update ci to use mise (#23)

* apply zizmor findings

---------

Co-authored-by: slashformotion <slashformotion@protonmail.com>

Author: mrj0

.github/workflows/ci.yaml

@@ -9,132 +9,12 @@ on:
       - main
 
 jobs:
-  test:
-    runs-on: ubuntu-latest
+  test-lint:
     strategy:
       matrix:
-        go-version: [oldstable, stable]
-    services:
-      postgres:
-        image: postgres:17.4
-        ports:
-          - 5444:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        env:
-          POSTGRES_PASSWORD: password
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            /go/pkg/mod
-          key: go-mod-v4-${{ hashFiles('**/go.sum') }}
-      - name: Install Dependencies
-        run: go mod download
-      - name: Run tests
-        run: |
-          mkdir -p /tmp/test-reports
-          # gotestsum hash is version version v1.12.3
-          go run gotest.tools/gotestsum@ddd0b05a6878e2e8257a2abe6e7df66cebc53d0e --junitfile /tmp/test-reports/unit-tests.xml
-          make test-examples
-      - uses: actions/upload-artifact@v4
-        name: Upload test results
-        with:
-          name: test-reports-${{ matrix.go-version }}
-          path: /tmp/test-reports
-      - name: Update coverage report
-        uses: ncruces/go-coverage-report@v0.3.0
-        with:
-          report: true
-          chart: true
-          amend: true
-        if: |
-          matrix.go-version == 'stable'
-        continue-on-error: true
-
-  test-race:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go-version: [oldstable, stable]
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            /go/pkg/mod
-          key: go-mod-v4-${{ hashFiles('**/go.sum') }}
-      - name: Install Dependencies
-        run: go mod download
-      - name: Run tests with race detector
-        run: make test-race
-
-  lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go-version: [oldstable, stable]
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            /go/pkg/mod
-          key: go-mod-v4-${{ hashFiles('**/go.sum') }}
-      - name: Install Dependencies
-        run: go mod download
-      - name: Install tooling
-        run: make tooling
-      - name: Linting
-        run: make lint
-      - name: Running vulncheck
-        run: make vuln-check
-
-  fmt:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        go-version: [oldstable, stable]
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            /go/pkg/mod
-          key: go-mod-v4-${{ hashFiles('**/go.sum') }}
-      - name: Install Dependencies
-        run: go mod download
-      - name: Install tooling
-        run: make tooling
-      - name: Running formatting
-        run: |
-          make fmt
-          make has-changes
+        go-version: [ "1.25", "1.24" ]
+    uses: ./.github/workflows/lint-tests.yaml
+    with:
+      go-version: ${{ matrix.go-version }}
+    permissions:
+      contents: read

