From 5ca2a42f56c256540dea54838e76605b64d0c386 Mon Sep 17 00:00:00 2001 From: Andrey Markelov Date: Sat, 4 Jul 2026 16:42:20 -0700 Subject: [PATCH] Add race detector, workflow linting, and CodeQL security scanning Strengthen CI with go test -race, actionlint for workflow validation, and GitHub CodeQL for automated vulnerability detection. Remove stale Go Report Card badge. --- .github/workflows/ci.yml | 21 +++++++++++++++++++++ .github/workflows/codeql.yml | 36 ++++++++++++++++++++++++++++++++++++ README.md | 1 - 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1dc30d79..c65a3ca0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,6 +28,16 @@ jobs: - run: go test ./... - run: go build ./... + race: + name: Race test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v7 + - uses: actions/setup-go@v6 + with: + go-version: "1.25" + - run: go test -race ./... + lint: name: Staticcheck runs-on: ubuntu-latest @@ -39,6 +49,17 @@ jobs: - run: go install honnef.co/go/tools/cmd/staticcheck@v0.7.0 - run: staticcheck ./... + workflow-lint: + name: GitHub Actions workflow lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v7 + - uses: actions/setup-go@v6 + with: + go-version: "1.25" + - run: go install github.com/rhysd/actionlint/cmd/actionlint@v1.7.12 + - run: actionlint + release-build: name: Release binary build runs-on: ubuntu-latest diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..cee84921 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,36 @@ +name: CodeQL + +on: + push: + branches: [master] + pull_request: + branches: [master] + schedule: + - cron: "37 8 * * 1" + workflow_dispatch: + +permissions: + actions: read + contents: read + security-events: write + +jobs: + analyze: + name: Analyze Go + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v7 + - uses: actions/setup-go@v6 + with: + go-version: "1.25" + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: go + + - name: Build + run: go build ./... + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 diff --git a/README.md b/README.md index c4323ef4..b1c0556c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # `dbxcli`: Dropbox from the command line [![CI](https://github.com/dropbox/dbxcli/actions/workflows/ci.yml/badge.svg)](https://github.com/dropbox/dbxcli/actions/workflows/ci.yml) -[![Go Report Card](https://goreportcard.com/badge/github.com/dropbox/dbxcli/v3?cache=v3)](https://goreportcard.com/report/github.com/dropbox/dbxcli/v3) `dbxcli` is a scriptable Dropbox CLI for files, shared links, teams, and automation workflows. It is built for humans in the terminal, scripts, CI jobs,