vaas-golang-ci #795
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: vaas-golang-ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "golang/vaas/**" | |
| - ".github/workflows/ci-golang.yaml" | |
| tags: | |
| - "golang/vaas/v*.*.*" | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - "golang/vaas/**" | |
| - ".github/workflows/ci-golang.yaml" | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| type: choice | |
| description: "Test environment" | |
| options: | |
| - production | |
| - staging | |
| - develop | |
| default: "production" | |
| env: | |
| LATEST_PATH: v3/ | |
| CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| CLIENT_SECRET: ${{secrets.CLIENT_SECRET}} | |
| VAAS_URL: "wss://gateway.production.vaas.gdatasecurity.de" | |
| TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token" | |
| VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }} | |
| VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }} | |
| VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}} | |
| jobs: | |
| extract-major-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| major_version: ${{ steps.extract_major_version.outputs.major_version }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Extract major version | |
| id: extract_major_version | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: echo "major_version=$(echo ${GITHUB_REF#refs/tags/golang/vaas/} | cut -d '.' -f 1)" >> "$GITHUB_OUTPUT" | |
| virus-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Scan for Viruses | |
| uses: ./.github/actions/vaas-scan-action | |
| with: | |
| VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }} | |
| VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }} | |
| build-golang: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: golang:latest | |
| strategy: | |
| matrix: | |
| version-directory: ["./", "v2/", "v3/"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: set legacy vaas gateway for production | |
| run: | | |
| if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
| echo "VAAS_URL=wss://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| else | |
| echo "VAAS_URL=https://gateway.production.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| fi | |
| - name: set staging environment | |
| if: (inputs.environment == 'staging' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-beta'))) | |
| run: | | |
| echo "Beta version: Testing against staging" | |
| echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV | |
| echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV | |
| if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
| echo "VAAS_URL=wss://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| else | |
| echo "VAAS_URL=https://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| fi | |
| echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
| echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
| - name: set develop environment | |
| if: (inputs.environment == 'develop' || (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-alpha'))) | |
| run: | | |
| echo "Alpha version: Testing against develop" | |
| echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV | |
| echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV | |
| if [ "${{ matrix.version-directory }}" = "./" -o "${{ matrix.version-directory }}" = "v2/" ]; then | |
| echo "VAAS_URL=wss://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| else | |
| echo "VAAS_URL=https://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV | |
| fi | |
| echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV | |
| echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV | |
| echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV | |
| - name: run tests | |
| run: go test -race ./... | |
| working-directory: golang/vaas/${{ matrix.version-directory }} | |
| - name: Microsoft Teams Notification | |
| uses: skitionek/notify-microsoft-teams@master | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} | |
| codeql: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 360 | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: go | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v4 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| category: "/language:go" | |
| - name: Microsoft Teams Notification | |
| uses: skitionek/notify-microsoft-teams@master | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| title: "`Failed codeql on for VaaS-SDK ${GITHUB_WORKFLOW}`" | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} | |
| vulncheck: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: golang:latest | |
| strategy: | |
| matrix: | |
| version-directory: [".", "v2", "v3"] | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install govulncheck | |
| run: go install golang.org/x/vuln/cmd/govulncheck@latest | |
| shell: bash | |
| - name: Run govulncheck | |
| run: govulncheck ./${{ matrix.version-directory }}... | |
| working-directory: golang/vaas/ | |
| shell: bash | |
| - name: Microsoft Teams Notification | |
| uses: skitionek/notify-microsoft-teams@master | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - extract-major-version | |
| - virus-scan | |
| - build-golang | |
| - codeql | |
| - vulncheck | |
| steps: | |
| - name: publish module | |
| env: | |
| MAJOR_VERSION: ${{ needs.extract-major-version.outputs.major_version }} | |
| if: startsWith(github.ref, 'refs/tags/golang/vaas/v3') | |
| run: | | |
| if [ "$MAJOR_VERSION" = "v1" ]; then | |
| GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas@${GITHUB_REF#refs/tags/golang/vaas/} | |
| else | |
| GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas/${MAJOR_VERSION}@${GITHUB_REF#refs/tags/golang/vaas/} | |
| fi | |
| - name: Microsoft Teams Notification | |
| uses: skitionek/notify-microsoft-teams@master | |
| if: failure() | |
| with: | |
| webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }} | |
| title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`" | |
| job: ${{ toJson(job) }} | |
| steps: ${{ toJson(steps) }} | |
| deploy-git-scan: | |
| if: startsWith(github.ref, 'refs/tags/golang/vaas/v1') | |
| needs: | |
| - extract-major-version | |
| - virus-scan | |
| - build-golang | |
| - codeql | |
| - vulncheck | |
| permissions: | |
| contents: read | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract version info | |
| id: extract_version | |
| run: | | |
| raw_version="${GITHUB_REF##*/}" | |
| clean_version="${raw_version#v}" | |
| major="$(echo "$clean_version" | cut -d. -f1)" | |
| minor="$(echo "$clean_version" | cut -d. -f2)" | |
| patch="$(echo "$clean_version" | cut -d. -f3)" | |
| echo "version=$clean_version" >> "$GITHUB_OUTPUT" | |
| echo "major=$major" >> "$GITHUB_OUTPUT" | |
| echo "minor=$minor" >> "$GITHUB_OUTPUT" | |
| echo "patch=$patch" >> "$GITHUB_OUTPUT" | |
| - name: Docker meta | |
| uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: | | |
| ghcr.io/gdatasoftwareag/vaas/git-scan | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ steps.extract_version.outputs.version }} | |
| type=semver,pattern={{major}}.{{minor}},value=${{ steps.extract_version.outputs.major }}.${{ steps.extract_version.outputs.minor }} | |
| type=semver,pattern={{major}},value=${{ steps.extract_version.outputs.major }} | |
| flavor: | | |
| latest=auto | |
| - name: login to ghcr.io/gdatasoftwareag | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_USERNAME }} | |
| password: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_PASSWORD }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: "golang/vaas/${{ env.LATEST_PATH }}" | |
| file: "golang/vaas/${{ env.LATEST_PATH }}git-scan.Dockerfile" | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} |