ghx-cli/.github/workflows/ci.yml at main · roboco-io/ghx-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
name: CI

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

env:
  GO_VERSION: '1.24'

jobs:
  test:
    name: Unit Test
    runs-on: ${{ matrix.os }}

    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
        go-version: ['1.23', '1.24']

    steps:
    - name: Check out code
      uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ matrix.go-version }}

    - name: Cache Go modules
      uses: actions/cache@v4
      with:
        path: |
          ~/.cache/go-build
          ~/go/pkg/mod
        key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-go-${{ matrix.go-version }}-

    - name: Download dependencies
      run: go mod download

    - name: Run unit tests
      run: go test -race -short ./...

  lint:
    name: Lint
    runs-on: ubuntu-latest

    steps:
    - name: Check out code
      uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ env.GO_VERSION }}

    - name: golangci-lint
      uses: golangci/golangci-lint-action@v6
      with:
        version: v1.64.8
        args: --timeout=5m

  # E2E tests are run locally via lefthook pre-push hook
  # GitHub Actions GITHUB_TOKEN lacks required OAuth scopes for GraphQL API

  build:
    name: Build
    runs-on: ubuntu-latest
    needs: [test, lint]

    steps:
    - name: Check out code
      uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ env.GO_VERSION }}

    - name: Build
      run: make build

    - name: Test binary
      run: ./bin/ghx --version

  security:
    name: Security Scan
    runs-on: ubuntu-latest

    steps:
    - name: Check out code
      uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ env.GO_VERSION }}

    - name: Run Gosec Security Scanner
      run: |
        go install github.com/securego/gosec/v2/cmd/gosec@latest
        gosec -fmt json -out gosec.json ./... || true
        if [ -f gosec.json ]; then
          echo "Security scan completed. Results:"
          cat gosec.json | jq '.Issues | length' | xargs echo "Found issues:"
        fi