github actions: update to match conn

maruel · maruel · commit 712a46986aa7 · 2022-06-20T11:44:14.000-04:00
Improve checks based on what I learned in github.com/maruel/pat.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,18 +3,24 @@
 # that can be found in the LICENSE file.
 
 # References:
-# https://developer.github.com/webhooks/event-payloads/
-# https://github.com/actions/cache
 # https://github.com/actions/checkout
 # https://github.com/actions/setup-go
 # https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#using-the-github_token-in-a-workflow
 # https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions/
 # https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
+# https://docs.github.com/en/rest/commits/comments#create-a-commit-comment
+# https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request
+# https://docs.github.com/en/actions/learn-github-actions/contexts
 
 on: [push, pull_request]
 name: Run tests
 jobs:
-  test_all:
+    # Runs go test both with code coverage sent to codecov, race detector and
+    # benchmarks. At the end do a quick check to ensure the tests to not leave
+    # files in the tree.
+  test:
+    name: "test: go${{matrix.gover}}.x/${{matrix.os}}"
+    runs-on: "${{matrix.os}}"
     continue-on-error: true
     defaults:
       run:
@@ -25,19 +31,88 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
         # Do not forget to bump every 6 months!
         gover: ["1.18"]
-    runs-on: "${{matrix.os}}"
-    name: "go${{matrix.gover}}.x on ${{matrix.os}}"
     env:
       PYTHONDONTWRITEBYTECODE: x
     steps:
+    - name: Turn off git core.autocrlf
+      if: matrix.os == 'windows-latest'
+      run: git config --global core.autocrlf false
+    - uses: actions/checkout@v3
+      with:
+        fetch-depth: 2
     - uses: actions/setup-go@v3
       with:
-        go-version: "${{matrix.gover}}"
+        go-version: "~${{matrix.gover}}.0"
+        cache: true
+    - name: 'go install necessary tools'
+      if: always()
+      run: |
+        go install github.com/maruel/pat/cmd/ba@latest
+    - name: 'Check: go test -cover'
+      if: always()
+      run: go test -timeout=120s -covermode=count -coverprofile coverage.txt -bench=. -benchtime=1x ./...
+      # Don't send code coverage if anything failed to reduce spam.
+    - uses: codecov/codecov-action@v2
+    - name: 'Cleanup'
+      if: always()
+      run: rm coverage.txt
+    - name: 'Check: go test -race'
+      run: go test -timeout=120s -race -bench=. -benchtime=1x ./...
+    - name: 'Check: benchmark 📈'
+      run: ba -against HEAD~1
+    - name: 'Check: go test -short (CGO_ENABLED=0)'
+      env:
+        CGO_ENABLED: 0
+      run: go test -timeout=120s -short -bench=. -benchtime=1x ./...
+    - name: 'Check: go test -short (32 bits)'
+      if: matrix.os != 'macos-latest'
+      env:
+        GOARCH: 386
+      run: go test -timeout=120s -short -bench=. -benchtime=1x ./...
+    - name: "Check: tree is clean"
+      if: always()
+      run: |
+        # Nothing should have changed in the tree up to that point and no
+        # unsuspected file was created.
+        TOUCHED=$(git status --porcelain --ignored)
+        if ! test -z "$TOUCHED"; then
+          echo "Oops, something touched these files, please cleanup:"
+          echo "$TOUCHED"
+          git diff
+          false
+        fi
 
