vaas-golang-ci #829

Workflow file for this run

.github/workflows/ci-golang.yaml at cf09a7a

	name: vaas-golang-ci
	on:
	push:
	branches:
	- main
	paths:
	- "golang/vaas/**"
	- ".github/workflows/ci-golang.yaml"
	tags:
	- "golang/vaas/v..*"
	pull_request:
	branches:
	- main
	paths:
	- "golang/vaas/**"
	- ".github/workflows/ci-golang.yaml"
	workflow_dispatch:
	inputs:
	environment:
	type: choice
	description: "Test environment"
	options:
	- production
	- staging
	- develop
	default: "production"

	env:
	CLIENT_ID: ${{ secrets.CLIENT_ID }}
	CLIENT_SECRET: ${{secrets.CLIENT_SECRET}}
	VAAS_URL: "https://gateway.production.vaas.gdatasecurity.de"
	TOKEN_URL: "https://account.gdata.de/realms/vaas-production/protocol/openid-connect/token"
	VAAS_CLIENT_ID: ${{ secrets.VAAS_CLIENT_ID }}
	VAAS_USER_NAME: ${{ secrets.VAAS_USER_NAME }}
	VAAS_PASSWORD: ${{secrets.VAAS_PASSWORD}}

	jobs:
	extract-major-version:
	runs-on: ubuntu-latest
	outputs:
	major_version: ${{ steps.extract_major_version.outputs.major_version }}
	steps:
	- uses: actions/checkout@v5
	- name: Extract major version
	id: extract_major_version
	if: startsWith(github.ref, 'refs/tags')
	run: echo "major_version=$(echo ${GITHUB_REF#refs/tags/golang/vaas/} \| cut -d '.' -f 1)" >> "$GITHUB_OUTPUT"

	virus-scan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5
	- name: Scan for Viruses
	uses: ./.github/actions/vaas-scan-action
	with:
	VAAS_CLIENT_ID: ${{ secrets.VAAS_SCAN_CLIENT_ID }}
	VAAS_CLIENT_SECRET: ${{ secrets.VAAS_SCAN_CLIENT_SECRET }}

	build-golang:
	runs-on: ubuntu-latest
	container:
	image: golang:latest
	steps:
	- uses: actions/checkout@v5

	- name: set staging environment
	if: (inputs.environment == 'staging' \|\| (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-beta')))
	run: \|
	echo "Beta version: Testing against staging"
	echo "CLIENT_ID=${{ secrets.STAGING_CLIENT_ID }}" >> $GITHUB_ENV
	echo "CLIENT_SECRET=${{ secrets.STAGING_CLIENT_SECRET }}" >> $GITHUB_ENV
	echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token" >> $GITHUB_ENV
	echo "VAAS_URL=https://gateway.staging.vaas.gdatasecurity.de" >> $GITHUB_ENV
	echo "VAAS_CLIENT_ID=${{ secrets.STAGING_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
	echo "VAAS_USER_NAME=${{ secrets.STAGING_VAAS_USER_NAME }}" >> $GITHUB_ENV
	echo "VAAS_PASSWORD=${{ secrets.STAGING_VAAS_PASSWORD }}" >> $GITHUB_ENV

	- name: set develop environment
	if: (inputs.environment == 'develop' \|\| (startsWith(github.ref, 'refs/tags') && endsWith(github.ref, '-alpha')))
	run: \|
	echo "Alpha version: Testing against develop"
	echo "CLIENT_ID=${{ secrets.DEVELOP_CLIENT_ID }}" >> $GITHUB_ENV
	echo "CLIENT_SECRET=${{ secrets.DEVELOP_CLIENT_SECRET }}" >> $GITHUB_ENV
	echo "TOKEN_URL=https://account-staging.gdata.de/realms/vaas-develop/protocol/openid-connect/token" >> $GITHUB_ENV
	echo "VAAS_URL=https://gateway.develop.vaas.gdatasecurity.de" >> $GITHUB_ENV
	echo "VAAS_CLIENT_ID=${{ secrets.DEVELOP_VAAS_CLIENT_ID }}" >> $GITHUB_ENV
	echo "VAAS_USER_NAME=${{ secrets.DEVELOP_VAAS_USER_NAME }}" >> $GITHUB_ENV
	echo "VAAS_PASSWORD=${{ secrets.DEVELOP_VAAS_PASSWORD }}" >> $GITHUB_ENV

	- name: run tests
	run: go test -v -race ./...
	working-directory: golang/vaas/v3

