Remove unified CRLs, cross-cluster revocations #874
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run linters | |
| on: | |
| merge_group: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| push: | |
| branches: | |
| - main | |
| - release/** | |
| concurrency: | |
| group: ${{ github.head_ref || github.run_id }}-lint | |
| cancel-in-progress: true | |
| jobs: | |
| deprecations: | |
| name: Deprecated functions | |
| runs-on: ubuntu-latest | |
| if: github.base_ref == 'main' | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/set-up-go | |
| - run: make ci-deprecations | |
| name: Check deprecations | |
| vulnerabilities: | |
| name: Vulnerable dependencies | |
| runs-on: ubuntu-latest | |
| if: github.base_ref == 'main' | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/set-up-go | |
| - run: make vulncheck | |
| name: Check dependencies for vulnerabilities | |
| codechecker: | |
| name: Code checks | |
| runs-on: ubuntu-latest | |
| if: github.base_ref == 'main' | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 | |
| - uses: ./.github/actions/set-up-go | |
| # Note: if there is a function we want to ignore the nilnil check for, | |
| # You can add 'ignore-nil-nil-function-check' somewhere in the | |
| # godoc for the function. | |
| - run: make ci-vet-codechecker | |
| name: Check custom linters | |
| format: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: ./.github/actions/set-up-go | |
| - name: Go format | |
| run: | | |
| make ci-bootstrap | |
| echo "Using gofumpt version $(go run mvdan.cc/gofumpt -version)" | |
| make fmt | |
| if ! git diff --exit-code; then | |
| echo "Code has formatting errors. Run 'make fmt' to fix" | |
| exit 1 | |
| fi | |
| semgrep: | |
| name: Semgrep | |
| runs-on: ubuntu-latest | |
| container: | |
| image: returntocorp/semgrep@sha256:ffc6f3567654f9431456d49fd059dfe548f007c494a7eb6cd5a1a3e50d813fb3 | |
| # Skip any PR created by dependabot and any check triggered by merge group | |
| if: (github.actor != 'dependabot[bot]') && (github.event != 'merge_group') | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Run Semgrep Rules | |
| id: semgrep | |
| run: semgrep ci --include '*.go' --config 'tools/semgrep/ci' | |
| gomod: | |
| name: Go mod checks | |
| runs-on: ubuntu-latest | |
| if: github.base_ref == 'main' | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: ./.github/actions/set-up-go | |
| - run: make ci-tidy-all | |
| name: Run go mod tidy to check for differences |