From 5dc3d350b05c2e082579013ff02bdd3644d2f476 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 15 Nov 2025 18:23:48 +0100 Subject: [PATCH 1/8] feat: added CHECKOUT_TOKEN support to go-test and go-check workflows --- .github/workflows/go-check.yml | 4 ++++ .github/workflows/go-test.yml | 3 +++ CHANGELOG.md | 2 ++ 3 files changed, 9 insertions(+) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 45d22a9..d4a3cea 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -12,6 +12,9 @@ on: required: false type: boolean default: false + secrets: + CHECKOUT_TOKEN: + required: false jobs: unit: @@ -22,6 +25,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive + token: ${{ secrets.CHECKOUT_TOKEN }} - name: Extend the GitHub context id: github env: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 238ec31..a4d378b 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -13,6 +13,8 @@ on: secrets: CODECOV_TOKEN: required: false + CHECKOUT_TOKEN: + required: false defaults: run: @@ -43,6 +45,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive + token: ${{ secrets.CHECKOUT_TOKEN }} - name: Check out the latest stable version of Go id: stable uses: actions/setup-go@v5 diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c4bf91..60a0bb7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Added +- `CHECKOUT_TOKEN` support to `go-test` and `go-check` workflows ## [1.0.34] - 2025-09-16 ### Fixed From 5feca815c3060104704bf11a68236bdc1e49fbf7 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 15 Nov 2025 18:45:56 +0100 Subject: [PATCH 2/8] feat: added env support to go-test and go-check workflows --- .github/workflows/go-check.yml | 9 +++++++++ .github/workflows/go-test.yml | 9 +++++++++ CHANGELOG.md | 3 ++- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index d4a3cea..491531b 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -12,6 +12,9 @@ on: required: false type: boolean default: false + env: + required: false + type: string secrets: CHECKOUT_TOKEN: required: false @@ -21,6 +24,12 @@ jobs: runs-on: ubuntu-latest name: All steps: + - name: Set env + if: ${{ inputs.env }} + env: + ENV: ${{ inputs.env }} + run: | + echo "$ENV" >> $GITHUB_ENV - name: Check out the repository uses: actions/checkout@v5 with: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index a4d378b..baf4d65 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -10,6 +10,9 @@ on: required: false type: boolean default: false + env: + required: false + type: string secrets: CODECOV_TOKEN: required: false @@ -34,6 +37,12 @@ jobs: runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || format('"{0}-latest"', matrix.os)) }} name: ${{ matrix.os }} (go ${{ matrix.go }}) steps: + - name: Set env + if: ${{ inputs.env }} + env: + ENV: ${{ inputs.env }} + run: | + echo "$ENV" >> $GITHUB_ENV - name: Use msys2 on windows if: matrix.os == 'windows' # The executable for msys2 is also called bash.cmd diff --git a/CHANGELOG.md b/CHANGELOG.md index 60a0bb7..2f706b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added -- `CHECKOUT_TOKEN` support to `go-test` and `go-check` workflows +- `env` input support to `go-test` and `go-check` workflows +- `CHECKOUT_TOKEN` secret support to `go-test` and `go-check` workflows ## [1.0.34] - 2025-09-16 ### Fixed From f0389eba790d6d237c63feca5bf89f2a942a76a6 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 13:18:40 +0100 Subject: [PATCH 3/8] feat: allow custom runner configuration in most workflows --- .github/workflows/go-check.yml | 6 +++++- .github/workflows/go-test.yml | 14 +++++++++++++- .github/workflows/release-check.yml | 8 ++++++-- .github/workflows/releaser.yml | 8 ++++++-- .github/workflows/reusable-generated-pr.yml | 7 ++++++- .../workflows/reusable-semantic-pull-request.yml | 7 ++++++- .github/workflows/reusable-spellcheck.yml | 7 ++++++- .github/workflows/reusable-stale-issue.yml | 7 ++++++- .github/workflows/tagpush.yml | 7 ++++++- CHANGELOG.md | 1 + 10 files changed, 61 insertions(+), 11 deletions(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 491531b..873b391 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -15,13 +15,17 @@ on: env: required: false type: string + runner: + required: false + type: string + default: '"ubuntu-latest"' secrets: CHECKOUT_TOKEN: required: false jobs: unit: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_GO_CHECK_RUNNER'] || inputs['runner']) }} name: All steps: - name: Set env diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index baf4d65..185f1b5 