From b60bd5799778c648b5f8be4830da7a4655545d94 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Wed, 18 Dec 2024 17:38:13 -0500 Subject: [PATCH 1/3] Add security workflows --- .github/workflows/codeql.yml | 39 +++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 19 ++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..eac9218 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,39 @@ +name: "CodeQL Advanced" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + schedule: + - cron: '0 13 * * 5' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + + strategy: + fail-fast: false + matrix: + include: + - language: go + build-mode: autobuild + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + queries: security-and-quality + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..9f07e05 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,19 @@ +name: 'Dependency review' +on: + pull_request: + branches: [ "main" ] + +permissions: + contents: read + pull-requests: write + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + comment-summary-in-pr: on-failure From 814732a00fc1ad907a4335a70e085912cbac1507 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Wed, 18 Dec 2024 17:38:25 -0500 Subject: [PATCH 2/3] Simplify CI --- .github/workflows/build-test.yml | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 199250b..0c83f33 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -11,32 +11,16 @@ on: jobs: build: + strategy: + matrix: + go-version: ["stable", "oldstable"] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: - go-version: "stable" - - - run: go version - - - name: Build binary - run: make - - - name: Test - run: make test - - old-go-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-go@v5 - with: - go-version: "oldstable" - - - run: go version + go-version: ${{ matrix.go-version }} - name: Build binary run: make From b706af967e12af852fabccac9c50b5eb115a77a5 Mon Sep 17 00:00:00 2001 From: Zhiwei Liang Date: Wed, 18 Dec 2024 17:38:39 -0500 Subject: [PATCH 3/3] Add .DS_Store to .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index f187d9a..0c67a4b 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ dist out dist/ + +.DS_Store