Skip to content

[StepSecurity] ci: Harden GitHub Actions (#3304) #9388

[StepSecurity] ci: Harden GitHub Actions (#3304)

[StepSecurity] ci: Harden GitHub Actions (#3304) #9388

Workflow file for this run

name: VMProxy
on:
push:
branches:
- main
- pmm-*
tags:
- v[0-9]+.[0-9]+.[0-9]+*
pull_request:
paths-ignore:
- "admin/**"
- "agent/**"
- "api-tests/**"
- "cli-tests/**"
- "docs/**"
- "managed/**"
- "qan-api2/**"
- "update/**"
permissions:
contents: read
jobs:
test:
name: Tests
runs-on: ubuntu-22.04
strategy:
fail-fast: false
defaults:
run:
working-directory: ${{ github.workspace }}/vmproxy
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go release
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: ${{ github.workspace }}/go.mod
cache: false
- name: Enable Go build cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.cache/go-build
key: ${{ runner.os }}-go-build-${{ github.ref }}-${{ hashFiles('**') }}
restore-keys: |
${{ runner.os }}-go-build-${{ github.ref }}-
${{ runner.os }}-go-build-
- name: Enable Go modules cache
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-modules-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-modules-
- name: Download Go modules
run: go mod download -x
- name: Build and install
run: make install
- name: Run tests
run: make test-cover
- name: Upload coverage results
uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
file: cover.out
flags: vmproxy
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
- name: Run debug commands on failure
if: ${{ failure() }}
run: |
env | sort
go env | sort
git status