ci: add Go build/test and gitleaks secret-scan workflows

- go.yml: gofmt check, build, vet, and race-enabled tests for backend/,
  triggered on backend changes and pushes to main.
- gitleaks.yml: secret scanning on PRs and main using gitleaks-action v1
  (license-free; v2 requires GITLEAKS_LICENSE for org repos).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
harshitsinghbhandari 2026-05-26 21:02:58 +05:30
parent e8f60d0b27
commit d824c4f767
2 changed files with 66 additions and 0 deletions

22
.github/workflows/gitleaks.yml vendored Normal file
View File

@ -0,0 +1,22 @@
name: gitleaks
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# gitleaks-action v1 scans for committed secrets and needs no license
# key (v2 requires GITLEAKS_LICENSE for organization repos).
- name: Scan for secrets
uses: zricethezav/gitleaks-action@v1.6.0

44
.github/workflows/go.yml vendored Normal file
View File

@ -0,0 +1,44 @@
name: Go
on:
push:
branches: [main]
pull_request:
paths:
- "backend/**"
- ".github/workflows/go.yml"
permissions:
contents: read
jobs:
build-test:
runs-on: ubuntu-latest
defaults:
run:
working-directory: backend
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
with:
go-version: "1.22"
cache: false
- name: Check formatting
run: |
unformatted=$(gofmt -l .)
if [ -n "$unformatted" ]; then
echo "These files need gofmt:"
echo "$unformatted"
exit 1
fi
- name: Build
run: go build ./...
- name: Vet
run: go vet ./...
- name: Test
run: go test -race ./...