Skip to content

ci: harden workflows, upgrade actions, fix caching#70

Open
paskal wants to merge 2 commits intoukeeper:masterfrom
paskal:ci/workflow-hardening
Open

ci: harden workflows, upgrade actions, fix caching#70
paskal wants to merge 2 commits intoukeeper:masterfrom
paskal:ci/workflow-hardening

Conversation

@paskal
Copy link
Member

@paskal paskal commented Mar 7, 2026

Changes

  • Reorder checkout before setup-go for proper dependency caching
  • Add permissions: contents: read for least-privilege security
  • Add persist-credentials: false to checkout step
  • Pin golangci-lint version to v2.11.1 (was latest)
  • Upgrade docker/setup-qemu-action v3 to v4
  • Upgrade docker/setup-buildx-action v3 to v4
  • Normalise cache-dependency-path (remove trailing slash)

Verified golangci-lint config is already v2 format (no migration needed).
golangci-lint v2.11.1 reports 7 pre-existing code issues (4 gosec, 1 prealloc, 2 revive) — these are not introduced by this PR.

@paskal paskal force-pushed the ci/workflow-hardening branch from 2f33e50 to d68a5cd Compare March 8, 2026 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@paskal