Skip to content

gha: bump step-security/harden-runner from 2.9.1 to 2.10.0 #1403

gha: bump step-security/harden-runner from 2.9.1 to 2.10.0

gha: bump step-security/harden-runner from 2.9.1 to 2.10.0 #1403

Workflow file for this run

name: Build
on:
push:
branches:
- main
pull_request:
workflow_dispatch:
env:
GO_VERSION: 1.23.x
STATICCHECK_VERSION: 2024.1.1
permissions: read-all
jobs:
lint:
name: Lint
runs-on: ubuntu-24.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v1
with:
egress-policy: block
disable-telemetry: true
allowed-endpoints: >
artifactcache.actions.githubusercontent.com:443
frsnacprodeus2file1.blob.core.windows.net:443
github.com:443
golang.org:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
sum.golang.org:443
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v2.4.0
- name: golangci-lint
uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v2
with:
version: latest
#args: --enable maligned
build:
name: Build
strategy:
matrix:
platform: [ubuntu-24.04, windows-2022, macos-14]
runs-on: ${{ matrix.platform }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v1
with:
egress-policy: audit
disable-telemetry: false
allowed-endpoints: >
api.github.com:443
artifactcache.actions.githubusercontent.com:443
frsnacprodeus2file1.blob.core.windows.net:443
github.com:443
objects.githubusercontent.com:443
proxy.golang.org:443
raw.githubusercontent.com:443
storage.googleapis.com:443
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v2.1.5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v2.4.0
with:
fetch-depth: 0
# https://github.com/marketplace/actions/cache
- name: Cache Go modules
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v2
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Check and get dependencies
run: |
go mod download
go mod tidy
git diff --exit-code go.mod
git diff --exit-code go.sum
- name: Build
run: go build -v -trimpath -ldflags="-s -w" ./cmd/bl3auto.go
- name: Test
run: go test -v -race ./...
- name: Staticcheck
uses: dominikh/staticcheck-action@fe1dd0c3658873b46f8c9bb3291096a617310ca6 # v1.1.0
with:
version: ${{ env.STATICCHECK_VERSION }}
install-go: false
cache-key: ${{ matrix.platform }}