-      # Checkout and print debugging information.
+
+    # Run linters. This workflow can be merged with the test_all one if desired
+    # to cut on runtime, at the cost of latency. I dislike waiting for results
+    # so I prefer to run them in parallel.
+  lint:
+    name: "lint: go${{matrix.gover}}.x/${{matrix.os}}"
+    runs-on: "${{matrix.os}}"
+    continue-on-error: true
+    defaults:
+      run:
+        shell: bash
+    strategy:
+      fail-fast: false
+      matrix:
+        # You may want to run only on linux to save on cost. Projects with
+        # OS-specific code benefits from explicitly linting on macOS and
+        # Windows.
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        # Do not forget to bump every 6 months!
+        gover: ["1.18"]
+    env:
+      PYTHONDONTWRITEBYTECODE: x
+    steps:
     - name: Turn off git core.autocrlf
+      if: matrix.os == 'windows-latest'
       run: git config --global core.autocrlf false
     - uses: actions/checkout@v3
+    - uses: actions/setup-go@v3
+      with:
+        go-version: "~${{matrix.gover}}.0"
+        cache: true
     - name: "Debug"
       run: |
         echo HOME = $HOME
@@ -46,14 +121,6 @@ jobs:
         echo ""
         echo $ ls -l $HOME/go/bin
         ls -la $HOME/go/bin
-
-    - name: 'Cache: ~/go'
-      uses: actions/cache@v2
-      with:
-        path: ~/go
-        key: "${{runner.os}}-gopkg-${{hashFiles('go.sum', '.github/workflows/*.yml')}}"
-
-      # Fetch the tools.
     - name: 'go install necessary tools'
       if: always()
       run: |
@@ -66,12 +133,11 @@ jobs:
       run: |
         go install github.com/client9/misspell/cmd/misspell@latest
         go install github.com/google/addlicense@latest
-
-      # Now run proper checks.
     - name: 'Check: go vet'
       if: always()
-      run: go vet ./...
+      run: go vet -unsafeptr=false ./...
     - name: 'Check: go vet shadow; shadowed variables'
+      if: always()
       run: |
         SHADOW_TOOL="$(which shadow)"
         if [ -f "${SHADOW_TOOL}.exe" ]; then
@@ -88,8 +154,8 @@ jobs:
       # SA5002: loop condition never changes or has a race condition
       run: staticcheck -checks inherit,-U1000,-SA5002,-SA1019 ./...
     - name: 'Check: gosec'
+      if: always()
       run: gosec -fmt=golint -quiet -exclude=G103,G304,G404 ./...
-
       # The following checks are not dependent on the OS or go build tags. Only
       # run them on ubuntu-latest since it's the fastest one.
     - name: 'Check: no executable was committed (ubuntu)'
@@ -99,6 +165,9 @@ jobs:
           echo 'Do not commit executables beside shell scripts'
           false
         fi
+    - name: 'Check: addlicense; all sources have a license header (ubuntu)'
+      if: always() && matrix.os == 'ubuntu-latest'
+      run: addlicense -check .
     - name: 'Check: gofmt; code is well formatted (ubuntu)'
       if: always() && matrix.os == 'ubuntu-latest'
       run: |
@@ -116,9 +185,6 @@ jobs:
           echo "" >> _comments.txt
           false
         fi
-    - name: 'Check: addlicense; all sources have a license header (ubuntu)'
-      if: always() && matrix.os == 'ubuntu-latest'
-      run: addlicense -check .
     - name: "Check: misspelling; code doesn't contain misspelling (ubuntu)"
       if: always() && matrix.os == 'ubuntu-latest'
       run: |
@@ -131,49 +197,34 @@ jobs:
           echo "" >> _comments.txt
           false
         fi
-
-      # Run tests last since it's potentially the slowest step.
-    - name: 'Check: go test -cover'
-      if: always()
-      run: go test -timeout=40s -covermode=count -coverprofile coverage.txt ./...
-      # Don't send code coverage if anything failed to reduce spam.
-    - uses: codecov/codecov-action@v2
-    - name: 'Cleanup'
-      if: always()
-      run: rm coverage.txt
-      # Don't run go test -race if anything failed, to speed up the results.
-    - name: 'Check: go test -race'
-      run: go test -timeout=60s -race ./...
-    - name: 'Check: go test -bench=.'
-      run: go test -timeout=40s -bench=. -benchtime=100ms -cpu=1 -run NONE ./...
-    - name: 'Check: CGO_ENABLED=0 go test -short'
-      run: CGO_ENABLED=0 go test -timeout=40s -short ./...
-
-    - name: "Check: tree is clean"
-      if: always()
+    - name: 'Send comments'
+      if: failure()
       run: |
-        # Nothing should have changed in the tree up to that point and no
-        # unsuspected file was created.
-        TOUCHED=$(git status --porcelain --ignored)
-        if ! test -z "$TOUCHED"; then
-          echo "Oops, something touched these files, please cleanup:"
-          echo "$TOUCHED"
-          git diff
-          false
+        if [ -f ../_comments.txt ]; then
+          URL="${{github.event.issue.pull_request.url}}"
+          if test -z "$URL"; then
+            URL="${{github.api_url}}/repos/${{github.repository}}/commits/${{github.sha}}/comments"
+          fi
+          echo "Sending $(cat ../_comments.txt|wc -l) lines of comments to ${URL}"
+          curl -sS --request POST \
+            --header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \
+            --header "Content-Type: application/json" \
+            --data "$(cat ../_comments.txt | jq -R --slurp '{body: .}')" \
+            "${URL}" > /dev/null
+          rm ../_comments.txt
         fi
-
     - name: "Check: go generate doesn't modify files"
       if: always()
       run: |
         go generate ./...
-        # Also test for untracked files.
+        # Also test for untracked files. go generate should not generate ignored
+        # files either.
         TOUCHED=$(git status --porcelain --ignored)
         if ! test -z "$TOUCHED"; then
           echo "go generate created these files, please fix:"
           echo "$TOUCHED"
           false
         fi
-
     - name: "Check: go mod tidy doesn't modify files"
       if: always()
       run: |
@@ -205,52 +256,52 @@ jobs:
         go get -t ./...
         go test -short ./...
 
