ivuorinen/gh-action-readme
1
0
Fork 0
mirror of https://github.com/ivuorinen/gh-action-readme.git synced 2026-02-06 18:46:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: go 1.25.5, dependency updates, renamed internal/errors (#129)

Browse Source 
* feat: rename internal/errors to internal/apperrors

* fix(tests): clear env values before using in tests

* feat: rename internal/errors to internal/apperrors

* chore(deps): update go and all dependencies

* chore: remove renovate from pre-commit, formatting

* chore: sonarcloud fixes

* feat: consolidate constants to appconstants/constants.go

* chore: sonarcloud fixes

* feat: simplification, deduplication, test utils

* chore: sonarcloud fixes

* chore: sonarcloud fixes

* chore: sonarcloud fixes

* chore: sonarcloud fixes

* chore: clean up

* fix: config discovery, const deduplication

* chore: fixes
This commit is contained in:
Ismo Vuorinen
2026-01-01 23:17:29 +02:00
committed by GitHub
parent 85a439d804
commit 7f80105ff5
65 changed files with 2321 additions and 1710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/ci.yml vendored
View File

@@ -9,17 +9,17 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
- name: Install dependencies
run: go mod tidy
- name: Setup Node.js for EditorConfig tools
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '24'
node-version: "24"
- name: Install EditorConfig tools
run: npm install -g eclint
- name: Check EditorConfig compliance
@@ -58,7 +58,7 @@ jobs:
echo "Verifying generated documentation files..."
ls -la docs/
- name: Upload Generated Documentation
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
if: always()
with:
name: generated-documentation

12
.github/workflows/codeql.yml vendored
View File

@@ -1,14 +1,14 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: 'CodeQL'
name: "CodeQL"
on:
push:
branches: ['main']
branches: ["main"]
pull_request:
branches: ['main']
branches: ["main"]
schedule:
- cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday
- cron: "30 1 * * 0" # Run at 1:30 AM UTC every Sunday
merge_group:
permissions:
@@ -25,7 +25,7 @@ jobs:
strategy:
fail-fast: false
matrix:
language: ['go']
language: ["go"]
steps:
- name: Checkout repository
@@ -45,4 +45,4 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
category: '/language:${{matrix.language}}'
category: "/language:${{matrix.language}}"

2
.github/workflows/commitlint.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '24'
node-version: "24"
- name: Install commitlint
run: |

5
.github/workflows/pr-lint.yml vendored
View File

@@ -12,7 +12,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
permissions:
contents: read
jobs:
Linter:
@@ -30,4 +31,4 @@ jobs:
steps:
- name: Run PR Lint
# https://github.com/ivuorinen/actions
uses: ivuorinen/actions/pr-lint@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23
uses: ivuorinen/actions/pr-lint@fb25736f7e7a438979c11764e9fe6a100278b4c5 # v2025.12.30

11
.github/workflows/release.yml vendored
View File

@@ -4,9 +4,10 @@ name: Release
on:
push:
tags:
- 'v*.*.*'
- "v*.*.*"
permissions: read-all
permissions:
contents: read
jobs:
release:
@@ -29,15 +30,15 @@ jobs:
- name: Set up Node.js (for cosign)
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '24'
node-version: "24"
- name: Install cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: 'v2.4.0'
cosign-release: "v2.4.0"
- name: Install syft
uses: anchore/sbom-action/download-syft@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11
uses: anchore/sbom-action/download-syft@a930d0ac434e3182448fe678398ba5713717112a # v0.21.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

87
.github/workflows/security.yml vendored
View File

@@ -1,23 +1,17 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: 'Security Scanning'
name: "Security Scanning"
on:
push:
branches: ['main']
branches: ["main"]
pull_request:
branches: ['main']
branches: ["main"]
schedule:
# Run security scans every Sunday at 2:00 AM UTC
- cron: '0 2 * * 0'
- cron: "0 2 * * 0"
merge_group:
permissions:
contents: read
security-events: write
actions: read
pull-requests: write
jobs:
# Comprehensive security coverage:
# - govulncheck: Go-specific vulnerability scanning
@@ -27,16 +21,18 @@ jobs:
govulncheck:
name: Go Vulnerability Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
check-latest: true
- name: Install govulncheck
@@ -48,47 +44,52 @@ jobs:
trivy:
name: Trivy Security Scan
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master # 0.32.0
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH,MEDIUM'
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH,MEDIUM"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
if: always()
with:
sarif_file: 'trivy-results.sarif'
sarif_file: "trivy-results.sarif"
- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
uses: aquasecurity/trivy-action@master # 0.32.0
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
with:
scan-type: 'fs'
format: 'github'
output: 'dependency-results.sbom.json'
image-ref: '.'
scan-type: "fs"
format: "github"
output: "dependency-results.sbom.json"
image-ref: "."
github-pat: ${{ secrets.GITHUB_TOKEN }}
secrets:
name: Secrets Detection
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0 # Full history for gitleaks
- name: Run gitleaks to detect secrets
uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2
uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for gitleaks-action pro
@@ -96,17 +97,20 @@ jobs:
docker-security:
name: Docker Image Security
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
if: github.event_name != 'pull_request' # Skip on PRs to avoid building images unnecessarily
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version-file: 'go.mod'
go-version-file: "go.mod"
check-latest: true
- name: Build the bin
@@ -117,30 +121,33 @@ jobs:
run: docker build -t gh-action-readme:test .
- name: Run Trivy vulnerability scanner on Docker image
uses: aquasecurity/trivy-action@master # 0.32.0
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
with:
image-ref: 'gh-action-readme:test'
format: 'sarif'
output: 'trivy-docker-results.sarif'
image-ref: "gh-action-readme:test"
format: "sarif"
output: "trivy-docker-results.sarif"
- name: Upload Docker Trivy scan results
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
if: always()
with:
sarif_file: 'trivy-docker-results.sarif'
sarif_file: "trivy-docker-results.sarif"
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
- name: Dependency Review
uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
with:
fail-on-severity: high
comment-summary-in-pr: always

4
.github/workflows/stale.yml vendored
View File

@@ -4,7 +4,7 @@ name: Stale
on:
schedule:
- cron: '0 8 * * *' # Every day at 08:00
- cron: "0 8 * * *" # Every day at 08:00
workflow_call:
workflow_dispatch:
@@ -23,4 +23,4 @@ jobs:
issues: write
pull-requests: write
steps:
- uses: ivuorinen/actions/stale@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23
- uses: ivuorinen/actions/stale@fb25736f7e7a438979c11764e9fe6a100278b4c5 # v2025.12.30

11
.github/workflows/sync-labels.yml vendored
View File

@@ -8,10 +8,10 @@ on:
- main
- master
paths:
- '.github/labels.yml'
- '.github/workflows/sync-labels.yml'
- ".github/labels.yml"
- ".github/workflows/sync-labels.yml"
schedule:
- cron: '34 5 * * *' # Run every day at 05:34 AM UTC
- cron: "34 5 * * *" # Run every day at 05:34 AM UTC
workflow_call:
workflow_dispatch:
merge_group:
@@ -20,7 +20,8 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
permissions:
contents: read
jobs:
labels:
@@ -39,4 +40,4 @@ jobs:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: ⤵️ Sync Latest Labels Definitions
uses: ivuorinen/actions/sync-labels@5cc7373a22402ee8985376bc713f00e09b5b2edb # v2025.11.23
uses: ivuorinen/actions/sync-labels@fb25736f7e7a438979c11764e9fe6a100278b4c5 # v2025.12.30