Go 1.24Fly.iogo test

Go + Fly.io

A compact Go workflow for tests, build, and Fly.io deployment.

ADesigned for a clean Pipegrade scan
.github/workflows/ci.yml
# Created by https://pipegrade.io# Template: Go + Fly.io# Edit at https://pipegrade.io/github-actions/go-fly name: Go CIon:  # Run only when Go source, modules, or Fly deploy config change.  push:    branches:      - main    paths:      - '**/*.go'      - go.mod      - go.sum      - fly.toml  pull_request:    paths:      - '**/*.go'      - go.mod      - go.sum permissions:  # Read-only is enough for checkout, test, and build; deploy uses FLY_API_TOKEN explicitly.  contents: read concurrency:  # Cancel older runs for the same branch or PR as soon as a newer commit is pushed.  group: go-${{ github.workflow }}-${{ github.ref }}  cancel-in-progress: true jobs:  test:    # Keep compact Go checks bounded and predictable.    timeout-minutes: 15    runs-on: ubuntu-latest    steps:      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c        with:          go-version: '1.24'          # setup-go caches downloaded modules based on go.sum.          cache: true      - run: go mod download      - run: go test ./...      - run: go build ./...      # No artifacts are uploaded by default. If you add binaries, set retention-days.      - name: Deploy to Fly.io        if: github.ref == 'refs/heads/main'        env:          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}        run: flyctl deploy --remote-only      - name: Notify on failure        if: failure()        run: echo "Send a failure notification to your team channel."

Why it grades A

Why this template grades A

Cost

Cost

Go module caching and path filters keep routine checks lean.

Security

Security

Actions are pinned to full commit SHAs and workflow permissions are read-only by default.

Performance

Performance

Build and test work is kept in one deterministic job unless the stack has a real dependency boundary.

Standards

Standards

Every job has timeout-minutes, a concurrency group, and clear deploy gating on main.

Already have a workflow?

Scan it before copying a starter.

Scan your workflow

Customize

Adapt before merging

  • Confirm the path filters match the directories that should trigger CI.
  • Replace deploy commands and secret names with your actual deployment target.
  • Adjust runner labels, language versions, and timeout-minutes for your workload.
  • Scan the adapted workflow before merging it.

Rules addressed

Checks covered by this template

missing-dependency-cacheunpinned-actionmissing-top-level-permissionsmissing-path-filtersmissing-pr-cancel-concurrencymissing-timeout-minutesmissing-concurrency-groupmissing-failure-notification

Related templates

Updates

Get template updates

These templates use reviewed action SHAs. Get notified when the template library expands.