.github/workflows/lint-tests.yaml

@@ -0,0 +1,178 @@
+name: CI
+
+on:
+  workflow_call:
+    inputs:
+      go-version:
+        type: string
+        required: true
+
+jobs:
+  preflight:
+    runs-on: ubuntu-latest
+    outputs:
+      gopath: ${{ steps.gopath.outputs.value }}
+      go-mods-cache-key: ${{ steps.cache-keys.outputs.go-mods-cache-key }}
+      go-bins-cache-key: ${{ steps.cache-keys.outputs.go-bins-cache-key }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5
+        with:
+          cache: true
+          reshim: true
+          tool_versions: |
+            go ${{ inputs.go-version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Get Go path
+        id: gopath
+        run: echo "value=$(go env GOPATH)" >> $GITHUB_OUTPUT
+
+      - name: Cache keys
+        id: cache-keys
+        run: |
+          echo "go-mods-cache-key=go-mods-${{ runner.os }}-${{ hashFiles('**/go.sum') }}" >> $GITHUB_OUTPUT
+
+      - name: Cache Go mods
+        id: go-mods-cache
+        uses: actions/cache@v4
+        with:
+          lookup-only: true
+          path: ${{ steps.gopath.outputs.value }}/pkg/mod
+          key: ${{ steps.cache-keys.outputs.go-mods-cache-key }}
+
+      - name: 📥 Download dependencies
+        if: steps.go-mods-cache.outputs.cache-hit != 'true'
+        run: go mod download
+
+  test:
+    runs-on: ubuntu-latest
+    needs: preflight
+    services:
+      postgres:
+        image: postgres:17.4
+        ports:
+          - 5444:5432
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_PASSWORD: password
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5
+        with:
+          cache: true
+          reshim: true
+          tool_versions: |
+            go ${{ inputs.go-version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: 💾 Cache Go mods
+        uses: actions/cache@v4
+        with:
+          path: ${{ needs.preflight.outputs.gopath }}/pkg/mod
+          key: ${{ needs.preflight.outputs.go-mods-cache-key }}
+          fail-on-cache-miss: true
+      - name: Run tests units
+        run: |
+          mkdir -p /tmp/test-reports
+          gotestsum --junitfile /tmp/test-reports/unit-tests.xml
+      - uses: actions/upload-artifact@v4
+        name: Upload test results
+        with:
+          name: test-reports-${{ inputs.go-version }}
+          path: /tmp/test-reports
+      - name: Run Examples
+        run: make test-examples
+
+      - name: Update coverage report
+        uses: ncruces/go-coverage-report@aa507d98fb11c2b4dffa1b731e0786f50fd8ec93
+        with:
+          report: true
+          chart: true
+          amend: true
+        if: |
+          inputs.go-version == '1.25'
+        continue-on-error: true
+
+  test-race:
+    runs-on: ubuntu-latest
+    needs: preflight
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5
+        with:
+          cache: true
+          reshim: true
+          tool_versions: |
+            go ${{ inputs.go-version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: 💾 Cache Go mods
+        uses: actions/cache@v4
+        with:
+          path: ${{ needs.preflight.outputs.gopath }}/pkg/mod
+          key: ${{ needs.preflight.outputs.go-mods-cache-key }}
+          fail-on-cache-miss: true
+      - name: Run tests with race detector
+        run: make test-race
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: preflight
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5
+        with:
+          cache: true
+          reshim: true
+          tool_versions: |
+            go ${{ inputs.go-version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: 💾 Cache Go mods
+        uses: actions/cache@v4
+        with:
+          path: ${{ needs.preflight.outputs.gopath }}/pkg/mod
+          key: ${{ needs.preflight.outputs.go-mods-cache-key }}
+          fail-on-cache-miss: true
+      - name: go vet
+        run: mise vet
+      - name: Running staticcheck
+        run: mise static
+      - name: Running vulncheck
+        run: mise vuln
+
+  fmt:
+    runs-on: ubuntu-latest
+    needs: preflight
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - uses: jdx/mise-action@146a28175021df8ca24f8ee1828cc2a60f980bd5
+        with:
+          cache: true
+          reshim: true
+          tool_versions: |
+            go ${{ inputs.go-version }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: 💾 Cache Go mods
+        uses: actions/cache@v4
+        with:
+          path: ${{ needs.preflight.outputs.gopath }}/pkg/mod
+          key: ${{ needs.preflight.outputs.go-mods-cache-key }}
+          fail-on-cache-miss: true
+      - name: Running formatting
+        run: |
+          mise fmt
+          mise has-changes

Makefile

@@ -17,7 +17,8 @@ lint:
 	staticcheck -checks=all ./...
 
 fmt:
-	go list -f '{{.Dir}}' ./... | xargs -I {} goimports -local $(BASE_PACKAGE) -w {}
+	go fmt ./...
+	goimports -l -w .
 
 vuln-check:
 	govulncheck ./...

mise.toml

@@ -10,9 +10,12 @@ go = "1.25.1"
 "go:honnef.co/go/tools/cmd/staticcheck" = { version = "v0.6.1" }
 "go:golang.org/x/vuln/cmd/govulncheck" = { version = "v1.1.4" }
 "go:golang.org/x/tools/cmd/goimports" = { version = "v0.20.0" }
+"go:gotest.tools/gotestsum" = { version = "ddd0b05a6878e2e8257a2abe6e7df66cebc53d0e" }
 
 [tasks]
 test = "go test ./..."
 vet = "go vet ./..."
 static = "staticcheck -checks=all ./..."
 vuln = "govulncheck ./..."
+fmt = "go fmt ./... && goimports -l -w ."
+has-changes = "git diff --exit-code --quiet HEAD --"