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -13,6 +13,18 @@ on: env: required: false type: string + runner-ubuntu: + required: false + type: string + default: '"ubuntu-latest"' + runner-windows: + required: false + type: string + default: '"windows-latest"' + runner-macos: + required: false + type: string + default: '"macos-latest"' secrets: CODECOV_TOKEN: required: false @@ -34,7 +46,7 @@ jobs: GOTESTFLAGS: -cover -coverprofile=module-coverage.txt -coverpkg=./... GO386FLAGS: '' GORACEFLAGS: '' - runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || format('"{0}-latest"', matrix.os)) }} + runs-on: ${{ fromJSON(vars[format('UCI_GO_TEST_RUNNER_{0}', matrix.os)] || inputs[format('runner-{0}', matrix.os)]) }} name: ${{ matrix.os }} (go ${{ matrix.go }}) steps: - name: Set env diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index c2ea890..44c4caf 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -14,6 +14,10 @@ on: required: false type: string default: '/' + runner: + required: false + type: string + default: '"ubuntu-latest"' outputs: json: description: JSON aggregation of release.json artifacts @@ -21,7 +25,7 @@ on: jobs: release-check: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }} strategy: fail-fast: false matrix: @@ -338,7 +342,7 @@ jobs: path: release.json aggregate: needs: [release-check] - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASE_CHECK_RUNNER'] || inputs['runner']) }} outputs: json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }} steps: diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 80cd04d..79edb95 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -18,6 +18,10 @@ on: required: false type: boolean default: false + runner: + required: false + type: string + default: '"ubuntu-latest"' outputs: json: description: JSON aggregation of release.json artifacts @@ -28,7 +32,7 @@ on: jobs: releaser: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }} strategy: fail-fast: false matrix: @@ -185,7 +189,7 @@ jobs: overwrite: true aggregate: needs: [releaser] - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_RELEASER_RUNNER'] || inputs['runner']) }} outputs: json: ${{ toJSON(fromJSON(steps.aggregate.outputs.json)) }} steps: diff --git a/.github/workflows/reusable-generated-pr.yml b/.github/workflows/reusable-generated-pr.yml index e785c82..8967ca6 100644 --- a/.github/workflows/reusable-generated-pr.yml +++ b/.github/workflows/reusable-generated-pr.yml @@ -2,10 +2,15 @@ name: Close Generated PRs on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: stale: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_GENERATED_PR_RUNNER'] || inputs['runner']) }} permissions: issues: write pull-requests: write diff --git a/.github/workflows/reusable-semantic-pull-request.yml b/.github/workflows/reusable-semantic-pull-request.yml index ee3fc5b..60fb551 100644 --- a/.github/workflows/reusable-semantic-pull-request.yml +++ b/.github/workflows/reusable-semantic-pull-request.yml @@ -2,11 +2,16 @@ name: Semantic PR on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: main: name: Validate PR title - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_SEMANTIC_PULL_REQUEST_RUNNER'] || inputs['runner']) }} steps: - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: diff --git a/.github/workflows/reusable-spellcheck.yml b/.github/workflows/reusable-spellcheck.yml index 47166b3..aa3c782 100644 --- a/.github/workflows/reusable-spellcheck.yml +++ b/.github/workflows/reusable-spellcheck.yml @@ -2,10 +2,15 @@ name: Check Spelling on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: spellcheck: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_SPELLCHECK_RUNNER'] || inputs['runner']) }} steps: - uses: actions/checkout@v5 diff --git a/.github/workflows/reusable-stale-issue.yml b/.github/workflows/reusable-stale-issue.yml index 0031233..e871d75 100644 --- a/.github/workflows/reusable-stale-issue.yml +++ b/.github/workflows/reusable-stale-issue.yml @@ -2,10 +2,15 @@ name: Close Stale Issues on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: stale: - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_STALE_ISSUE_RUNNER'] || inputs['runner']) }} permissions: issues: write pull-requests: write diff --git a/.github/workflows/tagpush.yml b/.github/workflows/tagpush.yml index 25bdb5d..fe51a73 100644 --- a/.github/workflows/tagpush.yml +++ b/.github/workflows/tagpush.yml @@ -2,11 +2,16 @@ name: Manual Release Nag on: workflow_call: + inputs: + runner: + required: false + type: string + default: '"ubuntu-latest"' jobs: