fix: remove all inHunk references #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Canonical CI workflow for hawk-eco Go repos. | |
| # Source of truth: .shared-templates/workflows/go-ci.yml.tmpl | |
| # | |
| # Two deployment models: | |
| # | |
| # 1. NOW — render this template inline into each repo's | |
| # .github/workflows/ci.yml. Every repo has identical content. | |
| # | |
| # 2. LATER — once GrayCodeAI/.github exists as a central repo, move this | |
| # file to GrayCodeAI/.github/.github/workflows/go-ci.yml with | |
| # `on: workflow_call:`. Each repo's ci.yml becomes a 5-line caller: | |
| # | |
| # name: CI | |
| # on: { push: { branches: [main] }, pull_request: } | |
| # jobs: | |
| # ci: | |
| # uses: GrayCodeAI/.github/.github/workflows/go-ci.yml@main | |
| name: CI | |
| on: | |
| push: | |
| branches: [main, dev] | |
| pull_request: | |
| branches: [main, dev] | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| GO_VERSION: "1.26.3" | |
| GOPROXY: "https://proxy.golang.org,direct" | |
| jobs: | |
| # ------------------------------------------------------------------------- | |
| # Format + vet — fastest, fail fast. | |
| # ------------------------------------------------------------------------- | |
| fmt-vet: | |
| name: fmt + vet | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Clone hawk for shared/types | |
| run: git clone --depth=1 https://github.com/GrayCodeAI/hawk.git ../hawk | |
| - name: Remove go.work | |
| run: rm -f go.work go.work.sum | |
| - name: gofumpt diff | |
| run: | | |
| go install mvdan.cc/gofumpt@latest | |
| out=$(gofumpt -l .) | |
| if [ -n "$out" ]; then | |
| echo "::error::gofumpt would reformat the following files:" | |
| echo "$out" | |
| exit 1 | |
| fi | |
| - name: go vet | |
| run: go vet ./... | |
| # ------------------------------------------------------------------------- | |
| # Lint — golangci-lint covers most static checks. | |
| # ------------------------------------------------------------------------- | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Clone hawk for shared/types | |
| run: git clone --depth=1 https://github.com/GrayCodeAI/hawk.git ../hawk | |
| - name: Remove go.work (local dev only) | |
| run: rm -f go.work go.work.sum | |
| - uses: golangci/golangci-lint-action@v7 | |
| with: | |
| version: v2.1.0 | |
| install-mode: goinstall | |
| verify: false | |
| args: --timeout=5m | |
| # ------------------------------------------------------------------------- | |
| # Tests with race detector + coverage upload. | |
| # ------------------------------------------------------------------------- | |
| test: | |
| name: test (race + cover) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Clone hawk for shared/types | |
| run: git clone --depth=1 https://github.com/GrayCodeAI/hawk.git ../hawk | |
| - name: Tidy check | |
| run: | | |
| go mod tidy | |
| if ! git diff --quiet; then | |
| echo "::error::go.mod / go.sum out of date — run 'go mod tidy' and commit" | |
| git diff | |
| exit 1 | |
| fi | |
| - name: Test | |
| run: go test ./... -race -count=1 -coverprofile=coverage.out -covermode=atomic -timeout=180s | |
| - name: Coverage summary | |
| run: go tool cover -func=coverage.out | tail -1 | |
| - name: Upload coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coverage | |
| path: coverage.out | |
| # ------------------------------------------------------------------------- | |
| # Security scan — vulnerability database + (optional) gosec. | |
| # ------------------------------------------------------------------------- | |
| security: | |
| name: security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Clone hawk for shared/types | |
| run: git clone --depth=1 https://github.com/GrayCodeAI/hawk.git ../hawk | |
| - name: Remove go.work | |
| run: rm -f go.work go.work.sum | |
| - name: govulncheck | |
| run: | | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| - name: gosec (advisory) | |
| continue-on-error: true | |
| run: | | |
| go install github.com/securego/gosec/v2/cmd/gosec@latest | |
| gosec -exclude=G104,G301,G302,G304,G306 ./... | |
| # ------------------------------------------------------------------------- | |
| # Cross-platform build matrix — only for repos that produce a binary. | |
| # Repos that are pure libraries can keep this job (it'll just `go build ./...`) | |
| # or remove it locally. | |
| # ------------------------------------------------------------------------- | |
| build: | |
| name: build (${{ matrix.goos }}/${{ matrix.goarch }}) | |
| runs-on: ubuntu-latest | |
| needs: [fmt-vet, lint, test] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| goos: [linux, darwin, windows] | |
| goarch: [amd64, arm64] | |
| exclude: | |
| - goos: windows | |
| goarch: arm64 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Clone hawk for shared/types | |
| run: git clone --depth=1 https://github.com/GrayCodeAI/hawk.git ../hawk | |
| - name: Build | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| CGO_ENABLED: "0" | |
| run: go build ./... |