ci: add deadcode check #54
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Lint | |
| uses: golangci/golangci-lint-action@v9.2.0 | |
| with: | |
| version: v2.11.1 | |
| - name: Install analyzers | |
| run: | | |
| go install honnef.co/go/tools/cmd/staticcheck@v0.7.0 | |
| go install mvdan.cc/gofumpt@v0.9.2 | |
| go install github.com/securego/gosec/v2/cmd/gosec@v2.25.0 | |
| go install golang.org/x/tools/cmd/deadcode@v0.45.0 | |
| - name: Vet | |
| run: go vet ./... | |
| - name: Staticcheck | |
| run: '"$(go env GOPATH)/bin/staticcheck" ./...' | |
| - name: Deadcode | |
| run: | | |
| output_file=$(mktemp) | |
| "$(go env GOPATH)/bin/deadcode" -test ./... > "$output_file" | |
| if [ -s "$output_file" ]; then | |
| cat "$output_file" | |
| exit 1 | |
| fi | |
| - name: Gofumpt | |
| run: | | |
| changed="$("$(go env GOPATH)/bin/gofumpt" -l .)" | |
| if [ -n "$changed" ]; then | |
| printf 'gofumpt wants changes in:\n%s\n' "$changed" | |
| exit 1 | |
| fi | |
| - name: Gosec | |
| run: | | |
| "$(go env GOPATH)/bin/gosec" -exclude=G101,G115,G202,G301,G304 ./... | |
| test: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Test with coverage | |
| run: go test -count=1 ./... -coverprofile=coverage.out | |
| - name: Test with race detector | |
| run: go test -count=1 -race ./... | |
| - name: Enforce coverage floor | |
| run: ./scripts/coverage.sh 85.0 | |
| - name: Build | |
| run: go build ./cmd/wacrawl | |
| deps: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Verify module cache | |
| run: go mod verify | |
| - name: Check go.mod tidy | |
| run: | | |
| go mod tidy | |
| git diff --exit-code -- go.mod go.sum | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@v1.3.0 | |
| - name: Run govulncheck | |
| run: '"$(go env GOPATH)/bin/govulncheck" ./...' | |
| release-check: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Snapshot release build | |
| uses: goreleaser/goreleaser-action@v7.1.0 | |
| with: | |
| distribution: goreleaser | |
| version: "~> v2" | |
| args: release --snapshot --clean --skip=publish | |
| secrets: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6.4.0 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Install gitleaks | |
| run: go install github.com/zricethezav/gitleaks/v8@v8.30.1 | |
| - name: Scan git history | |
| run: | | |
| "$(go env GOPATH)/bin/gitleaks" git --no-banner --redact | |
| - name: Scan working tree | |
| run: | | |
| "$(go env GOPATH)/bin/gitleaks" dir . --no-banner --redact |