test.yml

name: Test
on: push
jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 30
    strategy:
      matrix:
        runtime:
          - '/var/run/docker.sock'
          - '/run/user/$UID/podman/podman.sock'
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: 'stable'
      - name: Test
        run: |
          export DOCKER_HOST="unix://${{ matrix.runtime }}"
          echo "Using ${DOCKER_HOST}"
          go test -race -timeout 0 -coverprofile=coverage.txt -covermode=atomic ./...
      - name: Coverage
        uses: codecov/codecov-action@v4
        with:
          file: coverage.txt

  linter:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: 'stable'
      - uses: golangci/golangci-lint-action@v6
        with:
          args: --timeout=10m

  advanced-security:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    timeout-minutes: 10
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: 'stable'
      - uses: github/codeql-action/init@v3
        with:
          languages: 'go'
      - uses: github/codeql-action/autobuild@v3
      - uses: github/codeql-action/analyze@v3

  release:
    needs:
      - test
      - linter
      - advanced-security
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
      contents: write
    if: ${{ github.ref == 'refs/heads/main' && github.event_name != 'pull_request' }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: 'stable'
      - run: make install-release-tool new-patch-release