Skip to content
ci

ci: optimize workflows, improve testing, and harden linting #160

Sign in to view logs

ci: optimize workflows, improve testing, and harden linting

ci: optimize workflows, improve testing, and harden linting #160

Workflow file for this run

.github/workflows/ci.yml at aa4d667
name: ci
on:
push:
branches:
- main
pull_request:
jobs:
pr-title:
name: Validate PR Title
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
quality:
name: Quality (Lint & Vuln)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-go@v5
with:
go-version: "1.25.x"
cache: true
# Cache based on all go.sum files in the workspace to capture changes in examples/submodules
cache-dependency-path: |
**/go.sum
go.work.sum
- name: Cache Tools Binaries
uses: actions/cache@v4
with:
path: |
~/go/bin
~/.cache/golangci-lint
# Key depends ONLY on tools/tools.go and the root go.sum (where tools versions are pinned)
# This prevents tool rebuilds when app dependencies change
key: ${{ runner.os }}-tools-${{ hashFiles('tools/tools.go', 'go.sum') }}
restore-keys: |
${{ runner.os }}-tools-
- name: Install tools
# Use make tools to install versions pinned in go.mod/tools.go
# With the cache above, this will be a near-instant no-op if binaries exist
run: make tools
- name: Lint
run: make lint
- name: Vulnerability scan
run: make vuln
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-go@v5
with:
go-version: "1.25.x"
cache: true
# Cache based on all go.sum files in the workspace
cache-dependency-path: |
**/go.sum
go.work.sum
- name: Test with coverage
run: make test-coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: .coverage/coverage.out,.coverage/coverage-examples.out
fail_ci_if_error: false