Update correct job #102
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| id-token: write | |
| jobs: | |
| setup-linux-deps: | |
| name: Setup Linux Dependencies | |
| runs-on: ubuntu-latest | |
| outputs: | |
| cache-key: ${{ steps.cache-key.outputs.key }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Generate cache key | |
| id: cache-key | |
| run: echo "key=${{ runner.os }}-x11-deps-${{ hashFiles('go.mod') }}" >> $GITHUB_OUTPUT | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ steps.cache-key.outputs.key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y build-essential libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Test Linux build | |
| run: | | |
| # Tree-sitter requires CGO; cross-compiling from Linux is not reliable. | |
| # Validate the native Linux build here; release handles target-specific builds. | |
| export CGO_ENABLED=1 | |
| GOOS=linux GOARCH=amd64 go build -o /tmp/initiat-linux-amd64 . | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| strategy: | |
| matrix: | |
| go-version: ["1.25.x"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-${{ matrix.go-version }}- | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install and setup GNOME Keyring for tests | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential gnome-keyring dbus-x11 | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y build-essential libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Run tests | |
| run: | | |
| export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork) | |
| echo 'test' | gnome-keyring-daemon --unlock --daemonize --login | |
| gnome-keyring-daemon --start --daemonize --components=secrets | |
| sleep 3 | |
| if ! pgrep -f gnome-keyring-daemon > /dev/null; then | |
| echo "Warning: GNOME Keyring daemon not running - some tests may be skipped" | |
| fi | |
| export CGO_ENABLED=1 | |
| timeout 600 go test -v -race -coverprofile=coverage.out ./... || \ | |
| timeout 600 go test -v -race ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y build-essential libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v7 | |
| with: | |
| version: v2.4.0 | |
| args: --timeout=5m | |
| format: | |
| name: Format Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Check formatting | |
| run: | | |
| if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files are not formatted:" | |
| gofmt -s -l . | |
| echo "Please run 'gofmt -s -w .' to format your code." | |
| exit 1 | |
| fi | |
| - name: Check imports | |
| run: | | |
| go install golang.org/x/tools/cmd/goimports@latest | |
| if [ "$(goimports -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files have incorrect imports:" | |
| goimports -l . | |
| echo "Please run 'goimports -w .' to fix your imports." | |
| exit 1 | |
| fi | |
| security: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # security-events: write # <- not needed while upload is disabled | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Install gosec | |
| run: go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| - name: Run Gosec (SARIF) | |
| run: | | |
| gosec -no-fail -fmt sarif -out gosec-results.sarif \ | |
| -exclude-dir=docs \ | |
| -exclude-dir=internal/codeanalysis/testdata \ | |
| ./... | |
| # --- Temporarily disabled: Code Scanning upload requires org/private entitlement --- | |
| # - name: Upload SARIF to Code Scanning | |
| # if: always() && hashFiles('gosec-results.sarif') != '' | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # sarif_file: gosec-results.sarif | |
| # category: gosec | |
| - name: Save SARIF as artifact | |
| if: always() && hashFiles('gosec-results.sarif') != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: gosec-sarif | |
| path: gosec-results.sarif | |
| retention-days: 7 | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [setup-linux-deps, test, lint, format] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Build for multiple platforms | |
| run: | | |
| # Tree-sitter requires CGO; cross-compiling from Linux is not reliable. | |
| # Validate native Linux build here; release workflow handles native macOS/Windows builds. | |
| export CGO_ENABLED=1 | |
| go build -o /tmp/initiat-linux-amd64 . | |
| - name: Test binary functionality | |
| run: | | |
| export CGO_ENABLED=1 | |
| go build -o initiat . | |
| ./initiat --help | |
| ./initiat auth --help | |
| ./initiat version | |
| dependency-check: | |
| name: Dependency Check | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Check for vulnerabilities | |
| run: | | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| - name: Check mod tidy | |
| run: | | |
| go mod tidy | |
| if [ -n "$(git status --porcelain go.mod go.sum)" ]; then | |
| echo "go.mod or go.sum is not tidy" | |
| git diff go.mod go.sum | |
| exit 1 | |
| fi |