From 9944cbf4a9eda8ffa48712d67e6a3dac7fd94f60 Mon Sep 17 00:00:00 2001 From: lwhile Date: Wed, 22 Apr 2026 11:44:28 +0800 Subject: [PATCH] chore: add github quality checks --- .github/dependabot.yml | 14 +++++++++++ .github/workflows/ci.yml | 35 ++++++++++++++++++++++++++++ .github/workflows/codeql.yml | 41 +++++++++++++++++++++++++++++++++ .github/workflows/scorecard.yml | 36 +++++++++++++++++++++++++++++ README.md | 4 ++++ README.zh-CN.md | 4 ++++ 6 files changed, 134 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..67b96a5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 + +updates: + - package-ecosystem: gomod + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 5 + + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 5 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..07cdbd6 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,35 @@ +name: CI + +on: + push: + branches: + - main + - master + pull_request: + +permissions: + contents: read + +jobs: + test: + name: Test + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.19" + cache: true + + - name: Test + run: go test -race -coverprofile=coverage.out ./... + + - name: Upload coverage artifact + uses: actions/upload-artifact@v4 + with: + name: coverage + path: coverage.out diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..afcd769 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: CodeQL + +on: + push: + branches: + - main + - master + pull_request: + schedule: + - cron: "20 3 * * 1" + +permissions: + actions: read + contents: read + security-events: write + +jobs: + analyze: + name: Analyze Go + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: go + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.19" + cache: true + + - name: Autobuild + uses: github/codeql-action/autobuild@v4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000..e6528bb --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,36 @@ +name: OpenSSF Scorecard + +on: + branch_protection_rule: + push: + branches: + - main + - master + schedule: + - cron: "30 2 * * 1" + +permissions: + actions: read + checks: read + contents: read + id-token: write + pull-requests: read + security-events: write + +jobs: + scorecard: + name: Scorecard + runs-on: ubuntu-latest + + steps: + - name: Run analysis + uses: ossf/scorecard-action@v2.4.3 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: Upload SARIF results + uses: github/codeql-action/upload-sarif@v4 + with: + sarif_file: results.sarif diff --git a/README.md b/README.md index 553f47c..42a6b8a 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # totoro +[![CI](https://github.com/lwhile/totoro/actions/workflows/ci.yml/badge.svg)](https://github.com/lwhile/totoro/actions/workflows/ci.yml) +[![Go Report Card](https://goreportcard.com/badge/github.com/lwhile/totoro)](https://goreportcard.com/report/github.com/lwhile/totoro) +[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/lwhile/totoro/badge)](https://scorecard.dev/viewer/?uri=github.com/lwhile/totoro) + > [English](README.md) | [中文](README.zh-CN.md) `totoro` is a lightweight Go wrapper around `go-ethereum/ethclient` for EVM RPC reads and polling log subscriptions. It is designed for applications that depend on free or public RPC endpoints, where individual endpoints may fail, hang, lag behind, or be rate-limited. diff --git a/README.zh-CN.md b/README.zh-CN.md index 82fb84c..ab78c31 100644 --- a/README.zh-CN.md +++ b/README.zh-CN.md @@ -1,5 +1,9 @@ # totoro +[![CI](https://github.com/lwhile/totoro/actions/workflows/ci.yml/badge.svg)](https://github.com/lwhile/totoro/actions/workflows/ci.yml) +[![Go Report Card](https://goreportcard.com/badge/github.com/lwhile/totoro)](https://goreportcard.com/report/github.com/lwhile/totoro) +[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/lwhile/totoro/badge)](https://scorecard.dev/viewer/?uri=github.com/lwhile/totoro) + > [English](README.md) | [中文](README.zh-CN.md) `totoro` 是一个围绕 `go-ethereum/ethclient` 的轻量级 Go 封装,用于 EVM RPC 读取和轮询式日志订阅。它适合依赖免费或公共 RPC 的应用,因为这些端点可能会失败、卡住、落后或被限流。