ivuorinen/f2b
1
0
Fork 0
mirror of https://github.com/ivuorinen/f2b.git synced 2026-01-26 03:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(deps): update github actions and pre-commit hooks (#118)

Browse Source 
* chore(deps): update github actions and pre-commit hooks

* chore(pre-commit): replace dnephin/pre-commit-golang with local hook

The dnephin/pre-commit-golang repository has been sunset. Replace it
with a local hook that runs golangci-lint directly using the system
language. This removes the external dependency while maintaining
identical linting behavior via .golangci.yml configuration.

* fix: golangci-lint installation

* chore: update actions, update golangci in makefile

* chore: add goenv bin to path

* chore: tweaks to lint tool installation

* chore: actually modify pr-lint action

* fix(ci): tweaks to linting, permissions

* chore(ci): align golangci-lint version to v2.7.2

* chore(ci): update github actions to latest versions

* fix(ci): add install-mode for golangci-lint v2.7.2

* fix(security): use go install for golangci-lint
This commit is contained in:
Ismo Vuorinen
2026-01-24 22:05:00 +02:00
committed by GitHub
parent fa74b48038
commit a668c4563e
10 changed files with 49 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/claude.yml vendored
View File

@@ -11,7 +11,8 @@ on:
pull_request_review: pull_request_review:
types: [submitted] types: [submitted]
permissions: read-all permissions:
contents: read
jobs: jobs:
claude: claude:
@@ -46,14 +47,13 @@ jobs:
actions: read # Required for Claude to read CI results on PRs actions: read # Required for Claude to read CI results on PRs
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
fetch-depth: 1 fetch-depth: 1
- name: Run Claude Code - name: Run Claude Code
id: claude id: claude
# kics-scan ignore-line uses: anthropics/claude-code-action@f64219702d7454cf29fe32a74104be6ed43dc637 # v1.0.34
uses: anthropics/claude-code-action@beta
with: with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}

22
.github/workflows/lint.yml vendored
View File

@@ -10,7 +10,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions: read-all permissions:
contents: read
jobs: jobs:
lint: lint:
@@ -20,30 +21,27 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Node.js - name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with: with:
node-version: 24.x node-version: 24.x
- name: Set up Go - name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
with: with:
go-version-file: go.mod go-version-file: go.mod
cache: true cache: true
cache-dependency-path: go.sum cache-dependency-path: go.sum
- name: Set up Python - name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with: with:
python-version: "3.x" python-version: "3.x"
- name: Install tools required by pre-commit - name: golangci-lint
shell: bash uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
run: make dev-setup
- name: Run pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
with: with:
extra_args: --all-files version: v2.7.2
install-mode: goinstall

30
.github/workflows/pr-lint.yml vendored
View File

@@ -10,7 +10,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }} group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true cancel-in-progress: true
permissions: read-all permissions:
contents: read
jobs: jobs:
Linter: Linter:
@@ -26,39 +27,30 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up Node.js - name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with: with:
node-version: 24.x node-version: 24.x
- name: Set up Go - name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
with: with:
go-version-file: go.mod go-version-file: go.mod
cache: true cache: true
cache-dependency-path: go.sum cache-dependency-path: go.sum
- name: Set up Python - name: Set up Python
uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with: with:
python-version: "3.x" python-version: "3.x"
- name: Cache pre-commit - name: golangci-lint
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with: with:
path: ~/.cache/pre-commit version: v2.7.2
key: ${{ runner.os }}-precommit-${{ hashFiles('.pre-commit-config.yaml') }} install-mode: goinstall
- name: Install pre-commit requirements
run: |
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- name: Run pre-commit
uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
with:
extra_args: --all-files
- name: Run integration tests and collect coverage - name: Run integration tests and collect coverage
run: | run: |
@@ -74,4 +66,4 @@ jobs:
- name: Run PR Lint - name: Run PR Lint
# Custom PR linting action that performs additional PR-specific checks # Custom PR linting action that performs additional PR-specific checks
# https://github.com/ivuorinen/actions # https://github.com/ivuorinen/actions
uses: ivuorinen/actions/pr-lint@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23 uses: ivuorinen/actions/pr-lint@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21

4
.github/workflows/release.yml vendored
View File

@@ -18,12 +18,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with: with:
fetch-depth: 0 # Required for changelog generation fetch-depth: 0 # Required for changelog generation
- name: Set up Go - name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
with: with:
go-version-file: go.mod go-version-file: go.mod
cache: true cache: true

