ci: regenerate project layout with new features

.craft

@@ -2,6 +2,7 @@ ci:
   name: github
   options:
     - codecov
+    - codeql
     - dependabot
 license: mit
 maintainers:

.github/workflows/codeql.yml

@@ -0,0 +1,41 @@
+# Code generated by craft; DO NOT EDIT.
+
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: CodeQL
+run-name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  codeql:
+    name: CodeQL
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - go
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+      - uses: github/codeql-action/autobuild@v3
+      - uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/dependencies.yml

@@ -13,7 +13,8 @@ permissions:
 
 jobs:
 
-  go-dependencies-submission:
+  go-dependency-submission:
+    name: Go Dependency Submission
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4

.github/workflows/integration.yml

@@ -5,6 +5,11 @@ run-name: Integration
 
 on:
   pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
   push:
     branches:
       - main
@@ -15,8 +20,20 @@ on:
 
 jobs:
 
+  run-workflow:
+    name: Run Workflow
+    runs-on: ubuntu-latest
+    if: ${{ github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false && github.ref_protected != true) }}
+    outputs:
+      skip: ${{ steps.skip.outputs.skip }}
+    steps:
+      - id: skip
+        run: echo "Running workflow" && echo "skip=false" >> $GITHUB_OUTPUT
+
   go-vulncheck:
+    name: Go Vulnerability Check
     runs-on: ubuntu-latest
+    needs: run-workflow
     steps:
       - uses: golang/govulncheck-action@v1
         with:
@@ -25,7 +42,9 @@ jobs:
           go-version-file: go.mod
 
   go-lint:
+    name: Go Lint
     runs-on: ubuntu-latest
+    needs: run-workflow
     permissions:
       checks: write
     steps:
@@ -36,22 +55,22 @@ jobs:
           check-latest: true
           go-version-file: go.mod
           token: ${{ secrets.GITHUB_TOKEN }}
+      - run: mkdir -p reports/
       - uses: golangci/golangci-lint-action@v4
         with:
-          args: --config .golangci.yml --timeout 240s --fast --sort-results --out-format colored-line-number
+          args: --config .golangci.yml --timeout 240s --fast --sort-results --out-format checkstyle:reports/go-ci-lint.checkstyle.xml,colored-line-number
 
   go-test:
+    name: Go Test
+    runs-on: ${{ matrix.os }}
+    needs: run-workflow
     strategy:
       fail-fast: false
       matrix:
-        include:
-          - os: macos-latest
-            args: CGO_ENABLED="0"
-          - os: ubuntu-latest
-            args: CGO_ENABLED="0"
-          - os: windows-latest
-            args: env CGO_ENABLED="0"
-    runs-on: ${{ matrix.os }}
+        os:
+          - macos-latest
+          - ubuntu-latest
+          - windows-latest
     env:
       OS: ${{ matrix.os }}
     steps:
@@ -61,14 +80,28 @@ jobs:
           check-latest: true
           go-version-file: go.mod
           token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ${{ matrix.args }} go test ./... -coverpkg="./..." -covermode="count" -coverprofile="coverage.out"
+      - run: mkdir -p reports/
+      - run: go test ./... -coverpkg="./..." -covermode="count" -coverprofile="reports/go-coverage.native.out"
       - uses: codecov/codecov-action@v4
-        if: ${{ ! startsWith(github.base_ref, 'dependabot') }} # ignore codecov on dependabot branches
+        if: ${{ ! startsWith(github.head_ref, 'dependabot') }} # ignore codecov on dependabot branches
         with:
           codecov_yml_path: .codecov.yml
           disable_search: true
           env_vars: OS
           fail_ci_if_error: true
-          file: coverage.out
+          file: reports/go-coverage.native.out
           slug: ${{ github.repository }}
-          token: ${{ secrets.CODECOV_TOKEN }}
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  workflow-result:
+    name: Workflow Result
+    runs-on: ubuntu-latest
+    if: ${{ needs.run-workflow.outputs.skip == 'false' && ! cancelled() }}
+    needs:
+      - run-workflow
+      - go-vulncheck
+      - go-lint
+      - go-test
+    steps:
+      - run: exit 1
+        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}

