ci.yml

name: CI

on:
  workflow_dispatch: {}
  push:
    branches:
      - main
    tags:
      - v[0-9]+.[0-9]+.[0-9]+*
  pull_request:
    branches:
      - main

permissions:
  contents: read

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
        with:
          go-version-file: 'go.mod'

      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
          version: v1.54
          # Optional: show only new issues if it's a pull request. The default value is `false`.
          # only-new-issues: true
      - name: lint
        run: |
          go install honnef.co/go/tools/cmd/staticcheck@latest &&
          $HOME/go/bin/staticcheck &&
          make vet

  test:
    name: Test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go:
          - "1.19"
          - "1.18"
          - "1.17"
    steps:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe
        with:
          go-version: ${{ matrix.go }}
      - name: Test
        run: make test

  vulncheck:
    name: Vulnerabilities check
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac
        with:
          persist-credentials: false
          sparse-checkout: |
            apps/portier-backend
      - name: Scan for Vulnerabilities in Code
        uses: Templum/govulncheck-action@6bb063b41d78c53c2fc7f5589828e30ad7c697ee