Merge branch 'main' into dependabot/github_actions/actions/setup-go-6 #44
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | ||
|
Check failure on line 1 in .github/workflows/ci.yml
|
||
| on: | ||
| push: | ||
| branches: [ main, develop ] | ||
| pull_request: | ||
| branches: [ main, develop ] | ||
| env: | ||
| GO_VERSION: '1.19' | ||
| DOCKER_BUILDKIT: 1 | ||
| jobs: | ||
| lint: | ||
| name: Lint | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Set up Go | ||
| uses: actions/setup-go@v6 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Run golangci-lint | ||
| uses: golangci/golangci-lint-action@v3 | ||
| with: | ||
| version: latest | ||
| args: --timeout=5m | ||
| test: | ||
| name: Test | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| component: | ||
| - decub-control-plane | ||
| - decub-gcl/go | ||
| - decub-gossip | ||
| - decub-cas | ||
| - decub-catalog | ||
| - decub-snapshot | ||
| - decub-object-storage | ||
| - rechain | ||
| - decube | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Set up Go | ||
| uses: actions/setup-go@v6 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Cache Go modules | ||
| uses: actions/cache@v5 | ||
| with: | ||
| path: ~/go/pkg/mod | ||
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-go- | ||
| - name: Check if component exists | ||
| id: check_component | ||
| run: | | ||
| if [ ! -f "${{ matrix.component }}/go.mod" ]; then | ||
| echo "exists=false" >> $GITHUB_OUTPUT | ||
| echo "Component ${{ matrix.component }} does not have go.mod, skipping" | ||
| else | ||
| echo "exists=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Download dependencies | ||
| if: steps.check_component.outputs.exists == 'true' | ||
| working-directory: ${{ matrix.component }} | ||
| run: go mod download | ||
| - name: Run tests | ||
| if: steps.check_component.outputs.exists == 'true' | ||
| working-directory: ${{ matrix.component }} | ||
| run: go test -v -race -coverprofile=coverage.out ./... || true | ||
| continue-on-error: true | ||
| - name: Upload coverage | ||
| if: steps.check_component.outputs.exists == 'true' && always() | ||
| uses: codecov/codecov-action@v3 | ||
| with: | ||
| file: ./${{ matrix.component }}/coverage.out | ||
| flags: ${{ matrix.component }} | ||
| fail_ci_if_error: false | ||
| build: | ||
| name: Build | ||
| runs-on: ubuntu-latest | ||
| needs: [lint, test] | ||
| strategy: | ||
| matrix: | ||
| component: | ||
| - decub-control-plane | ||
| - decub-gcl/go | ||
| - decub-gossip | ||
| - decub-cas | ||
| - decub-catalog | ||
| - decub-snapshot | ||
| - decub-object-storage | ||
| - rechain | ||
| - decube | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Set up Go | ||
| uses: actions/setup-go@v6 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Check if component exists | ||
| id: check_component | ||
| run: | | ||
| if [ ! -f "${{ matrix.component }}/go.mod" ]; then | ||
| echo "exists=false" >> $GITHUB_OUTPUT | ||
| echo "Component ${{ matrix.component }} does not have go.mod, skipping" | ||
| else | ||
| echo "exists=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Build | ||
| if: steps.check_component.outputs.exists == 'true' | ||
| working-directory: ${{ matrix.component }} | ||
| run: go build -v ./... | ||
| continue-on-error: true | ||
| - name: Upload artifacts | ||
| if: steps.check_component.outputs.exists == 'true' && always() | ||
| uses: actions/upload-artifact@v6 | ||
| with: | ||
| name: ${{ matrix.component }} | ||
| path: ${{ matrix.component }}/* | ||
| if-no-files-found: ignore | ||
| docker: | ||
| name: Docker Build | ||
| runs-on: ubuntu-latest | ||
| needs: [build] | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKER_USERNAME }} | ||
| password: ${{ secrets.DOCKER_PASSWORD }} | ||
| if: github.event_name != 'pull_request' && secrets.DOCKER_USERNAME != '' | ||
| continue-on-error: true | ||
| - name: Build and push | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| context: . | ||
| push: ${{ github.event_name != 'pull_request' && secrets.DOCKER_USERNAME != '' }} | ||
| tags: decube:${{ github.sha }} | ||
| cache-from: type=registry,ref=decube:latest | ||
| cache-to: type=inline | ||
| continue-on-error: true | ||
| security: | ||
| name: Security Scan | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| security-events: write | ||
| contents: read | ||
| steps: | ||
| - uses: actions/checkout@v6 | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| scan-type: 'fs' | ||
| scan-ref: '.' | ||
| format: 'sarif' | ||
| output: 'trivy-results.sarif' | ||
| exit-code: '0' | ||
| - name: Upload Trivy results to GitHub Security | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: 'trivy-results.sarif' | ||
| continue-on-error: true | ||
