aether/gosick
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gosick #1

Merged
DelphicOkami merged 162 commits from gosick into main 2026-03-21 23:08:00 +00:00
Conversation 0 Commits 162 Files Changed 59 +44 -54
4 changed files with 44 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit cd92a961bd - Show all commits

17
.gitea/workflows/pr-validation.yml
View File

@@ -22,6 +22,7 @@ jobs:
AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }} AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }}
AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }} AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
AWS_EC2_METADATA_DISABLED: true AWS_EC2_METADATA_DISABLED: true
SUMMARY_FILE: ${{ runner.temp }}/summary.md
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -34,6 +35,13 @@ jobs:
cache: true cache: true
cache-dependency-path: go.sum cache-dependency-path: go.sum
- name: Verify module hygiene
run: |
set -euo pipefail
go mod tidy
git diff --exit-code go.mod go.sum
go mod verify
- name: Install security tools - name: Install security tools
run: | run: |
set -euo pipefail set -euo pipefail
@@ -230,7 +238,14 @@ jobs:
echo echo
echo '### Package Coverage' echo '### Package Coverage'
cat coverage-packages.md cat coverage-packages.md
} >> "$GITHUB_STEP_SUMMARY" } >> "$SUMMARY_FILE"
- name: Run behavior suite - name: Run behavior suite
run: ./script/run-behavior-suite-docker.sh run: ./script/run-behavior-suite-docker.sh
- name: Summary
if: ${{ always() }}
run: |
if [[ -f "$SUMMARY_FILE" ]]; then
cat "$SUMMARY_FILE" >> "$GITHUB_STEP_SUMMARY"
fi

17
.gitea/workflows/push-validation.yml
View File

@@ -22,6 +22,7 @@ jobs:
AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }} AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }}
AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }} AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
AWS_EC2_METADATA_DISABLED: true AWS_EC2_METADATA_DISABLED: true
SUMMARY_FILE: ${{ runner.temp }}/summary.md
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
@@ -34,6 +35,13 @@ jobs:
cache: true cache: true
cache-dependency-path: go.sum cache-dependency-path: go.sum
- name: Verify module hygiene
run: |
set -euo pipefail
go mod tidy
git diff --exit-code go.mod go.sum
go mod verify
- name: Install security tools - name: Install security tools
run: | run: |
set -euo pipefail set -euo pipefail
@@ -186,8 +194,15 @@ jobs:
echo echo
echo '### Package Coverage' echo '### Package Coverage'
cat coverage-packages.md cat coverage-packages.md
} >> "$GITHUB_STEP_SUMMARY" } >> "$SUMMARY_FILE"
- name: Run behavior suite on main pushes - name: Run behavior suite on main pushes
if: ${{ github.ref == 'refs/heads/main' }} if: ${{ github.ref == 'refs/heads/main' }}
run: ./script/run-behavior-suite-docker.sh run: ./script/run-behavior-suite-docker.sh
- name: Summary
if: ${{ always() }}
run: |
if [[ -f "$SUMMARY_FILE" ]]; then
cat "$SUMMARY_FILE" >> "$GITHUB_STEP_SUMMARY"
fi

59
.gitea/workflows/tag-build-artifacts.yml
View File

@@ -30,6 +30,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v5 uses: actions/setup-go@v5
@@ -74,58 +76,11 @@ jobs:
release: release:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: build needs: build
env:
RELEASE_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps: steps:
- name: Download build artifacts - name: Checkout
uses: actions/download-artifact@v4 uses: actions/checkout@v4
with: with:
path: dist fetch-depth: 0
- name: Ensure jq is installed - name: Vociferate publish
run: | uses: aether/vociferate/publish@v1.0.1
if ! command -v jq >/dev/null 2>&1; then
sudo apt-get update
sudo apt-get install -y jq
fi
- name: Create release if needed and upload assets
run: |
set -euo pipefail
if [[ -z "${RELEASE_TOKEN:-}" ]]; then
echo "RELEASE_TOKEN is empty. Expected secrets.GITHUB_TOKEN to be available." >&2
exit 1
fi
tag="${GITHUB_REF_NAME}"
api_base="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
release_json="$(curl -sS -H "Authorization: token ${RELEASE_TOKEN}" "${api_base}/releases/tags/${tag}" || true)"
release_id="$(printf '%s' "${release_json}" | jq -r '.id // empty')"
if [[ -z "${release_id}" ]]; then
create_payload="$(jq -n --arg tag "${tag}" --arg name "${tag}" '{tag_name:$tag, name:$name, draft:false, prerelease:false}')"
release_json="$(curl -sS -X POST \
-H "Authorization: token ${RELEASE_TOKEN}" \
-H "Content-Type: application/json" \
-d "${create_payload}" \
"${api_base}/releases")"
release_id="$(printf '%s' "${release_json}" | jq -r '.id // empty')"
fi
if [[ -z "${release_id}" ]]; then
echo "Unable to determine or create release id for tag ${tag}" >&2
printf '%s\n' "${release_json}" >&2
exit 1
fi
find dist -type f -name '*.tar.gz' -print0 | while IFS= read -r -d '' file; do
asset_name="$(basename "${file}")"
curl -sS -X POST \
-H "Authorization: token ${RELEASE_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--data-binary @"${file}" \
"${api_base}/releases/${release_id}/assets?name=${asset_name}"
echo "Uploaded ${asset_name}"
done

5
justfile
View File

@@ -14,6 +14,11 @@ go-build-linux:
go-test: go-test:
go test ./... go test ./...
go-mod-hygiene:
go mod tidy
git diff --exit-code go.mod go.sum
go mod verify
go-security: go-security:
gosec ./... gosec ./...
govulncheck ./... govulncheck ./...