From ee7f568aed56ee4c4d7e15b9d4c7db22fa768650 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Wed, 3 Jul 2024 11:25:45 +0200 Subject: [PATCH] fix(ci): do not block pull request CI when go-versions lags behind When a new go version is published, it takes about 24h for https://github.com/actions/go-versions to be updated (see https://github.com/actions/go-versions/pull/102 for example). In the meantime the setup-go action that depends on it will install a version of go that fails golang.org/x/vuln/cmd/govulncheck. Move the security check to be the last step of the test job instead of the first. It will still block the PRs from being merged but it will allow the PR authors to keep working and look at the test results in the meantime. Fixes: https://codeberg.org/forgejo/forgejo/issues/4294 --- .forgejo/workflows/testing.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml index 7eb40fec8c..154b5806d7 100644 --- a/.forgejo/workflows/testing.yml +++ b/.forgejo/workflows/testing.yml @@ -25,7 +25,7 @@ jobs: go-version: "1.22" check-latest: true - run: make deps-backend deps-tools - - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs + - run: make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate # ensure the "go-licenses" make target runs frontend-checks: if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} runs-on: docker @@ -274,3 +274,22 @@ jobs: RACE_ENABLED: true TEST_TAGS: sqlite sqlite_unlock_notify USE_REPO_TEST_DIR: 1 + security-check: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: + - test-sqlite + - test-pgsql + - test-mysql + - test-remote-cacher + - test-unit + container: + image: 'docker.io/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v3 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version: "1.22" + check-latest: true + - run: make deps-backend deps-tools + - run: make security-check