diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 46554c7..7890a56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,6 +33,7 @@ concurrency: env: GO_VERSION: "1.26.4" + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true" jobs: # ------------------------------------------------------------------------- @@ -42,8 +43,8 @@ jobs: name: fmt + vet runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -66,12 +67,12 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true - - uses: golangci/golangci-lint-action@v7 + - uses: golangci/golangci-lint-action@v9.2.1 with: version: v2.11.3 install-mode: goinstall @@ -85,8 +86,8 @@ jobs: name: test (race + cover) runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -112,7 +113,7 @@ jobs: fi echo "Coverage ${COVERAGE}% meets threshold ${THRESHOLD}%" - name: Upload coverage - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7.0.1 with: name: coverage path: coverage.out @@ -124,8 +125,8 @@ jobs: name: security runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -134,10 +135,11 @@ jobs: go install golang.org/x/vuln/cmd/govulncheck@v1.1.4 govulncheck ./... - name: gosec (advisory) - continue-on-error: true run: | go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4 - gosec -exclude=G104,G301,G302,G304,G306 ./... + if ! gosec -exclude=G104,G301,G302,G304,G306 ./...; then + echo "gosec reported advisory findings" + fi # ------------------------------------------------------------------------- # Dead code detection. @@ -146,8 +148,8 @@ jobs: name: deadcode runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true @@ -159,10 +161,10 @@ jobs: # output in the logs instead. run: | go install golang.org/x/tools/cmd/deadcode@latest - deadcode -test ./... 2>&1 | tee deadcode.txt - echo "deadcode reported $(grep -c 'unreachable func' deadcode.txt || echo 0) unreachable funcs (advisory)" + deadcode -test -f '{{range .Funcs}}{{printf "%s\t%s\n" $.Path .Name}}{{end}}' ./... | tee deadcode.txt + echo "deadcode reported $(wc -l < deadcode.txt | tr -d ' ') unreachable funcs (advisory)" - name: upload deadcode report - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7.0.1 if: always() with: name: deadcode-report @@ -176,8 +178,8 @@ jobs: name: duplication runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-node@v6.4.0 with: node-version: '20' - name: jscpd @@ -202,8 +204,8 @@ jobs: - goos: windows goarch: arm64 steps: - - uses: actions/checkout@v4 - - uses: actions/setup-go@v5 + - uses: actions/checkout@v6.0.3 + - uses: actions/setup-go@v6.4.0 with: go-version: ${{ env.GO_VERSION }} cache: true