ci: overhaul workflows - lint, security scanning, release hardening

- add golangci-lint job to go.yml (parallel with build+test)
- add Go 1.23/1.24 version matrix, coverage only on 1.24
- upgrade setup-go@v4 to v5, codecov@v4 to v5 across all workflows
- fix check-large-files bug (find|while never exits 1), exclude .git/
- add concurrency groups to push+PR workflows (no duplicate runs)
- lowercase all workflow names to match project voice
- add gosec, errorlint, gocognit, nilnil, wastedassign, usetesting linters
- remove deprecated exportloopref (Go 1.22 fixed loop var capture)
- new: govulncheck.yml - Go vuln scanner with call-graph analysis
- new: scorecard.yml - OpenSSF supply chain scorecard
- new: dependabot.yml - auto-update Go deps + Actions versions
- release: SHA256 checksums + SBOM generation for all artifacts
- add CODEOWNERS
This commit is contained in:
vmfunc
2026-02-13 01:03:19 +01:00
parent 662994caf1
commit 08874762ba
18 changed files with 199 additions and 50 deletions
+5 -1
View File
@@ -1,4 +1,4 @@
name: Qodana
name: qodana
on:
workflow_dispatch:
pull_request:
@@ -6,6 +6,10 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
qodana:
runs-on: ubuntu-latest