Do not run actions on pull requests

It's a security minefield. Thanks to caching of the build environment, not even read-only actions are safe.
Add GitHub Actions for test and lint
2025-07-01 10:35:33 +02:00 · 2025-06-23 23:20:54 -04:00 · 2025-06-23 23:10:11 -04:00 · 2025-06-23 23:10:05 -04:00 · 2025-06-23 22:33:57 -04:00 · 2025-06-23 16:32:35 -04:00
9 changed files with 48 additions and 8 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -0,0 +1,35 @@
 name: Test and lint Go Code
 on:
  push:
  schedule:
    - cron: '42 9 * * *' # Runs daily at 09:42 UTC
  workflow_dispatch:     # Allows manual triggering
 permissions:
  contents: read
 jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: go.mod
      - name: Run tests
        run: CGO_ENABLED=1 go test -race ./...
      - name: Install staticcheck
        run: go install honnef.co/go/tools/cmd/staticcheck@latest
      - name: Run staticcheck
        run: staticcheck ./...
--- a/asn1.go
+++ b/asn1.go
@ -46,7 +46,7 @@ func decodeASN1String(value *asn1.RawValue) (string, error) {
 		if value.Tag == 12 {
 			// UTF8String
 			if !utf8.Valid(value.Bytes) {
-				return "", errors.New("Malformed UTF8String")
+				return "", errors.New("malformed UTF8String")
 			}
 			return string(value.Bytes), nil
 		} else if value.Tag == 19 || value.Tag == 22 || value.Tag == 20 || value.Tag == 26 {
@ -74,5 +74,5 @@ func decodeASN1String(value *asn1.RawValue) (string, error) {
 			return stringFromUint32Slice(runes), nil
 		}
 	}
-	return "", errors.New("Not a string")
+	return "", errors.New("not a string")
 }
--- a/asn1time.go
+++ b/asn1time.go
@ -253,5 +253,5 @@ func decodeASN1Time(value *asn1.RawValue) (time.Time, error) {
 			return parseGeneralizedTime(value.Bytes)
 		}
 	}
-	return time.Time{}, errors.New("Not a time value")
+	return time.Time{}, errors.New("not a time value")
 }
--- a/cmd/certspotter/main.go
+++ b/cmd/certspotter/main.go
@ -25,6 +25,7 @@ import (
 	"syscall"
 	"time"
 	"software.sslmate.com/src/certspotter/ctclient"
 	"software.sslmate.com/src/certspotter/loglist"
 	"software.sslmate.com/src/certspotter/monitor"
 )
@ -139,6 +140,7 @@ func appendFunc(slice *[]string) func(string) error {
 func main() {
 	loglist.UserAgent = fmt.Sprintf("certspotter/%s (%s; %s; %s)", certspotterVersion(), runtime.Version(), runtime.GOOS, runtime.GOARCH)
 	ctclient.UserAgent = fmt.Sprintf("certspotter/%s (+https://github.com/SSLMate/certspotter)", certspotterVersion())
 	var flags struct {
 		batchSize   bool
--- a/ctclient/client.go
+++ b/ctclient/client.go
@ -24,6 +24,8 @@ import (
 	"time"
 )
 var UserAgent = "software.sslmate.com/src/certspotter"
 // Create an HTTP client suitable for communicating with CT logs.  dialContext, if non-nil, is used for dialing.
 func NewHTTPClient(dialContext func(context.Context, string, string) (net.Conn, error)) *http.Client {
 	return &http.Client{
@ -61,7 +63,7 @@ func get(ctx context.Context, httpClient *http.Client, fullURL string) ([]byte,
 	if err != nil {
 		return nil, err
 	}
-	request.Header.Set("User-Agent", "") // Don't send a User-Agent to make life harder for malicious logs
+	request.Header.Set("User-Agent", UserAgent)
 	if httpClient == nil {
 		httpClient = defaultHTTPClient
--- a/loglist/load.go
+++ b/loglist/load.go
@ -21,7 +21,7 @@ import (
 	"time"
 )
-var UserAgent = "certspotter"
+var UserAgent = "software.sslmate.com/src/certspotter"
 type ModificationToken struct {
 	etag     string
@ -112,7 +112,7 @@ func Unmarshal(jsonBytes []byte) (*List, error) {
 		return nil, err
 	}
 	if err := list.Validate(); err != nil {
-		return nil, fmt.Errorf("Invalid log list: %s", err)
+		return nil, fmt.Errorf("invalid log list: %s", err)
 	}
 	return list, nil
 }
--- a/monitor/monitor.go
+++ b/monitor/monitor.go
@ -206,7 +206,7 @@ func newLogClient(config *Config, ctlog *loglist.Log) (ctclient.Log, ctclient.Is
 				logGetter: client,
 			}, nil
 	default:
-		return nil, nil, fmt.Errorf("log uses unknown protocol")
+		return nil, nil, errors.New("log uses unknown protocol")
 	}
 }
--- a/monitor/notify.go
+++ b/monitor/notify.go
@ -99,7 +99,7 @@ func sendEmail(ctx context.Context, to []string, notif *notification) error {
 	if err := sendmail.Run(); err == nil || err == exec.ErrWaitDelay {
 		return nil
 	} else if sendmailCtx.Err() != nil && ctx.Err() == nil {
-		return fmt.Errorf("error sending email to %v: sendmail command timed out")
+		return fmt.Errorf("error sending email to %v: sendmail command timed out", to)
 	} else if ctx.Err() != nil {
 		// if the context was canceled, we can't be sure that the error is the fault of sendmail, so ignore it
 		return ctx.Err()
--- a/staticcheck.conf
+++ b/staticcheck.conf
@ -0,0 +1 @@
 checks = ["inherit", "-ST1005", "-S1002"]
Author	SHA1	Message	Date
Andrew Ayer	b649b399e4	Do not run actions on pull requests It's a security minefield. Thanks to caching of the build environment, not even read-only actions are safe.	2025-06-23 23:20:54 -04:00
Andrew Ayer	aecfa745ca	Add GitHub Actions for test and lint	2025-06-23 23:10:11 -04:00
Andrew Ayer	f5779c283c	Add staticcheck configuration	2025-06-23 23:10:05 -04:00
Andrew Ayer	3e811e86d7	Decapitalize some error messages	2025-06-23 22:33:57 -04:00
Andrew Ayer	a4048f47f8	Send helpful User-Agent string with all requests	2025-06-23 16:32:35 -04:00
Daniel Peukert	187aed078c	Fix fmt typos	2025-06-23 19:27:39 +02:00