.github/workflows/release.yml

@@ -14,18 +14,19 @@ on:
 jobs:
 
   version:
+    name: Version
     runs-on: ubuntu-latest
     permissions:
       contents: write
-      issues: write
-      pull-requests: write
     outputs:
       version: v${{ steps.semantic_release.outputs.new_release_version }}
       release: ${{ steps.release.outputs.release }}
     steps:
       - uses: actions/checkout@v4
       - id: sha
-        run: echo "sha=$(echo "${{ github.ref_name }}" | sha256sum | cut -c -8)" >> $GITHUB_OUTPUT
+        run: echo "sha=$(echo "$REF_NAME" | sha256sum | cut -c -8)" >> $GITHUB_OUTPUT
+        env:
+          REF_NAME: ${{ github.ref_name }}
       - id: semantic_release
         uses: cycjimmy/semantic-release-action@v4
         with:
@@ -54,33 +55,31 @@ jobs:
             ]
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - run: echo v${{ steps.semantic_release.outputs.new_release_version }}
+      - run: echo $VERSION
+        env:
+          VERSION: v${{ steps.semantic_release.outputs.new_release_version }}
       - id: release
         run: |
-          if [[ ${{ steps.semantic_release.outputs.new_release_version }} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          if [[ $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "release=true" >> $GITHUB_OUTPUT
           fi
+        env:
+          VERSION: ${{ steps.semantic_release.outputs.new_release_version }}
 
   release:
+    name: Release
     runs-on: ubuntu-latest
     if: github.ref_protected == true
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
+    environment: release
     env:
       GIT_AUTHOR_NAME: ${{ github.triggering_actor }}
       GIT_AUTHOR_EMAIL: ${{ github.triggering_actor }}@users.noreply.github.com
       GIT_COMMITTER_NAME: ${{ github.triggering_actor }}
       GIT_COMMITTER_EMAIL: ${{ github.triggering_actor }}@users.noreply.github.com
     steps:
       - uses: actions/checkout@v4
-      - id: sha
-        run: echo "sha=$(echo "${{ github.ref_name }}" | sha256sum | cut -c -8)" >> $GITHUB_OUTPUT
-      - uses: actions/download-artifact@v4
         with:
-          name: executables
-          path: dist
+          persist-credentials: false
       - id: semantic-release
         uses: cycjimmy/semantic-release-action@v4
         with:
@@ -103,8 +102,7 @@ jobs:
               { "name": "beta", "prerelease": true },
               { "name": "alpha", "prerelease": true },
               { "name": "staging", "prerelease": "beta" },
-              { "name": "develop", "prerelease": "alpha" },
-              { "name": "${{ github.ref_name }}", "prerelease": "${{ steps.sha.outputs.sha }}" }
+              { "name": "develop", "prerelease": "alpha" }
             ]
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}

.gitignore

@@ -25,8 +25,6 @@ go.work
 
 # reports
 reports/
-*.json
-*.xml
 
 # configs
 .env

.golangci.yml

@@ -345,4 +345,4 @@ linters:
     - typecheck
     - unconvert
     - unused
-    - whitespace
+    - whitespace

.releaserc.yml

@@ -12,6 +12,7 @@ plugins:
       - { type: docs, release: patch }
       - { type: chore, release: patch }
       - { type: refactor, release: minor }
+
       - { scope: release, release: false }
       parserOpts:
         noteKeywords:
@@ -42,7 +43,9 @@ plugins:
   - "@semantic-release/changelog"
   - "semantic-release-license"
   - - "@semantic-release/git"
-    - assets: [ "CHANGELOG.md", "LICENSE" ]
+    - assets:
+        - CHANGELOG.md
+        - LICENSE
       message: "chore(release): v${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
   - - "@semantic-release/github"
     - assets:

go.mod

@@ -1,6 +1,8 @@
 module github.com/kilianpaquier/pooling
 
-go 1.22
+go 1.22.0
+
+toolchain go1.22.1
 
 require (
 	github.com/panjf2000/ants/v2 v2.9.0

scripts/build.mk

@@ -1,14 +1,20 @@
 # Code generated by craft; DO NOT EDIT.
 
-CI_PROJECT_PATH := github.com/kilianpaquier/pooling
 GCI_CONFIG_PATH := .golangci.yml
 
+.PHONY: reports
+reports:
+	@mkdir -p reports/
+
 .PHONY: lint
-lint:
-	@gci write --skip-generated -s standard -s default -s "Prefix(${CI_PROJECT_PATH})" .
-	@golangci-lint run -c ${GCI_CONFIG_PATH} --timeout 120s --fast --sort-results \
-		--issues-exit-code 0 \
-		--out-format colored-line-number $(ARGS)
+lint: reports
+	@golangci-lint run -c ${GCI_CONFIG_PATH} --timeout 240s --fast --sort-results \
+		--out-format checkstyle:reports/go-ci-lint.checkstyle.xml,colored-line-number $(ARGS) || \
+		echo "golangci-lint failed, running 'make lint-fix' may fix some issues"
+
+.PHONY: lint-fix
+lint-fix: reports
+	@ARGS="--fix" make -s lint
 
 .PHONY: test
 test: lint
@@ -19,5 +25,5 @@ test-race: lint
 	@go test ./... -race
 
 .PHONY: test-cover
-test-cover: lint
-	@go test ./... -coverpkg=./... -covermode=count -coverprofile=coverage.out
+test-cover: lint reports
+	@go test ./... -coverpkg="./..." -covermode="count" -coverprofile="reports/go-coverage.native.out"