nag: if: startsWith(github.ref, 'refs/tags') && github.event.pusher.name != 'web3-bot' - runs-on: ubuntu-latest + runs-on: ${{ fromJSON(vars['UCI_TAGPUSH_RUNNER'] || inputs['runner']) }} name: All steps: - id: tag diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f706b3..56c0418 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - `env` input support to `go-test` and `go-check` workflows - `CHECKOUT_TOKEN` secret support to `go-test` and `go-check` workflows +- custom `runner` configuration to most workflows ## [1.0.34] - 2025-09-16 ### Fixed From 956af8197e0a18fe99442136b4a9b5fdff459d3e Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 13:27:14 +0100 Subject: [PATCH 4/8] feat: added os-versions input to go-test --- .github/workflows/go-test.yml | 6 +++++- CHANGELOG.md | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 185f1b5..231c7cf 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -25,6 +25,10 @@ on: required: false type: string default: '"macos-latest"' + os-versions: + required: false + type: string + default: '["ubuntu", "windows", "macos"]' secrets: CODECOV_TOKEN: required: false @@ -40,7 +44,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ "ubuntu", "windows", "macos" ] + os: ${{ fromJSON(inputs.os-versions) }} go: ${{ fromJSON(inputs.go-versions) }} env: GOTESTFLAGS: -cover -coverprofile=module-coverage.txt -coverpkg=./... diff --git a/CHANGELOG.md b/CHANGELOG.md index 56c0418..47d9be8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `env` input support to `go-test` and `go-check` workflows - `CHECKOUT_TOKEN` secret support to `go-test` and `go-check` workflows - custom `runner` configuration to most workflows +- `os-versions` input support to `go-test` workflow ## [1.0.34] - 2025-09-16 ### Fixed From 5de460f4a96f3aef1518a66a68af076f3edbc702 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 13:42:27 +0100 Subject: [PATCH 5/8] Pass checkout-token through inputs --- .github/workflows/go-check.yml | 7 ++++--- .github/workflows/go-test.yml | 8 +++++--- .github/workflows/release-check.yml | 7 +++++++ .github/workflows/releaser.yml | 13 ++++++++++++- CHANGELOG.md | 4 ++-- 5 files changed, 30 insertions(+), 9 deletions(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 873b391..21ba6cd 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -19,9 +19,10 @@ on: required: false type: string default: '"ubuntu-latest"' - secrets: - CHECKOUT_TOKEN: + checkout-token: required: false + type: string + default: ${{ github.token }} jobs: unit: @@ -38,7 +39,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive - token: ${{ secrets.CHECKOUT_TOKEN }} + token: ${{ inputs.checkout-token }} - name: Extend the GitHub context id: github env: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 231c7cf..29458a8 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -29,11 +29,13 @@ on: required: false type: string default: '["ubuntu", "windows", "macos"]' + checkout-token: + required: false + type: string + default: ${{ github.token }} secrets: CODECOV_TOKEN: required: false - CHECKOUT_TOKEN: - required: false defaults: run: @@ -70,7 +72,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive - token: ${{ secrets.CHECKOUT_TOKEN }} + token: ${{ inputs.checkout-token }} - name: Check out the latest stable version of Go id: stable uses: actions/setup-go@v5 diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index 44c4caf..5e580c9 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -14,10 +14,17 @@ on: required: false type: string default: '/' + env: + required: false + type: string runner: required: false type: string default: '"ubuntu-latest"' + checkout-token: + required: false + type: string + default: ${{ github.token }} outputs: json: description: JSON aggregation of release.json artifacts diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 79edb95..2319eaf 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -18,10 +18,21 @@ on: required: false type: boolean default: false + env: + required: false + type: string runner: required: false type: string default: '"ubuntu-latest"' + checkout-token: + required: false + type: string + default: ${{ github.token }} + release-token: + required: false + type: string + default: ${{ github.token }} outputs: json: description: JSON aggregation of release.json artifacts @@ -160,7 +171,7 @@ jobs: generate_release_notes: true target_commitish: ${{ github.sha }} make_latest: ${{ steps.version.outputs.prefix == 'v' && steps.version.outputs.suffix == '' && steps.version.outputs.tag == steps.latest.outputs.latest }} - token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }} + token: ${{ secrets.UCI_GITHUB_TOKEN || inputs.release-token }} - name: Create release.json if: steps.release.outputs.id != '' id: json diff --git a/CHANGELOG.md b/CHANGELOG.md index 47d9be8..fc28076 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added -- `env` input support to `go-test` and `go-check` workflows -- `CHECKOUT_TOKEN` secret support to `go-test` and `go-check` workflows +- `env` input support to `go-test`, `go-check`, `releaser` and `release-check` workflows +- `checkout-token` input support to `go-test`, `go-check`, `releaser` and `release-check` workflows - custom `runner` configuration to most workflows - `os-versions` input support to `go-test` workflow From 42820f8f8b29910a53756b06da1c8d97deff289a Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 15:31:35 +0100 Subject: [PATCH 6/8] feat: support app creds for checkout --- .github/workflows/go-check.yml | 22 ++++++++++++++++++---- .github/workflows/go-test.yml | 27 +++++++++++++++++++++------ .github/workflows/release-check.yml | 7 ------- .github/workflows/releaser.yml | 13 +------------ CHANGELOG.md | 4 ++-- 5 files changed, 42 insertions(+), 31 deletions(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 21ba6cd..d66010b 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -12,17 +12,23 @@ on: required: false type: boolean default: false - env: - required: false - type: string runner: required: false type: string default: '"ubuntu-latest"' + env: + required: false + type: string checkout-token: required: false type: string default: ${{ github.token }} + checkout-app-id: + required: false + type: string + checkout-private-key: + required: false + type: string jobs: unit: @@ -35,11 +41,19 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV + - name: Create GitHub App installation token + id: checkout-app + if: ${{ inputs.checkout-app-id && inputs.checkout-private-key }} + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.checkout-app-id }} + private-key: ${{ inputs.checkout-private-key }} + owner: ${{ github.repository_owner }} - name: Check out the repository uses: actions/checkout@v5 with: submodules: recursive - token: ${{ inputs.checkout-token }} + token: ${{ steps.checkout-app.outputs.token || inputs.checkout-token }} - name: Extend the GitHub context id: github env: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 29458a8..5e259d0 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -2,6 +2,10 @@ name: Go Test on: workflow_call: inputs: + os-versions: + required: false + type: string + default: '["ubuntu", "windows", "macos"]' go-versions: required: false type: string @@ -10,9 +14,6 @@ on: required: false type: boolean default: false - env: - required: false - type: string runner-ubuntu: required: false type: string @@ -25,14 +26,20 @@ on: required: false type: string default: '"macos-latest"' - os-versions: + env: required: false type: string - default: '["ubuntu", "windows", "macos"]' checkout-token: required: false type: string default: ${{ github.token }} + checkout-app-id: + required: false + type: string + checkout-private-key: + required: false + type: string + secrets: CODECOV_TOKEN: required: false @@ -61,6 +68,14 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV + - name: Create GitHub App installation token + id: checkout-app + if: ${{ inputs.checkout-app-id && inputs.checkout-private-key }} + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.checkout-app-id }} + private-key: ${{ inputs.checkout-private-key }} + owner: ${{ github.repository_owner }} - name: Use msys2 on windows if: matrix.os == 'windows' # The executable for msys2 is also called bash.cmd @@ -72,7 +87,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive - token: ${{ inputs.checkout-token }} + token: ${{ steps.checkout-app.outputs.token || inputs.checkout-token }} - name: Check out the latest stable version of Go id: stable uses: actions/setup-go@v5 diff --git a/.github/workflows/release-check.yml b/.github/workflows/release-check.yml index 5e580c9..44c4caf 100644 --- a/.github/workflows/release-check.yml +++ b/.github/workflows/release-check.yml @@ -14,17 +14,10 @@ on: required: false type: string default: '/' - env: - required: false - type: string runner: required: false type: string default: '"ubuntu-latest"' - checkout-token: - required: false - type: string - default: ${{ github.token }} outputs: json: description: JSON aggregation of release.json artifacts diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml index 2319eaf..79edb95 100644 --- a/.github/workflows/releaser.yml +++ b/.github/workflows/releaser.yml @@ -18,21 +18,10 @@ on: required: false type: boolean default: false - env: - required: false - type: string runner: required: false type: string default: '"ubuntu-latest"' - checkout-token: - required: false - type: string - default: ${{ github.token }} - release-token: - required: false - type: string - default: ${{ github.token }} outputs: json: description: JSON aggregation of release.json artifacts @@ -171,7 +160,7 @@ jobs: generate_release_notes: true target_commitish: ${{ github.sha }} make_latest: ${{ steps.version.outputs.prefix == 'v' && steps.version.outputs.suffix == '' && steps.version.outputs.tag == steps.latest.outputs.latest }} - token: ${{ secrets.UCI_GITHUB_TOKEN || inputs.release-token }} + token: ${{ secrets.UCI_GITHUB_TOKEN || github.token }} - name: Create release.json if: steps.release.outputs.id != '' id: json diff --git a/CHANGELOG.md b/CHANGELOG.md index fc28076..b58ff96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added -- `env` input support to `go-test`, `go-check`, `releaser` and `release-check` workflows -- `checkout-token` input support to `go-test`, `go-check`, `releaser` and `release-check` workflows +- `env` input support to `go-test` and `go-check` workflows +- `checkout-token`, `checkout-app-id` and `checkout-private-key` input support to `go-test` and `go-check` workflows - custom `runner` configuration to most workflows - `os-versions` input support to `go-test` workflow From cb0b2972be49abd8dd9732ba75f8961998049245 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 15:42:33 +0100 Subject: [PATCH 7/8] feat: turn some intputs into secrets --- .github/workflows/go-check.yml | 25 ++++++++++++++----------- .github/workflows/go-test.yml | 29 +++++++++++++++-------------- CHANGELOG.md | 2 +- 3 files changed, 30 insertions(+), 26 deletions(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index d66010b..7d12426 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -19,16 +19,13 @@ on: env: required: false type: string - checkout-token: + secrets: + CHECKOUT_TOKEN: required: false - type: string - default: ${{ github.token }} - checkout-app-id: + CHECKOUT_APP_ID: required: false - type: string - checkout-private-key: + CHECKOUT_PRIVATE_KEY: required: false - type: string jobs: unit: @@ -41,19 +38,25 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV + - name: Inspect checkout secrets + id: checkout-app-secrets + env: + APP_ID: ${{ secrets.CHECKOUT_APP_ID }} + PRIVATE_KEY: ${{ secrets.CHECKOUT_PRIVATE_KEY }} + run: echo "available=$([[ -n \"$APP_ID\" && -n \"$PRIVATE_KEY\" ]] && echo true || echo false)" | tee -a "$GITHUB_OUTPUT" - name: Create GitHub App installation token id: checkout-app - if: ${{ inputs.checkout-app-id && inputs.checkout-private-key }} + if: steps.checkout-app-secrets.outputs.available == 'true' uses: actions/create-github-app-token@v2 with: - app-id: ${{ inputs.checkout-app-id }} - private-key: ${{ inputs.checkout-private-key }} + app-id: ${{ secrets.CHECKOUT_APP_ID }} + private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Check out the repository uses: actions/checkout@v5 with: submodules: recursive - token: ${{ steps.checkout-app.outputs.token || inputs.checkout-token }} + token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }} - name: Extend the GitHub context id: github env: diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 5e259d0..1756388 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -29,19 +29,14 @@ on: env: required: false type: string - checkout-token: + secrets: + CODECOV_TOKEN: required: false - type: string - default: ${{ github.token }} - checkout-app-id: + CHECKOUT_TOKEN: required: false - type: string - checkout-private-key: + CHECKOUT_APP_ID: required: false - type: string - - secrets: - CODECOV_TOKEN: + CHECKOUT_PRIVATE_KEY: required: false defaults: @@ -68,13 +63,19 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV + - name: Inspect checkout secrets + id: checkout-app-secrets + env: + APP_ID: ${{ secrets.CHECKOUT_APP_ID }} + PRIVATE_KEY: ${{ secrets.CHECKOUT_PRIVATE_KEY }} + run: echo "available=$([[ -n \"$APP_ID\" && -n \"$PRIVATE_KEY\" ]] && echo true || echo false)" | tee -a "$GITHUB_OUTPUT" - name: Create GitHub App installation token id: checkout-app - if: ${{ inputs.checkout-app-id && inputs.checkout-private-key }} + if: steps.checkout-app-secrets.outputs.available == 