Skip to content

[FEAT] added reissue account #436

[FEAT] added reissue account

[FEAT] added reissue account #436

Workflow file for this run

name: GHA Build
# The `name:` here is also used in badge.svg rendering as the left-hand-side
permissions:
# Control the GITHUB_TOKEN permissions.
# By having this block, all permissions not listed here are set to none.
# Available permissions listed at:
# <https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token>
# Which API calls need which permissions at what level, listed at:
# <https://docs.github.com/en/rest/reference/permissions-required-for-github-apps>
#
contents: read
checks: write
statuses: write
on:
push:
branches-ignore:
- 'exp'
- 'exp/*'
- 'exp-*'
- 'exp_*'
- 'wip'
- 'wip/*'
- 'wip-*'
- 'wip_*'
pull_request:
jobs:
test:
runs-on: ${{ matrix.os }}
continue-on-error: ${{ matrix.experimental || false }}
strategy:
# Debugging multi-platform builds, let them all complete (for now)
fail-fast: false
matrix:
# It's called a matrix but in practice I'm just listing out the precise combinations we want, via include.
# The canonical entry is the only one where we run vet/lint/style checks.
# `experimental: true` entries do not cause the tests to fail.
include:
- go: '1.21.x'
os: ubuntu-latest
canonical: true
- go: '1.21.x'
os: windows-latest
canonical: false
- go: '1.21.x'
os: macos-latest
canonical: false
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go }}
# We're not doing releases, just checks, so we can live without check-latest here
- name: Export Go environment to Actions outputs
id: go-settings
run: |
echo "::set-output name=arch::$(go env GOARCH)"
echo "::set-output name=hostarch::$(go env GOHOSTARCH)"
echo "::set-output name=os::$(go env GOOS)"
echo "::set-output name=hostos::$(go env GOHOSTOS)"
echo "::set-output name=go-version::$(go env GOVERSION)"
# Use with:
# ${{ steps.go-settings.outputs.go-version }}
# which will look like `go1.17.1` if matrix `1.17.x` matches `1.17.1`.
# These are independent of how the matrix is setup, or if a matrix is even used.
#
# You can see the individual values in the "Set up Go" output, collapsed inside a "go env" group at the end.
- name: Install additional check/lint tools
id: tools-install
run: |
go install github.com/mattn/goveralls@latest
go install github.com/wadey/gocovmerge@latest
go install honnef.co/go/tools/cmd/[email protected]
if: matrix.canonical
- name: Basic Go integrity checks
id: integrity
run: |
go vet ./...
if: matrix.canonical
- name: Run Tests (with coverage enabled)
id: coverage
run: |
mkdir cov
echo "::group::Coverage of ./cmd"
go test -v -failfast -covermode=atomic -coverprofile=./cov/cmd.out ./cmd
echo "::endgroup::"
echo "::group::Coverage of ./cmd/store"
go test -v -failfast -covermode=atomic -coverprofile=./cov/store.out ./cmd/store
echo "::endgroup::"
if: runner.os != 'Windows'
- name: Run Tests (Windows)
id: wintest
# nb2: if we use the coverage approach on Windows, the -coverprofile flag appears to be looked for as a package, and I've no idea why (am not a Windows dev)
# cannot find package "github.com/nats-io/nsc/cov/cmd.out" in any of:
# C:\hostedtoolcache\windows\go\1.16.13\x64\src\github.com\nats-io\nsc\cov\cmd.out (from $GOROOT)
# D:\a\nsc\nsc\go\src\github.com\nats-io\nsc\cov\cmd.out (from $GOPATH)
run: |
echo "::group::Testing of ./cmd"
go test -v -failfast ./cmd
echo "::endgroup::"
echo "::group::Testing of ./cmd/store"
go test -v -failfast ./cmd/store
echo "::endgroup::"
if: runner.os == 'Windows'
- name: Upload coverage results
id: coverage-upload
run: |
gocovmerge ./cov/*.out > coverage.out
goveralls -coverprofile=coverage.out -service=github
env:
COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
if: matrix.canonical
- name: Bad versions creep defense
id: go-module-versions
# The go.mod includes tests, and some of our tests explicitly pull in jwtv1, which is unmaintained and has security issues.
# It's only in the tests, so that's not critical enough to need to rewrite things at this time.
# But we don't want the _binary_ to link against v1. So we want to check what the actual binary links against.
# Add whatever other checks we care about here.
run: |
go build
go version -m ./nsc > versions
if grep -qsE '^[[:space:]]+dep[[:space:]]+github\.com/nats-io/jwt[[:space:]]' versions; then
echo "::error title=Bad dependency in binary::JWT library v1 detected"
exit 1
fi
if: matrix.canonical
#EOF