Merge pull request #321 from gofiber/ci-branches

Cleanup CI workflows

.github/dependabot.yml

@@ -1,57 +1,55 @@
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
   - package-ecosystem: "gomod"
-    directory: "/ace/" # Location of package manifests
+    directory: "/ace/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/amber/" # Location of package manifests
+    directory: "/amber/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/django/" # Location of package manifests
+    directory: "/django/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/handlebars/" # Location of package manifests
+    directory: "/handlebars/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/html/" # Location of package manifests
+    directory: "/html/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/jet/" # Location of package manifests
+    directory: "/jet/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/mustache/" # Location of package manifests
+    directory: "/mustache/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/pug/" # Location of package manifests
+    directory: "/pug/"
     labels:
       - "🤖 Dependencies"
     schedule:
       interval: "daily"
   - package-ecosystem: "gomod"
-    directory: "/slim/" # Location of package manifests
+    directory: "/slim/"
     labels:
       - "🤖 Dependencies"
     schedule:

.github/workflows/benchmark.yml

@@ -1,21 +1,24 @@
+name: Benchmark
+
 on:
   push:
     branches:
-      - master
-      - main
+      - "master"
+      - "main"
     paths:
-      - "**"
-      - "!**.md"
+      - "**.go"
+      - "**/go.mod"
   pull_request:
+    branches:
+      - "*"
     paths:
-      - "**"
-      - "!**.md"
+      - "**.go"
+      - "**/go.mod"
 
 permissions:
   deployments: write
   contents: write
 
-name: Benchmark
 jobs:
   Compare:
     runs-on: ubuntu-latest

.github/workflows/dependabot_automerge.yml

@@ -1,4 +1,5 @@
 name: Dependabot auto-merge
+
 on:
   pull_request
 
@@ -12,7 +13,7 @@ jobs:
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
        - name: Wait for check is finished
-         uses: lewagon/[email protected].1
+         uses: lewagon/[email protected].3
          id: wait_for_checks
          with:
              ref: ${{ github.event.pull_request.head.sha || github.sha }}

.github/workflows/golangci-lint.yml

@@ -0,0 +1,40 @@
+name: Golangci-Lint
+
+on:
+  push:
+    branches:
+      - "master"
+      - "main"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+  pull_request:
+    branches:
+      - "*"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+
+permissions:
+  contents: read
+
+jobs:
+  golangci-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch Repository
+        uses: actions/checkout@v4
+      - name: Setup Go
+        uses: actions/setup-go@v5
+        with:
+          # NOTE: Keep this in sync with the version from go.mod
+          go-version: '1.20.x'
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # NOTE: Keep this in sync with the version from .golangci.yml
+          version: 'v1.52.2'

.github/workflows/gosec.yml

@@ -0,0 +1,64 @@
+name: Gosec Security Scan
+
+on:
+  push:
+    branches:
+      - "master"
+      - "main"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+  pull_request:
+    branches:
+      - "*"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+
+jobs:
+  detect-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.changed-files.outputs.all_changed_files }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Changed Files
+        uses: tj-actions/changed-files@v41
+        id: changed-files
+        with:
+          files_ignore: |
+            .github/**
+            **.md
+          json: true
+          escape_json: false
+          dir_names: true
+          dir_names_exclude_current_dir: true
+
+  gosec-scan:
+    runs-on: ubuntu-latest
+    needs: detect-changes
+    env:
+      GO111MODULE: on
+    strategy:
+      matrix:
+        modules: ${{ fromJSON(needs.detect-changes.outputs.matrix) }}
+    steps:
+      - name: Fetch Repository
+        uses: actions/checkout@v4
+      - name: Install Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '^1.21.x'
+          check-latest: true
+          cache: false
+      - name: Install gosec
+        run: go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - name: Run gosec
+        working-directory: ${{ matrix.modules }}
+        run: gosec ./...

.github/workflows/govulncheck.yml

@@ -0,0 +1,39 @@
+name: Govulncheck Security Scan
+
+on:
+  push:
+    branches:
+      - "master"
+      - "main"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+  pull_request:
+    branches:
+      - "*"
+    paths-ignore:
+      - "**.md"
+      - LICENSE
+      - ".github/ISSUE_TEMPLATE/*.yml"
+      - ".github/dependabot.yml"
+
+jobs:
+  govulncheck-check:
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+    - name: Fetch Repository
+      uses: actions/checkout@v4
+    - name: Install Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: 'stable'
+        check-latest: true
+        cache: false
+    - name: Install Govulncheck
+      run: go install golang.org/x/vuln/cmd/govulncheck@latest
+    - name: Run Govulncheck
+      run: govulncheck ./...

.github/workflows/sync-docs.yml

@@ -27,9 +27,6 @@ jobs:
               with:
                   node-version: '18'
 
-            - name: Install JQ
-              run: sudo apt-get install jq
-
             - name: Sync docs
               run: ./.github/scripts/sync_docs.sh
               env:

.github/workflows/test-ace.yml

@@ -6,6 +6,8 @@ on:
         paths:
             - 'ace/**'
     pull_request:
+        branches:
+            - '*'
         paths:
             - 'ace/**'
 name: Tests Ace

.github/workflows/test-amber.yml

@@ -6,6 +6,8 @@ on:
         paths:
             - 'amber/**'
     pull_request:
+        branches:
+            - '*'
         paths:
             - 'amber/**'
 name: Tests Amber

.github/workflows/test-django.yml

@@ -6,6 +6,8 @@ on:
         paths:
             - 'django/**'
     pull_request:
+        branches:
+            - '*'
         paths:
             - 'django/**'
 name: Tests Django

.github/workflows/test-handlebars.yml

@@ -6,6 +6,8 @@ on:
         paths:
             - 'handlebars/**'
     pull_request:
+        branches:
+            - '*'
         paths:
             - 'handlebars/**'
 name: Tests Handlebars