Skip to content

Fix gosec overflow alerts (#5799) #14374

Fix gosec overflow alerts (#5799)

Fix gosec overflow alerts (#5799) #14374

Workflow file for this run

name: ci
on:
push:
branches:
- main
pull_request:
env:
# Default version of Go to use by CI workflows. This should be the latest
# release of Go; developers likely use the latest release in development and
# we want to catch any bugs (e.g. lint errors, race detection) with this
# release before they are merged. The Go compatibility guarantees ensure
# backwards compatibility with the previous two minor releases and we
# explicitly test our code for these versions so keeping this at prior
# versions does not add value.
DEFAULT_GO_VERSION: "~1.23.0"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0 ## Needed for "Set internal/tools/go.mod timestamp" step.
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
check-latest: true
cache-dependency-path: "**/go.sum"
- name: Tools cache
uses: actions/cache@v4
env:
cache-name: go-tools-cache
with:
path: .tools
key: ${{ runner.os }}-${{ env.cache-name }}-${{ hashFiles('./internal/tools/**') }}
# The step below is needed to not rebuild all the build tools.
- name: Set internal/tools/go.mod timestamp
run: |
filename="internal/tools/go.mod"
unixtime=$(git log -1 --format="%at" -- "${filename}")
touchtime=$(date -d @$unixtime +'%Y%m%d%H%M.%S')
touch -t ${touchtime} "${filename}"
ls -la --time-style=full-iso "${filename}"
- name: Generate
run: make generate
- name: Run linters
run: make license-check lint vanity-import-check verify-readmes verify-mods
- name: Build
run: make build
- name: Check clean repository
run: make check-clean-work-tree
test-bench:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Setup Environment
run: |
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
cache-dependency-path: "**/go.sum"
- name: Run benchmarks to check functionality
run: make test-bench
test-race:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
check-latest: true
cache-dependency-path: "**/go.sum"
- name: Run tests with race detector
run: make test-race
test-concurrent-safe:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
check-latest: true
cache-dependency-path: "**/go.sum"
- name: Run ConcurrentSafe tests multiple times with race detector
run: make test-concurrent-safe
test-coverage:
runs-on: ubuntu-latest
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.DEFAULT_GO_VERSION }}
check-latest: true
cache-dependency-path: "**/go.sum"
- name: Run coverage tests
run: make test-coverage
- name: Store coverage test output
uses: actions/upload-artifact@v4
with:
name: coverage-artifacts-${{ env.DEFAULT_GO_VERSION }}
path: coverage.txt
codecov:
runs-on: ubuntu-latest
needs: [test-coverage]
steps:
- uses: actions/download-artifact@v4
with:
pattern: coverage-artifacts-${{ env.DEFAULT_GO_VERSION }}
- name: Upload coverage report
uses: codecov/codecov-action@v4.5.0
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
file: ./coverage.txt
verbose: true
compatibility-test:
strategy:
matrix:
go-version: ["1.23.0", "~1.22.5"]
platform:
- os: ubuntu-latest
arch: "386"
- os: ubuntu-latest
arch: amd64
- os: macos-13
arch: amd64
- os: macos-latest
arch: arm64
- os: windows-latest
arch: "386"
- os: windows-latest
arch: amd64
# ARM64 compatibility tests are using actuated runners
# See https://github.com/open-telemetry/community/blob/main/docs/using-actuated.md
- os: actuated-arm64-2cpu-8gb
arch: arm64
runs-on: ${{ matrix.platform.os }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
check-latest: true
cache-dependency-path: "**/go.sum"
- name: Run tests
env:
GOARCH: ${{ matrix.platform.arch }}
run: make test-short
test-compatibility:
runs-on: ubuntu-latest
needs: [compatibility-test]
steps:
- name: Test if compatibility-test passed
run: |
echo ${{ needs.compatibility-test.result }}
test ${{ needs.compatibility-test.result }} == "success"