ci: switch to flow gha

Author: jahvon

.github/workflows/ci.yaml

@@ -0,0 +1,95 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.24"
+      - uses: jahvon/flow-action@v1.0.0-beta1
+        with:
+          executable: 'lint --param CI=true'
+          timeout: '5m'
+          flow-version: 'main'
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: lint.sarif
+          category: golangci-lint
+
+  tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.24"
+      - uses: jahvon/flow-action@v1.0.0-beta1
+        with:
+          executable: 'test --param CI=true'
+          timeout: '5m'
+          flow-version: 'main'
+      - name: Upload to codecov
+        uses: codecov/codecov-action@v3
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+        with:
+          file: coverage.out
+          fail_ci_if_error: true
+
+  validate-generated:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.24"
+      - name: Install mockgen
+        run: go install go.uber.org/mock/mockgen@v0.4.0
+      - uses: jahvon/flow-action@v1.0.0-beta1
+        with:
+          executable: 'generate'
+          timeout: '10m'
+          flow-version: 'main'
+      - name: Check for uncommitted changes
+        uses: jahvon/flow-action@v1.0.0-beta1
+        with:
+          executable: 'validate generated'
+          timeout: '2m'
+          flow-version: 'main'
+
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "^1.24"
+      - uses: jahvon/flow-action@v1.0.0-beta1
+        with:
+          executable: 'scan security'
+          timeout: '10m'
+          flow-version: 'main'
+      - name: Upload govuln SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: govuln.sarif

.github/workflows/validate.yaml

@@ -0,0 +1,143 @@
+# yaml-language-server: $schema=https://flowexec.io/schemas/flowfile_schema.json
+tags: [development]
+executables:
+  - verb: validate
+    description: Run all development checks
+    serial:
+      params:
+        - envKey: COLORFGBG
+          text: 15;0
+        - envKey: COLORTERM
+          text: truecolor
+        - envKey: TERM
+          text: xterm-256color
+      execs:
+        - ref: generate
+        - ref: lint
+        - ref: test tui
+        - ref: validate generated
+        - cmd: echo "✅ All development checks passed"
+
+  - verb: test
+    name: tui
+    aliases: [go]
+    tags: [go]
+    description: Run tests with coverage
+    serial:
+      dir: //
+      execs:
+        # TODO: Add -race flag when the container becomes thread safe
+        - cmd: |
+            set -e
+            echo "Running Go unit tests..."
+            if [ "$CI" = "true" ]; then
+              echo "Running Go unit tests with coverage..."
+              go test -coverprofile=coverage.out -covermode=atomic ./...
+            else
+              go test ./...
+            fi
+            echo "Unit tests completed"
+          retries: 3
+
+  - verb: generate
+    tags: [go]
+    exec:
+      dir: //
+      cmd: |
+        echo "Generating go CLI code..."
+        go generate ./...
+        echo "All go code generated successfully"
+
+  - verb: validate
+    name: generated
+    description: Check for uncommitted generated files
+    exec:
+      dir: //
+      cmd: |
+        echo "Checking for uncommitted generated files..."
+
+        if [ -n "$(git status --porcelain)" ]; then
+          echo "❌ Generated files are not up to date!"
+          echo "Please run 'flow generate' and commit the changes."
+          echo ""
+          echo "Uncommitted changes:"
+          git status --porcelain
+          exit 1
+        else
+          echo "✅ All generated files are up to date"
+        fi
+
+  - verb: test
+    name: snapshot
+    description: Run the snapshot tests
+    exec:
+      dir: //
+      params:
+        - envKey: COLORFGBG
+          text: 15;0
+        - envKey: COLORTERM
+          text: truecolor
+        - envKey: TERM
+          text: xterm-256color
+      args:
+        - envKey: BUILDER
+          pos: 1
+          default: podman
+      cmd: |
+        $BUILDER run --rm -it -v "$PWD":/go/src/app -w /go/src/app golang:1.23-bookworm go test ./container_test.go
+
+  - verb: run
+    name: sample
+    description: Run the sample container program
+    visibility: hidden # TODO: fix running of tea programs from within the container
+    exec:
+      dir: //
+      args:
+        - envKey: VIEW
+          pos: 1
+          default: frame
+      logMode: text
+      cmd: go run ./sample --view $VIEW
+
+  - verb: lint
+    tags: [go]
+    description: Run linters and formatters
+    parallel:
+      dir: //
+      failFast: false
+      execs:
+        - cmd: go fmt ./...
+        - cmd: go mod tidy
+        - cmd: |
+            if ! command -v golangci-lint &> /dev/null; then
+              echo "Installing golangci-lint..."
+              curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s v2.1.6
+              export PATH="$PATH:./bin"
+            fi
+            
+            if [ "$CI" = "true" ]; then
+              echo "Running golangci-lint with sarif output..."
+              golangci-lint run ./... --fix --output.sarif.path lint.sarif
+            else
+              golangci-lint run ./... --fix
+            fi
+
+  - verb: scan
+    name: security
+    tags: [security, go]
+    description: Run security scanning with govulncheck
+    exec:
+      dir: //
+      cmd: |
+        if ! command -v govulncheck &> /dev/null; then
+          echo "Installing govulncheck..."
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+        fi
+        
+        if [ "$CI" = "true" ]; then
+          govulncheck -format sarif ./... > govuln.sarif
+          echo "Security scan completed. Results saved to govuln.sarif"
+        else
+          govulncheck ./...
+          echo "Security scan completed. No vulnerabilities found."
+        fi

dev.flow

@@ -50,7 +50,7 @@ require (
 	github.com/yuin/goldmark-emoji v1.0.3 // indirect
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
 	golang.org/x/mod v0.18.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/sync v0.13.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/text v0.23.0 // indirect

execs.flow

@@ -112,8 +112,8 @@ golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
 golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
 golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
+golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
 golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
 golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=