-    - name: 'Send comments'
-      if: failure() && github.event_name == 'pull_request'
-      run: |
-        if [ -f _comments.txt ]; then
-          URL=$(cat ${GITHUB_EVENT_PATH} | jq -r .pull_request.comments_url)
-          echo "Sending $(cat _comments.txt|wc -l) lines of comments to ${URL}"
-          PAYLOAD=$(echo '{}' | jq --arg body "$(cat _comments.txt)" '.body = $body')
-          curl -sS --request POST \
-            --header "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" \
-            --header "Content-Type: application/json" \
-            --data "${PAYLOAD}" "${URL}" > /dev/null
-        fi
 
-  test_short:
+    # Ensure tests pass on oldest supported Go version.
+  old:
+    name: "test: go${{matrix.gover}}/${{matrix.os}}"
+    runs-on: "${{matrix.os}}"
     continue-on-error: true
+    defaults:
+      run:
+        shell: bash
     strategy:
       fail-fast: false
       matrix:
         os: [ubuntu-latest]
         gover: ['1.13.15']
-    runs-on: "${{matrix.os}}"
-    name: "go${{matrix.gover}} on ${{matrix.os}} (quick)"
+    env:
+      PYTHONDONTWRITEBYTECODE: x
     steps:
+    - name: Turn off git core.autocrlf
+      if: matrix.os == 'windows-latest'
+      run: git config --global core.autocrlf false
+    - uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: "${{matrix.gover}}"
-    - uses: actions/checkout@v3
+        go-version: "=${{matrix.gover}}"
     - name: 'Check: go test'
-      run: go test -timeout=40s ./...
+      run: go test -timeout=120s -bench=. -benchtime=1x ./...
+
 
   codeql:
+    name: "codeql: go${{matrix.gover}}.x/${{matrix.os}}"
+    runs-on: "${{matrix.os}}"
     continue-on-error: true
     strategy:
       fail-fast: false
       matrix:
+        os: [ubuntu-latest]
         # Do not forget to bump every 6 months!
         gover: ["1.18"]
     permissions:
       security-events: write
-    runs-on: ubuntu-latest
-    name: "go${{matrix.gover}}.x on ubuntu-latest (codeql)"
     steps:
+    - uses: actions/checkout@v3
     - uses: actions/setup-go@v3
       with:
-        go-version: "${{matrix.gover}}"
-    - uses: actions/checkout@v3
+        go-version: "~${{matrix.gover}}.0"
+        cache: true
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2
       with:
