diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 494ab29..d1b4270 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -1,81 +1,29 @@ name: CI on: - push: - branches: [master] pull_request: + types: + - opened + - synchronize + paths-ignore: + # In case of updates to those workflows, they must be pre-checked by `pre-check-CI-updates.yml` rather than this workflow ! + # Any updates on those workflows are expected to be restricted to those workflows only ! (no update on code for instance) + - '.github/workflows/pre-check-CI-updates.yml' + - '.github/workflows/CI.yml' + - '.github/workflows/coverage-upload.yml' + - '.github/workflows/reusable-CI-workflow.yml' + - '.github/workflows/reusable-coverage-upload-workflow.yml' + branches: [master] + push: branches: [master] concurrency: - group: "${{ github.workflow }}-${{ github.head_ref }}" + group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" cancel-in-progress: true jobs: - coverage: - name: Coverage - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: ./go.mod - check-latest: true - cache: true - cache-dependency-path: ./go.sum - - - name: Build - run: make build - - - name: Run tests - run: make test-go gotest_o="-race -covermode=atomic -coverprofile=coverage.out" - - - name: Create coverage group - id: tests-coverage-group - uses: yoanm/temp-reports-group-workspace/.github/actions/create-action@develop - with: - format: clover - files: coverage.out - path: build/coverage-groups - - - name: Upload coverage reports - uses: actions/upload-artifact@v4 - with: - name: coverage-group - path: build/coverage-groups - if-no-files-found: error - - static: - name: Static checks - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version-file: ./go.mod - check-latest: true - cache: true - cache-dependency-path: ./go.sum - - - name: Verify dependencies - run: make verify-deps - - - name: golangci-lint - uses: golangci/golangci-lint-action@v4 - with: - version: v1.57 - - - name: Documentation - env: - CI: false # If true, command thinks it's goreadme GHAction context (see https://github.com/posener/goreadme/issues/120) - run: | - make configure-dev-env && make build-doc - if [ ! "$(git status -s | wc -l)" -eq 0 ]; then - echo "::error::Documentation is not up to date ! Run 'make build-doc' " - exit 1; - fi - echo "Documentation is up to date 👌" - exit 0 + tests: + name: Tests + permissions: + contents: read + uses: ./.github/workflows/reusable-CI-workflow.yml diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml index 1e7627c..9428e0d 100644 --- a/.github/workflows/coverage-upload.yml +++ b/.github/workflows/coverage-upload.yml @@ -1,59 +1,16 @@ -name: 'Coverage upload' +name: 'Coverage' on: workflow_run: workflows: ["CI"] types: [completed] jobs: - fetch-info: - name: Fetch triggering workflow metadata - runs-on: ubuntu-latest - permissions: - contents: read - checks: write # For the check run creation ! - steps: - - name: 'Check run ○' - uses: yoanm/temp-reports-group-workspace/.github/actions/attach-check-run-to-triggering-workflow-action@develop - with: - name: 'Fetch coverage info' - fails-on-triggering-workflow-failure: true - - - uses: yoanm/temp-reports-group-workspace/.github/actions/fetch-workflow-metadata-action@develop - id: fetch-workflow-metadata - - outputs: - commit-sha: ${{ steps.fetch-workflow-metadata.outputs.commit-sha }} - run-id: ${{ steps.fetch-workflow-metadata.outputs.run-id }} - - codacy-uploader: - name: Codacy - needs: [fetch-info] - uses: yoanm/temp-reports-group-workspace/.github/workflows/codacy-upload-from-artifacts.yml@develop - permissions: - contents: read - checks: write # For the check run creation ! - secrets: - PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} - with: - artifact: coverage-group - run-id: ${{ needs.fetch-info.outputs.run-id }} - language: go - force-coverage-parser: go - - codecov-uploader: - name: Codecov - needs: [fetch-info] - uses: yoanm/temp-reports-group-workspace/.github/workflows/codecov-upload-from-artifacts.yml@develop + upload: + name: Upload permissions: contents: read checks: write # For the check run creation ! secrets: - TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - artifact: coverage-group - run-id: ${{ needs.fetch-info.outputs.run-id }} - override-commit: ${{ needs.fetch-info.outputs.commit-sha }} - override-branch: ${{ needs.fetch-info.outputs.branch }} - override-pr: ${{ needs.fetch-info.outputs.pr-number }} - override-build: ${{ needs.fetch-info.outputs.run-id }} - override-build-url: ${{ needs.fetch-info.outputs.run-url }} + CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + uses: ./.github/workflows/reusable-coverage-upload-workflow.yml diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml new file mode 100644 index 0000000..701bf0c --- /dev/null +++ b/.github/workflows/pre-check-CI-updates.yml @@ -0,0 +1,40 @@ +name: 'Test CI updates' +# [DESCRIPTION] +# As CI workflow relies on `workflow_run` trigger for upload, this workflow is used in order to ease updates made on +# CI workflow (or linked workflows/actions). It's kind of pre-check to ensure once updates are merged on main branch, +# the `workflow_run` workflow execution will behave as expected. + +on: + pull_request: + types: + - opened + - synchronize + branches: [master] # Only for PR targeting master branch + paths: # /!