open-code-review/.github/workflows/ci.yml
kite e6e5da0930
ci: bump Go image to 1.26.5 to fix GO-2026-5856 govulncheck failure (#330)
govulncheck flags GO-2026-5856 (Encrypted Client Hello privacy leak in
crypto/tls), present in the Go standard library through go1.26.4 and
fixed in go1.26.5. The CI and release workflows pin the golang:1.26.4
container image, so govulncheck fails with exit code 3 on every run.
Bump both workflow images to golang:1.26.5.
2026-07-09 11:00:45 +08:00

48 lines
1.2 KiB
YAML

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
test:
runs-on: self-hosted
timeout-minutes: 15
container:
image: golang:1.26.5
steps:
- uses: actions/checkout@v4
- name: Trust workspace
run: git config --global --replace-all safe.directory '*'
- name: Vet
run: go vet ./...
- name: Govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
- name: Test with coverage
run: |
go test -v -race -count=1 -coverprofile=coverage.out ./...
go tool cover -func=coverage.out | grep total: | awk '{print $3}'
- name: Check coverage threshold
run: |
COVERAGE=$(go tool cover -func=coverage.out | grep total: | awk '{print $3}' | sed 's/%//')
echo "Total coverage: ${COVERAGE}%"
if awk "BEGIN {exit !($COVERAGE < 80)}"; then
echo "FAIL: Coverage ${COVERAGE}% is below 80% threshold"
exit 1
fi
echo "PASS: Coverage ${COVERAGE}% meets 80% threshold"
- name: Build
run: go build -o /dev/null ./cmd/opencodereview