-
Notifications
You must be signed in to change notification settings - Fork 8
54 lines (50 loc) · 1.88 KB
/
static.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: stactic checks
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
jobs:
flake-check:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Install Nix
uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: nix flake check
run: nix -L flake check
go-source:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || '' }}
- name: Install Nix
uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Run code generations & tidying
run: nix run .#generate
- name: Check for modifications, commit changes on renovate PRs
uses: ./.github/actions/pushdiff
with:
error: Go source needs to be updated, check the GitHub run summary for the diff.
suggested-fix: Run \`nix run .#generate\` to generate and tidy Go code.
renovate-commit-msg: "fixup: update Go source"
govulncheck:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Install Nix
uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Run govulncheck
run: nix run .#govulncheck -- ./...