style: fix gofmt formatting in test files #182

Workflow file for this run

	name: CI

	on:
	push:
	branches: [main]
	tags: ['**']
	pull_request:
	branches: [main, master]
	merge_group:
	workflow_dispatch:
	schedule:
	- cron: '0 0 * * 0'

	permissions: read-all

	jobs:
	unit:
	name: unit tests
	runs-on: ${{ matrix.platform }}
	permissions:
	contents: read
	strategy:
	fail-fast: false
	matrix:
	go-version: [1.25.x]
	platform: [ubuntu-latest, windows-latest, macos-latest]
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version: ${{ matrix.go-version }}

	- name: Verify go.mod is tidy
	run: \|
	go mod tidy
	git diff --exit-code -- go.mod go.sum

	- name: Install gotestsum
	run: go install gotest.tools/gotestsum@latest

	- name: Unit tests
	shell: bash
	run: \|
	gotestsum --format github-actions -- -race -covermode=atomic -coverprofile=coverage-${{ matrix.platform }}.out ./...

	- name: Coverage summary
	shell: bash
	run: go tool cover -func=coverage-${{ matrix.platform }}.out \| tail -n 1 \|\| true

	- name: Enforce coverage threshold
	shell: bash
	run: \|
	THRESHOLD=70.0
	TOTAL=$(go tool cover -func=coverage-${{ matrix.platform }}.out \| awk '/^total:/ {gsub("%","",$3); print $3}')
	echo "Total coverage: ${TOTAL}% (threshold ${THRESHOLD}%)"
	awk -v t="$THRESHOLD" -v a="$TOTAL" 'BEGIN { if (a+0 < t+0) { exit 1 } }'

	- name: Upload coverage
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: coverage-${{ matrix.platform }}
	path: coverage-${{ matrix.platform }}.out

	lint:
	name: golangci-lint
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Download modules
	run: go mod download

	- name: Warm build cache
	run: go build ./...

	- name: Run golangci-lint
	uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0
	with:
	version: v2.1.6
	install-mode: goinstall
	args: --timeout=5m --allow-parallel-runners
	only-new-issues: false

	vulncheck:
	name: govulncheck
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Run govulncheck
	run: \|
	set +e
	TMP_OUT=$(mktemp)
	go run golang.org/x/vuln/cmd/govulncheck@latest ./... \| tee "$TMP_OUT"
	set -e
	if grep -E "^\s*Fixed in:\s+" "$TMP_OUT" \| grep -v "Fixed in: N/A" >/dev/null; then
	echo "govulncheck: vulnerabilities with available fixes detected"
	exit 1
	fi
	echo "govulncheck: no vulnerabilities with available fixes"
	exit 0

	gosec:
	name: gosec
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Install gosec
	run: go install github.com/securego/gosec/v2/cmd/gosec@latest

	- name: Run gosec
	run: \|
	"$(go env GOPATH)/bin/gosec" ./...

	gitleaks:
	name: gitleaks
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	fetch-depth: 0

	- name: Run gitleaks
	uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_KEY }}

	trivy:
	name: trivy scan (fs)
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Run Trivy filesystem scan
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # 0.31.0
	with:
	scan-type: fs
	ignore-unfixed: true
	format: sarif
	output: trivy-results.sarif
	vuln-type: 'os,library'
	severity: CRITICAL,HIGH
	exit-code: 1

	- name: Upload Trivy SARIF
	uses: github/codeql-action/upload-sarif@d3ced5c96c16c4332e2a61eb6f3649d6f1b20bb8 # v3
	if: always()
	with:
	sarif_file: trivy-results.sarif

	workflow-lint:
	name: actionlint
	runs-on: ubuntu-latest
	permissions:
	contents: read
	pull-requests: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Run actionlint
	uses: reviewdog/action-actionlint@a5524e1c19e62881d79c1f1b9b6f09f16356e281 # v1.65.2

	benchmark:
	name: benchmarks
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Run benchmarks
	run: \|
	go test -bench=. -benchmem -run=^$ -count=3 ./... \| tee benchmark-results.txt

	- name: Upload benchmark results
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: benchmark-results
	path: benchmark-results.txt

	fuzz:
	name: fuzz testing
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Run fuzz tests
	run: \|
	echo "Running fuzz tests (30s each)..."
	# Run each fuzz test for 30 seconds
	go test -fuzz=FuzzParseStandard -fuzztime=30s ./... \|\| true
	go test -fuzz=FuzzSpec_Next -fuzztime=30s ./... \|\| true
	echo "Fuzz testing complete"

	- name: Check for crashers
	run: \|
	# Check if any crashers were found
	if find . -path "/testdata/fuzz//crashers/*" -type f 2>/dev/null \| grep -q .; then
	echo "::error::Fuzz testing found crashers!"
	find . -path "/testdata/fuzz//crashers/*" -type f -exec cat {} \;
	exit 1
	fi
	echo "No crashers found"

	integration:
	name: integration tests
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Run integration tests
	run: \|
	echo "Running integration tests..."
	go test -v -race -tags=integration -timeout=10m ./...

	license-check:
	name: license compliance
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
	with:
	egress-policy: audit

	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Install Go
	uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
	with:
	go-version-file: go.mod

	- name: Install go-licenses
	run: go install github.com/google/go-licenses@latest

	- name: Check license compliance
	run: \|
	echo "Checking license compliance..."
	$(go env GOPATH)/bin/go-licenses check ./... 2>&1 \| tee license-report.txt \|\| true

	# Fail on copyleft licenses that require source disclosure
	if grep -iE "(GPL\|AGPL\|LGPL\|SSPL\|CDDL\|EPL\|MPL)" license-report.txt \| grep -v "Apache\\|MIT\\|BSD\\|ISC"; then
	echo "::error::Copyleft license detected - review required"
	exit 1
	fi
	echo "License check passed - no problematic licenses detected"

	- name: Generate license report
	run: \|
	$(go env GOPATH)/bin/go-licenses report ./... 2>/dev/null > license-report-full.txt \|\| true
	echo "=== License Summary ==="
	cat license-report-full.txt

	- name: Upload license report
	uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
	with:
	name: license-report
	path: \|
	license-report.txt
	license-report-full.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

style: fix gofmt formatting in test files #182

Workflow file

style: fix gofmt formatting in test files #182

Uh oh!

Jobs

Run details

Workflow file for this run