name: Go on: push: branches: [ master ] pull_request: branches: [ master ] jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Set up Go uses: actions/setup-go@v2 with: go-version: 1.16.x - name: Build run: go build -v ./... - name: Test run: go test -v ./... golangci-lint: name: lint runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: golangci-lint uses: golangci/golangci-lint-action@v2 with: # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version version: latest trivy: name: Trivy runs-on: ubuntu-18.04 steps: - name: Checkout code uses: actions/checkout@v2 - name: Run Trivy vulnerability scanner in repo mode uses: aquasecurity/trivy-action@master with: scan-type: 'fs' ignore-unfixed: true format: 'template' template: '@/contrib/sarif.tpl' output: 'trivy-results.sarif' severity: 'HIGH,CRITICAL' exit-code: 0 - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1 with: sarif_file: 'trivy-results.sarif' - name: Run Trivy with human-readable output uses: aquasecurity/trivy-action@master with: scan-type: 'fs' ignore-unfixed: true format: 'table' severity: 'HIGH,CRITICAL' exit-code: 1 goreleaser: needs: - build - golangci-lint - trivy runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v2 with: go-version: 1.16.x - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 with: # either 'goreleaser' (default) or 'goreleaser-pro' distribution: goreleaser version: latest args: build --snapshot --rm-dist env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}