And when we merge the pull request, Github will automatically close the issue. --> - Related Issue # - Closes # ## Added/updated tests? - [ ] Yes - [ ] No, and this is why: _please replace this line with details on why tests have not been included_ - [ ] I need help with writing tests ## Run verifications and test - [x] `make verify` is passing - [x] `make test` is passing
- Loading branch information
1 parent
c1f4eb3
commit 94b5a9e
Showing
5 changed files
with
74 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: Security | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
permissions: | ||
contents: read | ||
jobs: | ||
scan: | ||
strategy: | ||
matrix: | ||
go: ['1.20','1.21'] | ||
fail-fast: true | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Go ${{ matrix.go }} | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: ${{ matrix.go }} | ||
cache: false | ||
|
||
- name: Run GoSec | ||
uses: securego/gosec@master | ||
with: | ||
args: -exclude-dir examples ./... | ||
|
||
- name: Run GoVulnCheck | ||
uses: golang/govulncheck-action@v1 | ||
with: | ||
go-version-input: ${{ matrix.go }} | ||
go-package: ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Verify | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
permissions: | ||
contents: read | ||
jobs: | ||
lint: | ||
strategy: | ||
matrix: | ||
go: ['1.20','1.21'] | ||
fail-fast: true | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Go ${{ matrix.go }} | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: ${{ matrix.go }} | ||
cache: false | ||
|
||
- name: Run GolangCI-Lint | ||
uses: golangci/golangci-lint-action@v3 | ||
with: | ||
version: v1.53 | ||
args: --timeout=5m |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,4 +2,4 @@ module github.com/gorilla/csrf | |
|
||
require github.com/gorilla/securecookie v1.1.1 | ||
|
||
go 1.19 | ||
go 1.20 |