'true' uses: actions/create-github-app-token@v2 with: - app-id: ${{ inputs.checkout-app-id }} - private-key: ${{ inputs.checkout-private-key }} + app-id: ${{ secrets.CHECKOUT_APP_ID }} + private-key: ${{ secrets.CHECKOUT_PRIVATE_KEY }} owner: ${{ github.repository_owner }} - name: Use msys2 on windows if: matrix.os == 'windows' @@ -87,7 +88,7 @@ jobs: uses: actions/checkout@v5 with: submodules: recursive - token: ${{ steps.checkout-app.outputs.token || inputs.checkout-token }} + token: ${{ steps.checkout-app.outputs.token || secrets.CHECKOUT_TOKEN }} - name: Check out the latest stable version of Go id: stable uses: actions/setup-go@v5 diff --git a/CHANGELOG.md b/CHANGELOG.md index b58ff96..c3ccd06 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased ### Added - `env` input support to `go-test` and `go-check` workflows -- `checkout-token`, `checkout-app-id` and `checkout-private-key` input support to `go-test` and `go-check` workflows +- `CHECKOUT_TOKEN`, `CHECKOUT_APP_ID` and `CHECKOUT_PRIVATE_KEY` secrets support to `go-test` and `go-check` workflows - custom `runner` configuration to most workflows - `os-versions` input support to `go-test` workflow From 6f27dd5f9abf83c970799ea807d393c51ea6a904 Mon Sep 17 00:00:00 2001 From: galargh Date: Sat, 22 Nov 2025 16:07:32 +0100 Subject: [PATCH 8/8] feat: disable codecov when token is not available --- .github/workflows/go-check.yml | 17 +++++++++++------ .github/workflows/go-test.yml | 18 ++++++++++++------ CHANGELOG.md | 3 +++ 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/.github/workflows/go-check.yml b/.github/workflows/go-check.yml index 7d12426..1f2d38a 100644 --- a/.github/workflows/go-check.yml +++ b/.github/workflows/go-check.yml @@ -38,15 +38,20 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV - - name: Inspect checkout secrets - id: checkout-app-secrets + - name: Inspect secrets + id: secrets env: - APP_ID: ${{ secrets.CHECKOUT_APP_ID }} - PRIVATE_KEY: ${{ secrets.CHECKOUT_PRIVATE_KEY }} - run: echo "available=$([[ -n \"$APP_ID\" && -n \"$PRIVATE_KEY\" ]] && echo true || echo false)" | tee -a "$GITHUB_OUTPUT" + SECRETS: ${{ toJSON(secrets) }} + run: | + while read -r key; do + jq -nr --arg k "$key" --argjson s "$SECRETS" \ + 'if ($s[$k] // "") == "" then "false" else "true" end' \ + | xargs -I{} echo "$key={}" \ + | tee -a "$GITHUB_OUTPUT" + done <<< "$(jq -r 'keys[]' <<< "$SECRETS")" - name: Create GitHub App installation token id: checkout-app - if: steps.checkout-app-secrets.outputs.available == 'true' + if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true' uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.CHECKOUT_APP_ID }} diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml index 1756388..9c58ecd 100644 --- a/.github/workflows/go-test.yml +++ b/.github/workflows/go-test.yml @@ -63,15 +63,20 @@ jobs: ENV: ${{ inputs.env }} run: | echo "$ENV" >> $GITHUB_ENV - - name: Inspect checkout secrets - id: checkout-app-secrets + - name: Inspect secrets + id: secrets env: - APP_ID: ${{ secrets.CHECKOUT_APP_ID }} - PRIVATE_KEY: ${{ secrets.CHECKOUT_PRIVATE_KEY }} - run: echo "available=$([[ -n \"$APP_ID\" && -n \"$PRIVATE_KEY\" ]] && echo true || echo false)" | tee -a "$GITHUB_OUTPUT" + SECRETS: ${{ toJSON(secrets) }} + run: | + while read -r key; do + jq -nr --arg k "$key" --argjson s "$SECRETS" \ + 'if ($s[$k] // "") == "" then "false" else "true" end' \ + | xargs -I{} echo "$key={}" \ + | tee -a "$GITHUB_OUTPUT" + done <<< "$(jq -r 'keys[]' <<< "$SECRETS")" - name: Create GitHub App installation token id: checkout-app - if: steps.checkout-app-secrets.outputs.available == 'true' + if: steps.secrets.outputs.CHECKOUT_APP_ID == 'true' && steps.secrets.outputs.CHECKOUT_PRIVATE_KEY == 'true' uses: actions/create-github-app-token@v2 with: app-id: ${{ secrets.CHECKOUT_APP_ID }} @@ -190,6 +195,7 @@ jobs: id: coverages run: echo "files=$(find . -type f -name 'module-coverage.txt' | tr -s '\n' ',' | sed 's/,$//')" >> $GITHUB_OUTPUT - name: Upload coverage to Codecov + if: steps.secrets.outputs.CODECOV_TOKEN == 'true' uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # v5.5.0 env: OS: ${{ matrix.os }} diff --git a/CHANGELOG.md b/CHANGELOG.md index c3ccd06..ee46c2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - custom `runner` configuration to most workflows - `os-versions` input support to `go-test` workflow +### Changed +- disabled codecov when token is not available + ## [1.0.34] - 2025-09-16 ### Fixed - fixed outputs population in the `release-checker` workflow