Skip to content
stactic checks

ci: add backport action #432

Sign in to view logs

ci: add backport action

ci: add backport action #432

Workflow file for this run

.github/workflows/static.yml at 42bddde
name: stactic checks
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
jobs:
flake-check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with:
name: edgelesssys
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
installCommand: nix profile install github:cachix/cachix/cd12acd9245ac9b7e010aa3acac49f37824fdad2 --accept-flake-config # remove on v14.1/v15
- name: nix flake check
run: |
nix -L flake check
go-source:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
token: ${{ !github.event.pull_request.head.repo.fork && secrets.NUNKI_CI_COMMIT_PUSH_PR || '' }}
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with:
name: edgelesssys
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
installCommand: nix profile install github:cachix/cachix/cd12acd9245ac9b7e010aa3acac49f37824fdad2 --accept-flake-config # remove on v14.1/v15
- name: Run code generations & tidying
run: |
nix run .#generate
- name: Check for modifications, commit changes on renovate PRs
uses: ./.github/actions/pushdiff
with:
error: Go source needs to be updated, check the GitHub run summary for the diff.
suggested-fix: Run \`nix run .#generate\` to generate and tidy Go code.
renovate-commit-msg: "fixup: update Go source"
govulncheck:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with:
name: edgelesssys
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
installCommand: nix profile install github:cachix/cachix/cd12acd9245ac9b7e010aa3acac49f37824fdad2 --accept-flake-config # remove on v14.1/v15
- name: Run govulncheck
run: |
nix run .#govulncheck -- ./...
golangci-lint:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@18cf96c7c98e048e10a83abd92116114cd8504be # v14
with:
name: edgelesssys
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
installCommand: nix profile install github:cachix/cachix/cd12acd9245ac9b7e010aa3acac49f37824fdad2 --accept-flake-config # remove on v14.1/v15
- name: Run golangci-lint
run: |
nix run .#golangci-lint -- run