reduce permissions #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main | |
on: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
go-bench: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v3.5.2 | |
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | |
with: | |
go-version-file: './go.mod' | |
cache-dependency-path: './go.sum' | |
check-latest: true | |
- name: Run benchmark | |
run: | | |
set -o pipefail | |
make bench | tee bench_output.txt | |
- name: Get JSON for benchmark | |
uses: benchmark-action/github-action-benchmark@70405016b032d44f409e4b1b451c40215cbe2393 # v1.18.0 | |
with: | |
# What benchmark tool the output.txt came from | |
tool: 'go' | |
# Where the output from the benchmark tool is stored | |
output-file-path: bench_output.txt | |
# Updates the file content instead of generating a Git commit in GitHub Pages branch | |
external-data-json-path: ./cache/benchmark-data.json | |
# Workflow will fail when an alert happens | |
fail-on-alert: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
comment-on-alert: true | |
- name: Save benchmark JSON | |
uses: actions/cache/save@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: ./cache/benchmark-data.json | |
# Save with commit hash because actions/cache cannot override keys | |
key: ${{ github.sha }}-go-benchmark |