name: CI

on:
  push:
    branches: [ main, master ]
  pull_request:
    branches: [ main, master ]

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [1.21.x, 1.22.x]

    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: ${{ matrix.go-version }}

    - name: Download dependencies
      run: go mod download

    - name: Build
      run: go build -v ./...

    - name: Test
      run: go test -v -race ./...

    - name: Lint
      run: |
        go vet ./...
        test -z $(gofmt -l .)

  security-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4

    - name: Set up Go
      uses: actions/setup-go@v5
      with:
        go-version: 1.21.x

    - name: Run GoSec
      uses: securego/gosec@v2
      with:
        args: ./...