-
Notifications
You must be signed in to change notification settings - Fork 7
174 lines (154 loc) · 5.05 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
name: ci
env:
commit_msg: ""
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch: {}
# Inputs are available under: github.event.inputs.{name}
# inputs:
# name:
# description: 'Variable description'
# required: true
# default: 'default value here'
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch
jobs:
# Scan direct Go dependencies for known vulnerabilities
scan:
name: scan for vulnerabilities
runs-on: ubuntu-latest
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.21.x
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# List direct dependencies
- name: List dependencies
run: go list -mod=readonly -f '{{if not .Indirect}}{{.}}{{end}}' -m all > go.list
# Scan dependencies using Nancy
# Can be excluded if the commit message contains: [scan-deps skip]
# https://github.com/sonatype-nexus-community/nancy-github-action
- name: Scan dependencies
id: scan-deps
if: ${{ !contains(env.commit_msg, '[scan-deps skip]') }}
uses: sonatype-nexus-community/[email protected]
# Validate the protocol buffer definitions on the project
# using 'buf'. Remove if not required.
protos:
name: validate protobuf definitions
needs: scan
runs-on: ubuntu-latest
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: 1.21.x
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# Setup buf
- name: Setup buf
id: buf-setup
uses: bufbuild/[email protected]
with:
version: 1.17.0
github_token: ${{ github.token }}
# Static analysis
- name: Static analysis
id: buf-lint
uses: bufbuild/[email protected]
if: ${{ steps.buf-setup.outcome == 'success' }}
# Detect breaking changes
- name: Detect breaking changes
id: buf-breaking
uses: bufbuild/[email protected]
if: steps.buf-lint.outcome == 'success' && !contains(env.commit_msg, '[buf-breaking skip]')
with:
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.repository.default_branch }}"
env:
BUF_INPUT_HTTPS_USERNAME: ${{ github.actor }}
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.ACCESS_TOKEN }}
# Runs on every push and pull request on the selected branches.
# Can also be executed manually.
test:
name: code quality and correctness
needs: protos
strategy:
matrix:
go-version: [1.19.x, 1.20.x, 1.21.x]
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 15
steps:
# Checkout code
- name: Checkout repository
uses: actions/checkout@v4
# Configure runner environment
- name: Set up runner environment
run: ./.github/workflows/assets/utils.sh setup
env:
GITHUB_USER: ${{ github.actor }}
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
# Go
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go-version }}
# Get commit message
- name: Get commit message
run: |
echo 'commit_msg<<EOF' >> $GITHUB_ENV
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
# Style consistency and static analysis using 'golangci-lint'
# https://github.com/marketplace/actions/run-golangci-lint
- name: Static analysis
uses: golangci/golangci-lint-action@v3
with:
version: v1.54.2
# Run unit tests
- name: Test
run: make test
# Ensure project compile and build successfully
- name: Build
run: make build-for os=linux arch=amd64
# Save artifacts
- name: Save artifacts
uses: actions/upload-artifact@v3
with:
name: assets
path: |
coverage.html