	- name: Microsoft Teams Notification
	uses: skitionek/notify-microsoft-teams@master
	if: failure()
	with:
	webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
	title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
	job: ${{ toJson(job) }}
	steps: ${{ toJson(steps) }}

	codeql:
	runs-on: ubuntu-latest
	timeout-minutes: 360
	permissions:
	security-events: write
	actions: read
	contents: read

	steps:
	- name: Checkout repository
	uses: actions/checkout@v5

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v4
	with:
	languages: go

	- name: Autobuild
	uses: github/codeql-action/autobuild@v4

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v4
	with:
	category: "/language:go"

	- name: Microsoft Teams Notification
	uses: skitionek/notify-microsoft-teams@master
	if: failure()
	with:
	webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
	title: "`Failed codeql on for VaaS-SDK ${GITHUB_WORKFLOW}`"
	job: ${{ toJson(job) }}
	steps: ${{ toJson(steps) }}

	vulncheck:
	runs-on: ubuntu-latest
	container:
	image: golang:latest
	steps:
	- uses: actions/checkout@v5
	- name: Install govulncheck
	run: go install golang.org/x/vuln/cmd/govulncheck@latest
	shell: bash

	- name: Run govulncheck
	run: govulncheck ./...
	working-directory: golang/vaas/v3
	shell: bash

	- name: Microsoft Teams Notification
	uses: skitionek/notify-microsoft-teams@master
	if: failure()
	with:
	webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
	title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
	job: ${{ toJson(job) }}
	steps: ${{ toJson(steps) }}

	deploy:
	runs-on: ubuntu-latest
	needs:
	- extract-major-version
	- virus-scan
	- build-golang
	- codeql
	- vulncheck
	steps:
	- name: publish module
	env:
	MAJOR_VERSION: ${{ needs.extract-major-version.outputs.major_version }}
	if: startsWith(github.ref, 'refs/tags/golang/vaas/v3')
	run: \|
	GOPROXY=proxy.golang.org go list -m github.com/GDATASoftwareAG/vaas/golang/vaas/${MAJOR_VERSION}@${GITHUB_REF#refs/tags/golang/vaas/}


	- name: Microsoft Teams Notification
	uses: skitionek/notify-microsoft-teams@master
	if: failure()
	with:
	webhook_url: ${{ secrets.MSTEAMS_WEBHOOK }}
	title: "`Failed workflow on for VaaS-SDK vaas-golang-ci`"
	job: ${{ toJson(job) }}
	steps: ${{ toJson(steps) }}

	deploy-git-scan:
	if: startsWith(github.ref, 'refs/tags/golang/vaas/v1')
	needs:
	- extract-major-version
	- virus-scan
	- build-golang
	- codeql
	- vulncheck
	permissions:
	contents: read
	packages: write
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v5

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Extract version info
	id: extract_version
	run: \|
	raw_version="${GITHUB_REF##*/}"
	clean_version="${raw_version#v}"
	major="$(echo "$clean_version" \| cut -d. -f1)"
	minor="$(echo "$clean_version" \| cut -d. -f2)"
	patch="$(echo "$clean_version" \| cut -d. -f3)"

	echo "version=$clean_version" >> "$GITHUB_OUTPUT"
	echo "major=$major" >> "$GITHUB_OUTPUT"
	echo "minor=$minor" >> "$GITHUB_OUTPUT"
	echo "patch=$patch" >> "$GITHUB_OUTPUT"

	- name: Docker meta
	uses: docker/metadata-action@v5
	id: meta
	with:
	images: \|
	ghcr.io/gdatasoftwareag/vaas/git-scan
	tags: \|
	type=semver,pattern={{version}},value=${{ steps.extract_version.outputs.version }}
	type=semver,pattern={{major}}.{{minor}},value=${{ steps.extract_version.outputs.major }}.${{ steps.extract_version.outputs.minor }}
	type=semver,pattern={{major}},value=${{ steps.extract_version.outputs.major }}
	flavor: \|
	latest=auto

	- name: login to ghcr.io/gdatasoftwareag
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_USERNAME }}
	password: ${{ secrets.GHCR_IO_GDATASOFTWAREAG_PASSWORD }}

	- name: Build and push
	uses: docker/build-push-action@v6
	with:
	context: "golang/vaas/v3"
	file: "golang/vaas/v3/git-scan.Dockerfile"
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vaas-golang-ci #829

Workflow file

vaas-golang-ci #829

Uh oh!

Workflow file for this run