\ Duplicate the same list as `on.pull_request.paths-ignore` property value for CI workflow ! + - '.github/workflows/pre-check-CI-updates.yml' # This workflow + - '.github/workflows/CI.yml' + - '.github/workflows/coverage-upload.yml' + - '.github/workflows/reusable-CI-workflow.yml' + - '.github/workflows/reusable-coverage-upload-workflow.yml' + +concurrency: + group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}" + cancel-in-progress: true + +jobs: + tests: + name: Tests + permissions: + contents: read + uses: ./.github/workflows/reusable-CI-workflow.yml + + upload: + name: Upload + needs: [tests] + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + uses: ./.github/workflows/reusable-coverage-upload-workflow.yml diff --git a/.github/workflows/reusable-CI-workflow.yml b/.github/workflows/reusable-CI-workflow.yml new file mode 100644 index 0000000..61f9707 --- /dev/null +++ b/.github/workflows/reusable-CI-workflow.yml @@ -0,0 +1,81 @@ +name: CI + +on: + push: + branches: [master] + pull_request: + branches: [master] + +concurrency: + group: "${{ github.workflow }}-${{ github.head_ref }}" + cancel-in-progress: true + +jobs: + coverage: + name: Go + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: ./go.mod + check-latest: true + cache: true + cache-dependency-path: ./go.sum + + - name: Build + run: make build + + - name: Run tests + run: make test-go gotest_o="-race -covermode=atomic -coverprofile=coverage.out" + + - name: Create coverage group + id: tests-coverage-group + uses: yoanm/temp-reports-group-workspace/.github/actions/create-action@develop + with: + format: clover + files: coverage.out + path: build/coverage-groups + + - name: Upload coverage reports + uses: actions/upload-artifact@v4 + with: + name: coverage-group + path: build/coverage-groups + if-no-files-found: error + + static: + name: Static analysis + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: ./go.mod + check-latest: true + cache: true + cache-dependency-path: ./go.sum + + - name: Verify dependencies + run: make verify-deps + + - name: golangci-lint + uses: golangci/golangci-lint-action@v4 + with: + version: v1.57 + + - name: Documentation + env: + CI: false # If true, command thinks it's goreadme GHAction context (see https://github.com/posener/goreadme/issues/120) + run: | + make configure-dev-env && make build-doc + if [ ! "$(git status -s | wc -l)" -eq 0 ]; then + echo "::error::Documentation is not up to date ! Run 'make build-doc' " + exit 1; + fi + echo "Documentation is up to date 👌" + exit 0 diff --git a/.github/workflows/reusable-coverage-upload-workflow.yml b/.github/workflows/reusable-coverage-upload-workflow.yml new file mode 100644 index 0000000..a4467ed --- /dev/null +++ b/.github/workflows/reusable-coverage-upload-workflow.yml @@ -0,0 +1,65 @@ +name: 'Coverage upload reusable workflow' + +on: + workflow_call: + secrets: + CODACY_PROJECT_TOKEN: + required: true + CODECOV_TOKEN: + required: true + +jobs: + fetch-info: + name: Fetch triggering workflow metadata + runs-on: ubuntu-latest + permissions: + contents: read + checks: write # For the check run creation ! + steps: + - name: 'Check run ○' + uses: yoanm/temp-reports-group-workspace/gha-attach-check-run-to-triggering-workflow@v0 + with: + name: 'Fetch coverage info' + fails-on-triggering-workflow-failure: true + + - uses: yoanm/temp-reports-group-workspace/gha-fetch-workflow-metadata@v0 + id: fetch-workflow-metadata + + outputs: + commit-sha: ${{ steps.fetch-workflow-metadata.outputs.commit-sha }} + run-id: ${{ steps.fetch-workflow-metadata.outputs.run-id }} + + codacy-uploader: + name: Codacy + needs: [fetch-info] + uses: yoanm/temp-reports-group-workspace/.github/workflows/codacy-upload-from-artifacts.yml@v0 + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }} + with: + artifacts-pattern: coverage-groups-* + run-id: ${{ needs.fetch-info.outputs.run-id }} + force-git-commit: ${{ needs.fetch-info.outputs.commit-sha }} + force-uploader-language: go + force-uploader-coverage-parser: go + # force-uploader-cli-version: ... + + codecov-uploader: + name: Codecov + needs: [fetch-info] + uses: yoanm/temp-reports-group-workspace/.github/workflows/codecov-upload-from-artifacts.yml@v0 + permissions: + contents: read + checks: write # For the check run creation ! + secrets: + TOKEN: ${{ secrets.CODECOV_TOKEN }} + with: + artifacts-pattern: coverage-groups-* + run-id: ${{ needs.fetch-info.outputs.run-id }} + force-git-commit: ${{ needs.fetch-info.outputs.commit-sha }} + force-git-branch: ${{ needs.fetch-info.outputs.branch }} + force-gh-pr: ${{ needs.fetch-info.outputs.pr-number }} + force-uploader-build: ${{ needs.fetch-info.outputs.run-id }} + force-uploader-build-url: ${{ needs.fetch-info.outputs.run-url }}