deps(deps): bump modernc.org/sqlite from 1.50.1 to 1.52.0 #38
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| name: Test (ubuntu-latest) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: go vet | |
| run: go vet ./... | |
| - name: go build | |
| run: go build -trimpath ./... | |
| - name: go test | |
| run: go test ./... -race -count=1 -coverprofile=coverage.out -covermode=atomic -coverpkg=./... | |
| - name: Upload coverage | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: coverage | |
| path: coverage.out | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v9 | |
| with: | |
| version: latest | |
| mod-hygiene: | |
| name: Module hygiene | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: go mod tidy is clean | |
| run: | | |
| go mod tidy | |
| if ! git diff --exit-code -- go.mod go.sum; then | |
| echo "::error::go mod tidy produced changes; run it locally and commit" | |
| exit 1 | |
| fi | |
| - name: go mod verify | |
| run: go mod verify | |
| vuln: | |
| name: Vulnerability scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: govulncheck | |
| uses: golang/govulncheck-action@v1 | |
| with: | |
| go-version-input: stable | |
| repo-checkout: false | |
| readonly: | |
| name: Read-only invariant | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Assert no producer code in non-test paths | |
| run: | | |
| if grep -RIn 'kgo.NewProducer\|\.ProduceSync(\|\.Produce(' --include="*.go" . | \ | |
| grep -v _test.go | \ | |
| grep -v 'ErrProduceForbidden\|LastProduceTs\|formatLastProduced\|lastProducedLabel\|MessageTimestampType\|callers must never invoke Produce\|LastProducedLabel\|//.*Produce'; then | |
| echo "::error::READ-ONLY INVARIANT VIOLATED: producer call detected in non-test code" | |
| exit 1 | |
| fi | |
| echo "Read-only invariant intact." | |
| integration: | |
| name: Integration | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Integration tests | |
| run: go test ./... -tags=integration -count=1 -timeout=15m |