From e27474cab2f725c359521ce9a286fcf737770cac Mon Sep 17 00:00:00 2001 From: Jacob Date: Sun, 14 Apr 2024 17:20:54 +0200 Subject: [PATCH] Add a static code analysis workflow --- .github/workflows/analysis.yml | 49 ++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/analysis.yml diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml new file mode 100644 index 0000000..71e1001 --- /dev/null +++ b/.github/workflows/analysis.yml @@ -0,0 +1,49 @@ +name: Analysis +on: [push, pull_request] +permissions: + contents: read + +jobs: + static_analysis: + runs-on: ubuntu-latest + strategy: + fail-fast: false + + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + - uses: WillAbides/setup-go-faster@v1 + with: + go-version: 'stable' + + - name: Install build dependencies + run: | + sudo apt-get update + sudo apt-get install --no-install-recommends clang libgl1-mesa-dev libegl1-mesa-dev libgles2-mesa-dev libx11-dev xorg-dev + + - name: Install static analysis tools + run: | + go install github.com/securego/gosec/v2/cmd/gosec@latest + go install golang.org/x/vuln/cmd/govulncheck@latest + go install github.com/fzipp/gocyclo/cmd/gocyclo@latest + go install honnef.co/go/tools/cmd/staticcheck@latest + go install mvdan.cc/gofumpt@latest + + - name: Vet + run: go vet ./... + + - name: Gofumpt + run: test -z $(gofumpt -d -e . | tee /dev/stderr) + + - name: Gocyclo + run: gocyclo -over 15 . + + - name: Staticcheck + run: staticcheck ./... + + - name: Gosec + run: gosec ./... + + - name: Vulncheck + run: govulncheck ./...