github.com/onflow/atree@v0.6.0/.github/workflows/safer-golangci-lint.yml (about) 1 # Copyright © 2021 Montgomery Edwards⁴⁴⁸ (github.com/x448). 2 # This file is licensed under MIT License. 3 # 4 # Safer GitHub Actions Workflow for golangci-lint. 5 # https://github.com/x448/safer-golangci-lint 6 # 7 # safer-golangci-lint.yml 8 # 9 # This workflow downloads, verifies, and runs golangci-lint in a 10 # deterministic, reviewable, and safe manner. 11 # 12 # To use: 13 # Step 1. Copy this file into [your_github_repo]/.github/workflows/ 14 # Step 2. There's no step 2 if you like the default settings. 15 # 16 # See golangci-lint docs for more info at 17 # https://github.com/golangci/golangci-lint 18 # 19 # 100% of the script for downloading, installing, and running golangci-lint 20 # is embedded in this file. The embedded SHA-256 digest is used to verify the 21 # downloaded golangci-lint tarball (golangci-lint-1.xx.x-linux-amd64.tar.gz). 22 # 23 # The embedded SHA-256 digest matches golangci-lint-1.xx.x-checksums.txt at 24 # https://github.com/golangci/golangci-lint/releases 25 # 26 # To use a newer version of golangci-lint, change these values: 27 # 1. GOLINTERS_VERSION 28 # 2. GOLINTERS_TGZ_DGST 29 # 30 # Release v1.51.1 (February 5, 2023) 31 # - Bump golangci-lint to 1.51.1 32 # - Shuffle some comments 33 # - Hash of golangci-lint-1.50.1-linux-amd64.tar.gz 34 # - SHA-256: 17aeb26c76820c22efa0e1838b0ab93e90cfedef43fbfc9a2f33f27eb9e5e070 35 # This SHA-256 digest matches golangci-lint-1.51.1-checksums.txt at 36 # https://github.com/golangci/golangci-lint/releases 37 # 38 name: linters 39 40 # Remove default permissions and grant only what is required in each job. 41 permissions: {} 42 43 on: 44 workflow_dispatch: 45 pull_request: 46 types: [opened, synchronize, closed] 47 push: 48 branches: [main, master] 49 50 env: 51 GO_VERSION: 1.19 52 GOLINTERS_VERSION: 1.51.1 53 GOLINTERS_ARCH: linux-amd64 54 GOLINTERS_TGZ_DGST: 17aeb26c76820c22efa0e1838b0ab93e90cfedef43fbfc9a2f33f27eb9e5e070 55 GOLINTERS_TIMEOUT: 15m 56 OPENSSL_DGST_CMD: openssl dgst -sha256 -r 57 CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail 58 59 jobs: 60 main: 61 name: Lint 62 runs-on: ubuntu-latest 63 permissions: 64 contents: read 65 steps: 66 - name: Checkout source 67 uses: actions/checkout@v3 68 with: 69 fetch-depth: 1 70 71 - name: Setup Go 72 uses: actions/setup-go@v3 73 with: 74 go-version: ${{ env.GO_VERSION }} 75 check-latest: true 76 77 - name: Install golangci-lint 78 run: | 79 GOLINTERS_URL_PREFIX="https://github.com/golangci/golangci-lint/releases/download/v${GOLINTERS_VERSION}/" 80 GOLINTERS_TGZ="golangci-lint-${GOLINTERS_VERSION}-${GOLINTERS_ARCH}.tar.gz" 81 GOLINTERS_EXPECTED_DGST="${GOLINTERS_TGZ_DGST} *${GOLINTERS_TGZ}" 82 DGST_CMD="${OPENSSL_DGST_CMD} ${GOLINTERS_TGZ}" 83 84 cd $(mktemp -d /tmp/golinters.XXXXX) 85 ${CURL_CMD} "${GOLINTERS_URL_PREFIX}${GOLINTERS_TGZ}" --output ${GOLINTERS_TGZ} 86 87 GOLINTERS_GOT_DGST=$(${DGST_CMD}) 88 if [ "${GOLINTERS_GOT_DGST}" != "${GOLINTERS_EXPECTED_DGST}" ] 89 then 90 echo "Digest of tarball is not equal to expected digest." 91 echo "Expected digest: " "${GOLINTERS_EXPECTED_DGST}" 92 echo "Got digest: " "${GOLINTERS_GOT_DGST}" 93 exit 1 94 fi 95 96 tar --no-same-owner -xzf "${GOLINTERS_TGZ}" --strip-components 1 97 install golangci-lint $(go env GOPATH)/bin 98 shell: bash 99 100 # Run required linters enabled in .golangci.yml (or default linters if yml doesn't exist) 101 - name: Run golangci-lint 102 run: $(go env GOPATH)/bin/golangci-lint run --timeout="${GOLINTERS_TIMEOUT}" 103 shell: bash