From 4d6adde5a975d92f46f03433ca50bb603c82d353 Mon Sep 17 00:00:00 2001
From: Brian Cunnie <brian.cunnie@gmail.com>
Date: Sat, 18 Jan 2025 19:13:07 -0800
Subject: [PATCH] CI runs on GitHub Actions

- on a self-hosted runner
- pull requests don't trigger actions (security)
- forks don't trigger actions (security)
- run in a container (fedora-golang-bosh) (security)
---
 .github/workflows/ci.yml | 27 ++++++++-------------------
 1 file changed, 8 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 61a7c96..67f132b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,39 +3,28 @@ name: CI
 on:
   push:
     branches: [ main ]
-  pull_request:
-    branches: [ main ]
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    # Only run on main repo, not forks
+    if: github.repository == 'cunnie/sslip.io'
+    runs-on: self-hosted
+    container: cunnie/fedora-golang-bosh
     steps:
     - uses: actions/checkout@v4
 
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.21'
-
-    - name: Build
-      run: go build -v ./...
-
     - name: Test
-      run: go test -v ./...
+      run: ginkgo -r -p .
 
   release:
     needs: build
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    runs-on: self-hosted
+    container: cunnie/fedora-golang-bosh
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main' && github.repository == 'cunnie/sslip.io'
     
     steps:
     - uses: actions/checkout@v4
     
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.21'
-    
     - name: Build Release Binary
       run: |
         GOOS=linux GOARCH=amd64 go build -o sslip-linux-amd64