ci: add Go build/test and gitleaks secret-scan workflows
- go.yml: gofmt check, build, vet, and race-enabled tests for backend/, triggered on backend changes and pushes to main. - gitleaks.yml: secret scanning on PRs and main using gitleaks-action v1 (license-free; v2 requires GITLEAKS_LICENSE for org repos). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
e8f60d0b27
commit
d824c4f767
|
|
@ -0,0 +1,22 @@
|
|||
name: gitleaks
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
# gitleaks-action v1 scans for committed secrets and needs no license
|
||||
# key (v2 requires GITLEAKS_LICENSE for organization repos).
|
||||
- name: Scan for secrets
|
||||
uses: zricethezav/gitleaks-action@v1.6.0
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
name: Go
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
paths:
|
||||
- "backend/**"
|
||||
- ".github/workflows/go.yml"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build-test:
|
||||
runs-on: ubuntu-latest
|
||||
defaults:
|
||||
run:
|
||||
working-directory: backend
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-go@v5
|
||||
with:
|
||||
go-version: "1.22"
|
||||
cache: false
|
||||
|
||||
- name: Check formatting
|
||||
run: |
|
||||
unformatted=$(gofmt -l .)
|
||||
if [ -n "$unformatted" ]; then
|
||||
echo "These files need gofmt:"
|
||||
echo "$unformatted"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
- name: Build
|
||||
run: go build ./...
|
||||
|
||||
- name: Vet
|
||||
run: go vet ./...
|
||||
|
||||
- name: Test
|
||||
run: go test -race ./...
|
||||
Loading…
Reference in New Issue