Update chart.yaml #14

	name: 'PR checks'
	# todo: pr to github meta (we don't need to setup private repos here)
	on:
	pull_request_target:
	branches: [main]

	jobs:
	go-build-test:
	permissions:
	contents: read # for actions/checkout to fetch code
	pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
	checks: write # Optional: Allow write access to checks to allow the golangci/golangci-lint-action to annotate code in the PR (SARIF)

	name: Inspect packages
	runs-on: ubuntu-latest
	if: ${{ !contains(github.event.pull_request.labels.*.name, 'skip-ci') }}
	steps:
	- uses: actions/setup-go@v5
	with:
	go-version: '1.22'
	cache: false

	- name: Checkout code
	uses: actions/checkout@v4
	with:
	ref: refs/pull/${{ github.event.pull_request.number }}/merge

	- name: Verify dependencies
	run: \|
	go mod verify
	go mod tidy
	gofmt -s -w .
	if [[ -n "$(git status --porcelain)" ]]; then
	echo "dirty repository"
	git status
	exit 1
	fi

	- name: Run go vet
	run: go vet ./...

	- name: golangci-lint
	uses: golangci/golangci-lint-action@v3
	with:
	version: v1.54
	skip-cache: true

	- name: Run staticcheck
	run: \|
	go install honnef.co/go/tools/cmd/[email protected]
	staticcheck ./...

	- name: Run vulncheck
	run: \|
	echo -e "### vulncheck\n\n" >> ${GITHUB_STEP_SUMMARY}
	echo '```' >> ${GITHUB_STEP_SUMMARY}
	go install golang.org/x/vuln/cmd/[email protected]
	(govulncheck ./... \|\| true) \| tee -a ${GITHUB_STEP_SUMMARY}
	echo '```' >> ${GITHUB_STEP_SUMMARY}

	- name: Build
	env:
	CGO_ENABLED: 0
	run: make build

	- name: Test
	run: make test

Provide feedback