chore: Tweaking renovate config #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| workflow_dispatch: | |
| # Least-privilege GITHUB_TOKEN for every job in this workflow: read-only | |
| # access to repository contents (enough for checkout) and nothing else. | |
| # Jobs that need more must opt in explicitly. | |
| permissions: | |
| contents: read | |
| # Supersede in-flight runs for the same ref instead of running them in | |
| # parallel. | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| # CI never pushes; don't leave the token in .git/config. | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: stable | |
| # `make lint` == `go vet ./...` + `gofmt -l .` check (see Makefile). | |
| - name: go vet + gofmt check | |
| run: make lint | |
| test: | |
| name: Test (Go ${{ matrix.go }}) | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go: [oldstable, stable] | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go ${{ matrix.go }} | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: ${{ matrix.go }} | |
| - name: Build | |
| run: make build | |
| - name: Test | |
| run: make test | |
| test-os-arch: | |
| name: Test (${{ matrix.target }}) | |
| runs-on: ${{ matrix.runs-on }} | |
| timeout-minutes: 15 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Native runner per target. GitHub no longer offers a free Intel-macOS | |
| # runner, so darwin/amd64 is cross-compiled in the release workflow but | |
| # cannot be natively tested here (no runner to schedule it on). | |
| include: | |
| - { target: linux/amd64, runs-on: ubuntu-latest } | |
| - { target: linux/arm64, runs-on: ubuntu-24.04-arm } | |
| - { target: darwin/arm64, runs-on: macos-14 } | |
| - { target: windows/amd64, runs-on: windows-latest } | |
| - { target: windows/arm64, runs-on: windows-11-arm } | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: stable | |
| # Call go directly, not make: the Windows runners have no make, and | |
| # go build/test are identical under bash and PowerShell. | |
| - name: Build | |
| run: go build ./... | |
| - name: Test | |
| run: go test ./... | |
| coverage: | |
| name: Coverage | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Go | |
| uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 | |
| with: | |
| go-version: stable | |
| # -race needs atomic covermode; both match how monetr collects coverage. | |
| - name: Test with coverage | |
| run: go test -race -covermode=atomic -coverprofile=coverage.out ./... | |
| # always() so a failing test still publishes its coverage (the job still | |
| # fails — the report just isn't lost with it). | |
| - name: Upload coverage to Codecov | |
| if: always() | |
| uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0 | |
| with: | |
| files: ./coverage.out | |
| token: ${{ secrets.CODECOV_TOKEN }} |