Do not run actions on pull requests

It's a security minefield. Thanks to caching of the build environment, not even read-only actions are safe.
Add GitHub Actions for test and lint
2025-07-01 10:35:33 +02:00 · 2025-06-23 23:20:54 -04:00 · 2025-06-23 23:10:11 -04:00 · 2025-06-23 23:10:05 -04:00 · 2025-06-23 22:33:57 -04:00 · 2025-06-23 16:32:35 -04:00
9 changed files with 48 additions and 8 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -0,0 +1,35 @@
+name: Test and lint Go Code
+
+on:
+  push:
+  schedule:
+    - cron: '42 9 * * *' # Runs daily at 09:42 UTC
+  workflow_dispatch:     # Allows manual triggering
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Run tests
+        run: CGO_ENABLED=1 go test -race ./...
+
+      - name: Install staticcheck
+        run: go install honnef.co/go/tools/cmd/staticcheck@latest
+
+      - name: Run staticcheck
+        run: staticcheck ./...
--- a/asn1.go
+++ b/asn1.go
@ -46,7 +46,7 @@ func decodeASN1String(value *asn1.RawValue) (string, error) {
 		if value.Tag == 12 {
 			// UTF8String
 			if !utf8.Valid(value.Bytes) {
-				return "", errors.New("Malformed UTF8String")
+				return "", errors.New("malformed UTF8String")
 			}
 			return string(value.Bytes), nil
 		} else if value.Tag == 19 || value.Tag == 22 || value.Tag == 20 || value.Tag == 26 {
@ -74,5 +74,5 @@ func decodeASN1String(value *asn1.RawValue) (string, error) {
 			return stringFromUint32Slice(runes), nil
 		}
 	}
-	return "", errors.New("Not a string")
+	return "", errors.New("not a string")
 }
--- a/asn1time.go
+++ b/asn1time.go
@ -253,5 +253,5 @@ func decodeASN1Time(value *asn1.RawValue) (time.Time, error) {
 			return parseGeneralizedTime(value.Bytes)
 		}
 	}
-	return time.Time{}, errors.New("Not a time value")
+	return time.Time{}, errors.New("not a time value")
 }
--- a/cmd/certspotter/main.go
+++ b/cmd/certspotter/main.go
@ -25,6 +25,7 @@ import (
 	"syscall"
 	"time"

+	"software.sslmate.com/src/certspotter/ctclient"
 	"software.sslmate.com/src/certspotter/loglist"
 	"software.sslmate.com/src/certspotter/monitor"
 )
@ -139,6 +140,7 @@ func appendFunc(slice *[]string) func(string) error {

 func main() {
 	loglist.UserAgent = fmt.Sprintf("certspotter/%s (%s; %s; %s)", certspotterVersion(), runtime.Version(), runtime.GOOS, runtime.GOARCH)
+	ctclient.UserAgent = fmt.Sprintf("certspotter/%s (+https://github.com/SSLMate/certspotter)", certspotterVersion())

 	var flags struct {
 		batchSize   bool
--- a/ctclient/client.go
+++ b/ctclient/client.go
@ -24,6 +24,8 @@ import (
 	"time"
 )

+var UserAgent = "software.sslmate.com/src/certspotter"
+
 // Create an HTTP client suitable for communicating with CT logs.  dialContext, if non-nil, is used for dialing.
 func NewHTTPClient(dialContext func(context.Context, string, string) (net.Conn, error)) *http.Client {
 	return &http.Client{
@ -61,7 +63,7 @@ func get(ctx context.Context, httpClient *http.Client, fullURL string) ([]byte,
 	if err != nil {
 		return nil, err
 	}
-	request.Header.Set("User-Agent", "") // Don't send a User-Agent to make life harder for malicious logs
+	request.Header.Set("User-Agent", UserAgent)

 	if httpClient == nil {
 		httpClient = defaultHTTPClient
--- a/loglist/load.go
+++ b/loglist/load.go
@ -21,7 +21,7 @@ import (
 	"time"
 )

-var UserAgent = "certspotter"
+var UserAgent = "software.sslmate.com/src/certspotter"

 type ModificationToken struct {
 	etag     string
@ -112,7 +112,7 @@ func Unmarshal(jsonBytes []byte) (*List, error) {
 		return nil, err
 	}
 	if err := list.Validate(); err != nil {
-		return nil, fmt.Errorf("Invalid log list: %s", err)
+		return nil, fmt.Errorf("invalid log list: %s", err)
 	}
 	return list, nil
 }
--- a/monitor/monitor.go
+++ b/monitor/monitor.go
@ -206,7 +206,7 @@ func newLogClient(config *Config, ctlog *loglist.Log) (ctclient.Log, ctclient.Is
 				logGetter: client,
 			}, nil
 	default:
-		return nil, nil, fmt.Errorf("log uses unknown protocol")
+		return nil, nil, errors.New("log uses unknown protocol")
 	}
 }

--- a/monitor/notify.go
+++ b/monitor/notify.go
@ -99,7 +99,7 @@ func sendEmail(ctx context.Context, to []string, notif *notification) error {
 	if err := sendmail.Run(); err == nil || err == exec.ErrWaitDelay {
 		return nil
 	} else if sendmailCtx.Err() != nil && ctx.Err() == nil {
-		return fmt.Errorf("error sending email to %v: sendmail command timed out")
+		return fmt.Errorf("error sending email to %v: sendmail command timed out", to)
 	} else if ctx.Err() != nil {
 		// if the context was canceled, we can't be sure that the error is the fault of sendmail, so ignore it
 		return ctx.Err()
--- a/staticcheck.conf
+++ b/staticcheck.conf
@ -0,0 +1 @@
+checks = ["inherit", "-ST1005", "-S1002"]
Author	SHA1	Message	Date
Andrew Ayer	b649b399e4	Do not run actions on pull requests It's a security minefield. Thanks to caching of the build environment, not even read-only actions are safe.	2025-06-23 23:20:54 -04:00
Andrew Ayer	aecfa745ca	Add GitHub Actions for test and lint	2025-06-23 23:10:11 -04:00
Andrew Ayer	f5779c283c	Add staticcheck configuration	2025-06-23 23:10:05 -04:00
Andrew Ayer	3e811e86d7	Decapitalize some error messages	2025-06-23 22:33:57 -04:00
Andrew Ayer	a4048f47f8	Send helpful User-Agent string with all requests	2025-06-23 16:32:35 -04:00
Daniel Peukert	187aed078c	Fix fmt typos	2025-06-23 19:27:39 +02:00