Revert "In-memory env secrets" (#1) #94
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| id-token: write | |
| jobs: | |
| setup-linux-deps: | |
| name: Setup Linux Dependencies | |
| runs-on: ubuntu-latest | |
| outputs: | |
| cache-key: ${{ steps.cache-key.outputs.key }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Generate cache key | |
| id: cache-key | |
| run: echo "key=${{ runner.os }}-x11-deps-${{ hashFiles('go.mod') }}" >> $GITHUB_OUTPUT | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ steps.cache-key.outputs.key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies | |
| run: | | |
| sudo apt update | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Test Linux build | |
| run: | | |
| GOOS=linux GOARCH=amd64 go build -o /tmp/initiat-linux-amd64 . | |
| GOOS=linux GOARCH=arm64 go build -o /tmp/initiat-linux-arm64 . | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| strategy: | |
| matrix: | |
| go-version: ["1.25.x"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-${{ matrix.go-version }}- | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install and setup GNOME Keyring for tests | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gnome-keyring dbus-x11 | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Run tests | |
| run: | | |
| export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork) | |
| echo 'test' | gnome-keyring-daemon --unlock --daemonize --login | |
| gnome-keyring-daemon --start --daemonize --components=secrets | |
| sleep 3 | |
| if ! pgrep -f gnome-keyring-daemon > /dev/null; then | |
| echo "Warning: GNOME Keyring daemon not running - some tests may be skipped" | |
| fi | |
| timeout 600 go test -v -race -coverprofile=coverage.out ./... || \ | |
| timeout 600 go test -v -race ./... | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v7 | |
| with: | |
| version: v2.4.0 | |
| args: --timeout=5m | |
| format: | |
| name: Format Check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Check formatting | |
| run: | | |
| if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files are not formatted:" | |
| gofmt -s -l . | |
| echo "Please run 'gofmt -s -w .' to format your code." | |
| exit 1 | |
| fi | |
| - name: Check imports | |
| run: | | |
| go install golang.org/x/tools/cmd/goimports@latest | |
| if [ "$(goimports -l . | wc -l)" -gt 0 ]; then | |
| echo "The following files have incorrect imports:" | |
| goimports -l . | |
| echo "Please run 'goimports -w .' to fix your imports." | |
| exit 1 | |
| fi | |
| security: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # security-events: write # <- not needed while upload is disabled | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Install gosec | |
| run: go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| - name: Run Gosec (SARIF) | |
| run: gosec -no-fail -fmt sarif -out gosec-results.sarif ./... | |
| # --- Temporarily disabled: Code Scanning upload requires org/private entitlement --- | |
| # - name: Upload SARIF to Code Scanning | |
| # if: always() && hashFiles('gosec-results.sarif') != '' | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # sarif_file: gosec-results.sarif | |
| # category: gosec | |
| - name: Save SARIF as artifact | |
| if: always() && hashFiles('gosec-results.sarif') != '' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: gosec-sarif | |
| path: gosec-results.sarif | |
| retention-days: 7 | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [setup-linux-deps, test, lint, format] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Build for multiple platforms | |
| run: | | |
| # Test that the code builds for all target platforms | |
| GOOS=darwin GOARCH=amd64 go build -o /tmp/initiat-darwin-amd64 . | |
| GOOS=darwin GOARCH=arm64 go build -o /tmp/initiat-darwin-arm64 . | |
| GOOS=linux GOARCH=amd64 go build -o /tmp/initiat-linux-amd64 . | |
| GOOS=linux GOARCH=arm64 go build -o /tmp/initiat-linux-arm64 . | |
| GOOS=windows GOARCH=amd64 go build -o /tmp/initiat-windows-amd64.exe . | |
| - name: Test binary functionality | |
| run: | | |
| go build -o initiat . | |
| ./initiat --help | |
| ./initiat auth --help | |
| ./initiat version | |
| dependency-check: | |
| name: Dependency Check | |
| runs-on: ubuntu-latest | |
| needs: setup-linux-deps | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.25.x" | |
| - name: Cache X11 dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: /var/cache/apt | |
| key: ${{ needs.setup-linux-deps.outputs.cache-key }} | |
| restore-keys: | | |
| ${{ runner.os }}-x11-deps- | |
| - name: Install X11 dependencies from cache | |
| run: | | |
| sudo apt install -y libx11-dev libxrandr-dev libxinerama-dev libxcursor-dev libxi-dev | |
| - name: Check for vulnerabilities | |
| run: | | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| - name: Check mod tidy | |
| run: | | |
| go mod tidy | |
| if [ -n "$(git status --porcelain go.mod go.sum)" ]; then | |
| echo "go.mod or go.sum is not tidy" | |
| git diff go.mod go.sum | |
| exit 1 | |
| fi |