Get ready to enable DropPrivileges by default #2200
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Tests (macOS, Windows) | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| # Run only on release tags for v7.0.0 and up. | |
| - v[7-9]\.[0-9]+\.[0-9]+ | |
| - v[7-9]\.[0-9]+\.[0-9]+-rc\.[0-9]+ | |
| - v[1-9][0-9]+\.[0-9]+\.[0-9]+ | |
| - v[1-9][0-9]+\.[0-9]+\.[0-9]+-rc\.[0-9]+ | |
| repository_dispatch: | |
| types: | |
| - dispatch-build | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: [1.25.x] | |
| os: [macos-latest, windows-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| # Do fetch depth 0 here because otherwise GoReleaser might not work properly: | |
| # https://goreleaser.com/ci/actions/?h=tag#workflow | |
| fetch-depth: 0 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Cache Next.js | |
| uses: actions/cache@v4 | |
| with: | |
| # Reference: https://nextjs.org/docs/pages/building-your-application/deploying/ci-build-caching#github-actions | |
| path: | | |
| ~/.npm | |
| web_ui/frontend/.next/cache | |
| # Generate a new cache whenever packages or source files change. | |
| key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx', '!**/node_modules/**') }} | |
| # If source files changed but packages didn't, rebuild from a prior cache. | |
| restore-keys: | | |
| ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}- | |
| - name: Install Go | |
| if: runner.os != 'Windows' | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Create Go temporary directories (Windows workaround) | |
| if: runner.os == 'Windows' | |
| shell: pwsh | |
| run: mkdir D:\gotmp; mkdir D:\gomodcache; mkdir D:\gocache | |
| - name: Install Go (Windows workaround) | |
| if: runner.os == 'Windows' | |
| env: | |
| # Fix slow Go compile and cache restore: https://github.com/actions/setup-go/pull/515 | |
| GOCACHE: D:\gocache | |
| GOMODCACHE: D:\gomodcache | |
| GOTMPDIR: D:\gotmp | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Install macOS Dependencies | |
| run: ./github_scripts/osx_install.sh | |
| if: runner.os == 'macOS' | |
| - name: Install gotestsum (macOS) | |
| if: runner.os == 'macOS' | |
| run: | | |
| if ! command -v gotestsum &> /dev/null; then | |
| go install gotest.tools/gotestsum@latest | |
| fi | |
| # Ensure ~/go/bin is in PATH for subsequent steps | |
| echo "$HOME/go/bin" >> $GITHUB_PATH | |
| - name: Test macOS | |
| if: runner.os == 'macOS' | |
| env: | |
| JUNIT_FILE: junit-macOS.xml | |
| run: | | |
| echo "::group::Building web UI" | |
| make web-build | |
| echo "::endgroup::" | |
| gotestsum --format pkgname-and-test-fails --hide-summary=output --junitfile "$JUNIT_FILE" -- -p=4 -timeout 15m -coverpkg=./... -covermode=count -coverprofile=coverage.out ./... | |
| - name: Upload junit report (macOS) | |
| if: always() && runner.os == 'macOS' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: junit-macOS | |
| path: junit-macOS.xml | |
| - name: Publish JUnit summary (macOS) | |
| if: always() && runner.os == 'macOS' | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: junit-macOS.xml | |
| - name: Install gotestsum (Windows) | |
| if: runner.os == 'Windows' | |
| env: | |
| # Fix slow Go compile and cache restore: https://github.com/actions/setup-go/pull/515 | |
| GOCACHE: D:\gocache | |
| GOMODCACHE: D:\gomodcache | |
| GOTMPDIR: D:\gotmp | |
| run: | | |
| if (!(Get-Command gotestsum -ErrorAction SilentlyContinue)) { | |
| go install gotest.tools/gotestsum@latest | |
| } | |
| # Ensure go/bin is in PATH for subsequent steps | |
| echo "$env:USERPROFILE\go\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| - name: Test Windows | |
| if: runner.os == 'Windows' | |
| env: | |
| # Fix slow Go compile and cache restore: https://github.com/actions/setup-go/pull/515 | |
| GOCACHE: D:\gocache | |
| GOMODCACHE: D:\gomodcache | |
| GOTMPDIR: D:\gotmp | |
| JUNIT_FILE: junit-Windows.xml | |
| run: | | |
| echo "::group::Building web UI" | |
| make web-build | |
| echo "::endgroup::" | |
| gotestsum --format pkgname-and-test-fails --hide-summary=output --junitfile "$env:JUNIT_FILE" -- -p=4 -timeout 15m -coverpkg=./... -covermode=count -coverprofile=coverage.out ./... | |
| - name: Upload junit report (Windows) | |
| if: always() && runner.os == 'Windows' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: junit-Windows | |
| path: junit-Windows.xml | |
| - name: Publish JUnit summary (Windows) | |
| if: always() && runner.os == 'Windows' | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: junit-Windows.xml | |
| - name: Run GoReleaser for macOS | |
| uses: goreleaser/goreleaser-action@v6 | |
| if: runner.os == 'macOS' | |
| with: | |
| distribution: goreleaser | |
| version: latest | |
| args: build --single-target --clean --snapshot | |
| - name: Run GoReleaser for Windows | |
| uses: goreleaser/goreleaser-action@v6 | |
| if: runner.os == 'Windows' | |
| env: | |
| # Fix slow Go compile and cache restore: https://github.com/actions/setup-go/pull/515 | |
| GOCACHE: D:\gocache | |
| GOMODCACHE: D:\gomodcache | |
| GOTMPDIR: D:\gotmp | |
| with: | |
| distribution: goreleaser | |
| version: latest | |
| args: build --single-target --clean --snapshot |