ci: set up basic GitHub actions workflows and add CodeQL#49
ci: set up basic GitHub actions workflows and add CodeQL#49thaJeztah wants to merge 1 commit intodocker:mainfrom
Conversation
Welcome to Codecov 🎉Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests. Thanks for integrating Codecov - We've got you covered ☂️ |
Ah, it's already enabled through the repo settings; let's keep it simple and drop the workflow |
| - name: Codecov | ||
| uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 | ||
| with: | ||
| directory: ./ |
There was a problem hiding this comment.
Not sure if codecov is still needed
There was a problem hiding this comment.
I took some other repositories as a bit of a template; not really tied to CodeCov, but also thought it wouldn't really hurt; happy to remove though if you prefer, let me know 👍
.github/workflows/test.yml
Outdated
| runs-on: ${{ matrix.os }} | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - uses: actions/checkout@v6.0.2 |
There was a problem hiding this comment.
I'd rather use v6 here so the latest v6 is used. This will decrease the amount of noise from dependabot.
Same below.
There was a problem hiding this comment.
So, that... depends on the action if I'm not mistaken; the "old" (and really ugly) way of v6 meant literally re-tagging a .. literal v6 tag.
With immutable actions that's no longer possible, in which case v6 means v6 (period) so it never updates, and doesn't resolve v6.x.x, unless using dependabot or renovate to resolve newer versions.
And in that case (when pinning by sha), it's clearer to specify the full version, because then at least you're able to verify that the SHA matches the tag.
In some cases, the workflow is even; delete the tag, then push a new one (through the GitHub UI 😬); e.g. see (the v5 tag was deleted then re-created with the same sha as the latest v5.x.x)
There was a problem hiding this comment.
Not a blocker (esp. since you change the tags with checksums in the next commit).
| - name: Set up Go | ||
| uses: actions/setup-go@v6.4.0 | ||
| with: | ||
| cache: false |
There was a problem hiding this comment.
caching might be OK here
There was a problem hiding this comment.
Ah, yes, I think this was zizmor flagging it, so I kept it for now (probably won't make much difference for this repository).
kolyshkin
left a comment
There was a problem hiding this comment.
lgtm (don't mind if you squash the two commits)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- What I did
- How I did it
- How to verify it
- Description for the changelog
- A picture of a cute animal (not mandatory but encouraged)