# Copyright © 2021-2024 Montgomery Edwards⁴⁴⁸ (github.com/x448). # This file is licensed under MIT License. # # Safer GitHub Actions Workflow for golangci-lint. # https://github.com/x448/safer-golangci-lint # # safer-golangci-lint.yml # # This workflow downloads, verifies, and runs golangci-lint in a # deterministic, reviewable, and safe manner. # # To use: # Step 1. Copy this file into [your_github_repo]/.github/workflows/ # Step 2. There's no step 2 if you like the default settings. # # See golangci-lint docs for more info at # https://github.com/golangci/golangci-lint # # 100% of the script for downloading, installing, and running golangci-lint # is embedded in this file. The embedded SHA-256 digest is used to verify the # downloaded golangci-lint tarball (golangci-lint-1.xx.x-linux-amd64.tar.gz). # # The embedded SHA-256 digest matches golangci-lint-1.xx.x-checksums.txt at # https://github.com/golangci/golangci-lint/releases # # To use a newer version of golangci-lint, change these values: # 1. GOLINTERS_VERSION # 2. GOLINTERS_TGZ_DGST # # Release v1.54.2 (Feb 19, 2024) # - Bump golangci-lint to 1.54.2 # - Hash of golangci-lint-1.54.2-linux-amd64.tar.gz # - SHA-256: 17c9ca05253efe833d47f38caf670aad2202b5e6515879a99873fabd4c7452b3 # This SHA-256 digest matches golangci-lint-1.54.2-checksums.txt at # https://github.com/golangci/golangci-lint/releases # name: linters # Remove default permissions and grant only what is required in each job. permissions: {} on: workflow_dispatch: pull_request: push: branches: [main, master] env: GO_VERSION: '1.20' GOLINTERS_VERSION: 1.54.2 GOLINTERS_ARCH: linux-amd64 GOLINTERS_TGZ_DGST: 17c9ca05253efe833d47f38caf670aad2202b5e6515879a99873fabd4c7452b3 GOLINTERS_TIMEOUT: 15m OPENSSL_DGST_CMD: openssl dgst -sha256 -r CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail jobs: main: name: Lint runs-on: ubuntu-latest permissions: contents: read steps: - name: Checkout source uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 1 - name: Setup Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ env.GO_VERSION }} check-latest: true - name: Install golangci-lint run: | GOLINTERS_URL_PREFIX="https://github.com/golangci/golangci-lint/releases/download/v${GOLINTERS_VERSION}/" GOLINTERS_TGZ="golangci-lint-${GOLINTERS_VERSION}-${GOLINTERS_ARCH}.tar.gz" GOLINTERS_EXPECTED_DGST="${GOLINTERS_TGZ_DGST} *${GOLINTERS_TGZ}" DGST_CMD="${OPENSSL_DGST_CMD} ${GOLINTERS_TGZ}" cd $(mktemp -d /tmp/golinters.XXXXX) ${CURL_CMD} "${GOLINTERS_URL_PREFIX}${GOLINTERS_TGZ}" --output ${GOLINTERS_TGZ} GOLINTERS_GOT_DGST=$(${DGST_CMD}) if [ "${GOLINTERS_GOT_DGST}" != "${GOLINTERS_EXPECTED_DGST}" ] then echo "Digest of tarball is not equal to expected digest." echo "Expected digest: " "${GOLINTERS_EXPECTED_DGST}" echo "Got digest: " "${GOLINTERS_GOT_DGST}" exit 1 fi tar --no-same-owner -xzf "${GOLINTERS_TGZ}" --strip-components 1 install golangci-lint $(go env GOPATH)/bin shell: bash # Run required linters enabled in .golangci.yml (or default linters if yml doesn't exist) - name: Run golangci-lint run: $(go env GOPATH)/bin/golangci-lint run --timeout="${GOLINTERS_TIMEOUT}" shell: bash