-
Notifications
You must be signed in to change notification settings - Fork 2
157 lines (157 loc) · 6.38 KB
/
reusable-go-container-apps.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: reusable go container apps
on:
workflow_call:
inputs:
registryOverride:
required: false
type: string
description: |
a container registry to use instead of ghcr.io.
e.g:
- quay.io
- registry.gitlab.com/somecoolproject
- ghcr.io/somecoolproject/thing
registryGhcrUsernameOverride:
required: false
type: string
description: |
the GitHub username to use for ghcr auth override.
paths:
required: false
type: string
description: |
the Go entrypoint paths for applications, where there they have `package main`
e.g: ./cmd/thing1 ./cmd/thing2
platforms:
required: false
type: string
default: linux/amd64
description: |
the target platforms to build containers for.
e.g:
- all
- linux/amd64
- linux/arm64,linux/amd64
containerScanningEnabled:
type: boolean
default: false
required: false
description: |
specifies whether to enable container scanning for each image built
containerBuildEnabled:
type: boolean
default: ${{ github.ref == 'refs/heads/main' || contains(fromJSON('["workflow_call", "release"]'), github.event_name) }}
required: false
description: |
specifies whether to enable container scanning for each image built
push:
required: false
default: ${{ github.ref == 'refs/heads/main' }}
type: boolean
description: |
set to true to push an image to a registry. When set to false, it will build and exit
testSetup:
type: string
required: false
description: |
shell commands to setup the test environment
golangciSetup:
type: string
required: false
description: |
shell commands to setup the golangci-lint environment
aws-region:
type: string
default: ap-southeast-2
required: false
description: |
the AWS region to use; e.g ap-southeast-2
aws-role-arn-to-assume:
type: string
required: false
description: |
an AWS role ARN to assume.
e.g: arn:aws:iam::ACCOUNT_ID:role/github-actions-ROLE_NAME
aws-role-duration-seconds:
type: string
default: "3600"
required: false
description: |
the amount of seconds to hold a session open for.
aws-role-session-name:
type: string
required: false
description: |
the name of the session to use for AssumeRole(WithWebIdentity).
goTestExtraArgs:
required: false
type: string
description: |
extra args to pass `go test`
buildSetup:
required: false
type: string
description: |
shell commands to setup the build environment
koBuildConfigPath:
required: false
type: string
default: .ko.yaml
description: |
the path to a Ko config yaml
secrets:
GH_CI_USER_TOKEN:
required: false
outputs:
images:
value: ${{ jobs.build.outputs.images }}
jobs:
go-build:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-go-build-smoke-test.yml@main
with:
paths: ${{ inputs.paths }}
build:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "release"]'), github.event_name) && inputs.containerBuildEnabled && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-ko-build.yml@main
secrets: inherit
with:
registryOverride: ${{ inputs.registryOverride }}
paths: ${{ inputs.paths }}
aws-region: ${{ inputs.aws-region }}
aws-role-arn-to-assume: ${{ inputs.aws-role-arn-to-assume }}
aws-role-duration-seconds: ${{ inputs.aws-role-duration-seconds }}
aws-role-session-name: ${{ inputs.aws-role-session-name }}
registryGhcrUsernameOverride: ${{ inputs.registryGhcrUsernameOverride }}
setup: ${{ inputs.buildSetup }}
platforms: ${{ inputs.platforms }}
configPath: ${{ inputs.koBuildConfigPath }}
scan:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "release"]'), github.event_name) && inputs.containerScanningEnabled && startsWith(github.repository, 'GeoNet/') != false }}
needs: build
uses: GeoNet/Actions/.github/workflows/reusable-container-image-scan.yml@main
with:
imageRefs: ${{ needs.build.outputs.images }}
gofmt:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-gofmt.yml@main
golangci-lint:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-golangci-lint.yml@main
with:
setup: ${{ inputs.golangciSetup }}
go-test:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-go-test.yml@main
with:
setup: ${{ inputs.testSetup }}
extraArgs: ${{ inputs.goTestExtraArgs }}
go-vet:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-go-vet.yml@main
govulncheck:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-govulncheck.yml@main
goimports:
if: ${{ contains(fromJSON('["workflow_call", "workflow_dispatch", "push", "pull_request"]'), github.event_name) && startsWith(github.repository, 'GeoNet/') != false }}
uses: GeoNet/Actions/.github/workflows/reusable-goimports.yml@main