2
.github/workflows/stale.yml vendored
View File

@@ -23,4 +23,4 @@ jobs:
issues: write issues: write
pull-requests: write pull-requests: write
steps: steps:
- uses: ivuorinen/actions/stale@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23 - uses: ivuorinen/actions/stale@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21

6
.github/workflows/sync-labels.yml vendored
View File

@@ -13,12 +13,14 @@ on:
workflow_call: workflow_call:
workflow_dispatch: workflow_dispatch:
permissions: read-all permissions:
contents: read
jobs: jobs:
sync-labels: sync-labels:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions: permissions:
contents: read
issues: write issues: write
steps: steps:
- uses: ivuorinen/actions/sync-labels@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23 - uses: ivuorinen/actions/sync-labels@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21

10
.pre-commit-config.yaml
View File

@@ -21,10 +21,14 @@ repos:
hooks: hooks:
- id: sync-pre-commit-deps - id: sync-pre-commit-deps
- repo: https://github.com/dnephin/pre-commit-golang - repo: local
rev: v0.5.1
hooks: hooks:
- id: golangci-lint - id: golangci-lint
name: golangci-lint
entry: golangci-lint run
language: system
types: [go]
pass_filenames: false
- repo: https://github.com/google/yamlfmt - repo: https://github.com/google/yamlfmt
rev: v0.20.0 rev: v0.20.0
@@ -32,7 +36,7 @@ repos:
- id: yamlfmt - id: yamlfmt
- repo: https://github.com/igorshubovych/markdownlint-cli - repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.45.0 rev: v0.47.0
hooks: hooks:
- id: markdownlint - id: markdownlint
args: [-c, .markdownlint.json, --fix] args: [-c, .markdownlint.json, --fix]

9
Makefile
View File

@@ -30,8 +30,13 @@ dev-deps: ## Install development dependencies
@echo "Installing goreleaser..." @echo "Installing goreleaser..."
@go install github.com/goreleaser/goreleaser/v2@v2.12.0; @go install github.com/goreleaser/goreleaser/v2@v2.12.0;
# renovate: datasource=go depName=github.com/goreleaser/goreleaser/v2 # renovate: datasource=go depName=github.com/goreleaser/goreleaser/v2
@echo "Installing golangci-lint..."; @GOLANGCI_VERSION=$$(golangci-lint version 2>/dev/null \
@go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.4.0; | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 || echo "0.0.0"); \
EXPECTED_VERSION="2.7.2"; \
if [ "$$GOLANGCI_VERSION" != "$$EXPECTED_VERSION" ]; then \
echo "Installing golangci-lint v$$EXPECTED_VERSION (current: v$$GOLANGCI_VERSION)..."; \
go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v$$EXPECTED_VERSION; \
fi
# renovate: datasource=go depName=github.com/golangci/golangci-lint/v2/cmd/golangci-lint # renovate: datasource=go depName=github.com/golangci/golangci-lint/v2/cmd/golangci-lint
@command -v markdownlint-cli2 >/dev/null 2>&1 || { \ @command -v markdownlint-cli2 >/dev/null 2>&1 || { \
echo "Installing markdownlint-cli2..."; \ echo "Installing markdownlint-cli2..."; \

2
docs/api.md
View File

@@ -240,7 +240,7 @@ const (
The configuration system supports the following environment variables: The configuration system supports the following environment variables:
| Variable | Description | Default | | Variable | Description | Default |
|----------|-------------|---------| | -------- | ----------- | ------- |
| `F2B_LOG_DIR` | Log directory path | `/var/log` | | `F2B_LOG_DIR` | Log directory path | `/var/log` |
| `F2B_FILTER_DIR` | Filter directory path | `/etc/fail2ban/filter.d` | | `F2B_FILTER_DIR` | Filter directory path | `/etc/fail2ban/filter.d` |
| `F2B_LOG_LEVEL` | Log level | `info` | | `F2B_LOG_LEVEL` | Log level | `info` |

2
shared/constants.go
View File

@@ -1,5 +1,7 @@
// Package shared provides constants used across all packages in the f2b project. // Package shared provides constants used across all packages in the f2b project.
// This file consolidates all constants to ensure consistency and maintainability. // This file consolidates all constants to ensure consistency and maintainability.
//
//nolint:revive // Package name 'shared' is intentional for project-wide constants
package shared package shared
import "time" import "time"