renovate
08269c034b
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://github.com/actions/checkout) | action | major | `v6` → `v7` | --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v7.0.0`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://github.com/actions/checkout/compare/v7.0.0...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://github.com/aiqiaoy) in [#​2454](https://github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2458](https://github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2460](https://github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2461](https://github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://github.com/actions/core) and [@​actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2459](https://github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://github.com/aiqiaoy) in [#​2463](https://github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2462](https://github.com/actions/checkout/pull/2462) ### [`v7`](https://github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://github.com/actions/checkout/compare/v6.0.3...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://github.com/aiqiaoy) in [#​2454](https://github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2458](https://github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2460](https://github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2461](https://github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://github.com/actions/core) and [@​actions/tool-cache](https://github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2459](https://github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://github.com/aiqiaoy) in [#​2463](https://github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2462](https://github.com/actions/checkout/pull/2462) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: #311 Co-authored-by: Renovate Bot <renovate@unbound.se> Co-committed-by: Renovate Bot <renovate@unbound.se>
82 lines
2.8 KiB
YAML
82 lines
2.8 KiB
YAML
name: authz_client
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: 'stable'
|
|
- name: Run tests
|
|
run: go test -race -coverprofile=coverage.txt ./...
|
|
|
|
- name: Check coverage
|
|
id: coverage
|
|
run: |
|
|
go install github.com/vladopajic/go-test-coverage/v2@latest
|
|
go-test-coverage --config ./.testcoverage.yml --github-action-output
|
|
- name: Download baseline coverage
|
|
if: gitea.event_name == 'pull_request'
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: coverage-baseline
|
|
path: ./baseline
|
|
continue-on-error: true
|
|
- name: Compare coverage
|
|
if: gitea.event_name == 'pull_request'
|
|
run: |
|
|
CURRENT="${{ steps.coverage.outputs.total-coverage }}"
|
|
if [ -f ./baseline/coverage.txt ]; then
|
|
BASE=$(cat ./baseline/coverage.txt)
|
|
echo "Base coverage: ${BASE}%"
|
|
echo "Current coverage: ${CURRENT}%"
|
|
if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
|
|
echo "::error::Coverage decreased from ${BASE}% to ${CURRENT}%"
|
|
exit 1
|
|
fi
|
|
echo "Coverage maintained or improved: ${BASE}% -> ${CURRENT}%"
|
|
else
|
|
echo "No baseline coverage found, skipping comparison"
|
|
echo "Current coverage: ${CURRENT}%"
|
|
fi
|
|
- name: Save coverage baseline
|
|
if: gitea.ref == 'refs/heads/main'
|
|
run: echo "${{ steps.coverage.outputs.total-coverage }}" > coverage.txt
|
|
- name: Upload coverage baseline
|
|
if: gitea.ref == 'refs/heads/main'
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: coverage-baseline
|
|
path: coverage.txt
|
|
retention-days: 90
|
|
- name: Post coverage comment
|
|
if: gitea.event_name == 'pull_request'
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
GITEA_URL: ${{ gitea.server_url }}
|
|
run: |
|
|
COVERAGE="${{ steps.coverage.outputs.total-coverage }}"
|
|
curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
|
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}%**\"}"
|
|
|
|
vulnerabilities:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v7
|
|
- uses: actions/setup-go@v6
|
|
with:
|
|
go-version: 'stable'
|
|
- name: Check vulnerabilities
|
|
run: |
|
|
go install golang.org/x/vuln/cmd/govulncheck@latest
|
|
govulncheck ./...
|