argoyle
81ac3e6ea5
Signed user-header middleware (UserMiddleware/FromContext/User, ADR-0005) plus the deployed-secrets startup guard (MissingDeployedSecrets, ADR-0005/0006). Replaces the byte-identical auth package + secrets_guard.go copied into every backend service.
36 lines
825 B
YAML
36 lines
825 B
YAML
name: auth
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
test:
|
|
if: gitea.event_name == 'pull_request'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: 'stable'
|
|
- name: Format check
|
|
run: |
|
|
go install mvdan.cc/gofumpt@latest
|
|
test -z "$(gofumpt -l .)"
|
|
- name: Run tests
|
|
run: go test -race ./...
|
|
vulnerabilities:
|
|
if: gitea.event_name == 'pull_request'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: 'stable'
|
|
- name: Check vulnerabilities
|
|
run: |
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|