Update third-party rules as of 2026-02-04 (#1351) #4005
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2024 Chainguard, Inc. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: Go Tests | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| branches: | |
| - "main" | |
| permissions: {} | |
| jobs: | |
| test: | |
| if: ${{ github.repository == 'chainguard-dev/malcontent' }} | |
| runs-on: ubuntu-latest-16-core | |
| permissions: | |
| contents: read | |
| container: | |
| image: cgr.dev/chainguard/wolfi-base:latest | |
| options: >- | |
| --cap-add DAC_OVERRIDE | |
| --cap-add SETGID | |
| --cap-add SETUID | |
| --cap-drop ALL | |
| --cgroupns private | |
| --cpu-shares=16384 | |
| --memory-swappiness=0 | |
| --security-opt no-new-privileges | |
| --ulimit core=0 | |
| --ulimit nofile=65535:65535 | |
| --ulimit nproc=65535:65535 | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| apk update | |
| apk add curl findutils git go nodejs upx xz yara-x~1.12.0 | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Trust repository | |
| run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" | |
| - name: Unit tests | |
| run: | | |
| make test | |
| integration: | |
| if: ${{ github.repository == 'chainguard-dev/malcontent' }} | |
| runs-on: ubuntu-latest-16-core | |
| permissions: | |
| contents: read | |
| container: | |
| image: cgr.dev/chainguard/wolfi-base:latest | |
| options: >- | |
| --cap-add DAC_OVERRIDE | |
| --cap-add SETGID | |
| --cap-add SETUID | |
| --cap-drop ALL | |
| --cgroupns private | |
| --cpu-shares=16384 | |
| --memory-swappiness=0 | |
| --security-opt no-new-privileges | |
| --ulimit core=0 | |
| --ulimit nofile=65535:65535 | |
| --ulimit nproc=65535:65535 | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| apk update | |
| apk add curl findutils git go nodejs upx xz yara-x~1.12.0 | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Trust repository | |
| run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" | |
| - name: Integration tests | |
| run: | | |
| make integration | |
| fuzz: | |
| if: ${{ github.repository == 'chainguard-dev/malcontent' }} | |
| runs-on: ubuntu-latest-16-core | |
| permissions: | |
| contents: read | |
| container: | |
| image: cgr.dev/chainguard/wolfi-base:latest | |
| options: >- | |
| --cap-add DAC_OVERRIDE | |
| --cap-add SETGID | |
| --cap-add SETUID | |
| --cap-drop ALL | |
| --cgroupns private | |
| --cpu-shares=16384 | |
| --memory-swappiness=0 | |
| --security-opt no-new-privileges | |
| --ulimit core=0 | |
| --ulimit nofile=65535:65535 | |
| --ulimit nproc=65535:65535 | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| apk update | |
| apk add curl findutils git go nodejs upx xz yara-x~1.12.0 | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Trust repository | |
| run: git config --global --add safe.directory "${GITHUB_WORKSPACE}" | |
| - name: Clone malcontent samples required for Fuzz tests | |
| run: | | |
| make samples | |
| - name: Fuzz tests | |
| run: | | |
| make fuzz |