Keymaster/.github/workflows/ci.yml at f9ac0277a2b12310acc444bad04f89265a4fe291 · ToeiRei/Keymaster · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: CI

permissions:
  contents: write

on:
  push:
    branches: [ main ]
    tags:
      # Run on all tags except for release tags (e.g. v1.2.3)
      - '!v[0-9]+.[0-9]+.[0-9]+'
  pull_request:
    branches: [ main ]

jobs:
  test:
    name: Run tests
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.25.1'
      - name: Cache Go modules
        uses: actions/cache@v5
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
      - name: Install tools
        run: |
          go install github.com/golang-migrate/migrate/v4/cmd/migrate@latest
      - name: Check formatting
        run: |
          echo 'Checking gofmt...'
          UNFORMATTED=$(gofmt -s -l .)
          if [ -n "${UNFORMATTED}" ]; then
            echo "gofmt found unformatted files:" && echo "$UNFORMATTED"
            exit 1
          fi
      - name: Run golangci-lint
        uses: golangci/golangci-lint-action@v4
        continue-on-error: true
        with:
          version: v1.59.0
          # Use colored-line-number output and skip directories that cause typechecking
          args: run ./... --out-format=colored-line-number --skip-dirs=tools,internal/i18n/locales,testdata
      - name: Static vet
        run: go vet ./...
      - name: Run tests (race on Linux, coverage)
        run: |
          echo "Running tests with race detector on Linux, fallback to non-race on other OS"
          if [ "${{ runner.os }}" = "Linux" ]; then
            sudo apt-get update && sudo apt-get install -y build-essential
            export CGO_ENABLED=1
            go test ./... -v -race -coverprofile=coverage.out
          else
            go test ./... -v -coverprofile=coverage.out
          fi
      - name: Generate coverage badge (self-contained)
        run: |
          set -euo pipefail
          if [ -f coverage.out ]; then
            pct=$(go tool cover -func=coverage.out | awk '/total:/ {print $3}')
          else
            pct="0.0%"
          fi
          pct_num=$(echo "$pct" | tr -d '%')
          color=$(awk -v p="$pct_num" 'BEGIN{p+=0; if(p>=90) print "#4c1"; else if(p>=75) print "#dfb317"; else print "#e05d44"}')
          cat > coverage.svg <<SVG
          <svg xmlns="http://www.w3.org/2000/svg" width="120" height="20">
            <rect width="70" height="20" fill="#555"/>
            <rect x="70" width="50" height="20" fill="${color}"/>
            <rect rx="3" width="120" height="20" fill="transparent"/>
            <g fill="#fff" font-family="Verdana" font-size="11">
              <text x="10" y="14">coverage</text>
              <text x="78" y="14">${pct}</text>
            </g>
          </svg>
          SVG
      - name: Upload coverage
        uses: actions/upload-artifact@v6
        with:
          name: coverage
          path: coverage.out
      - name: Upload coverage badge
        uses: actions/upload-artifact@v6
        with:
          name: coverage-badge
          path: coverage.svg

      - name: Commit coverage badge
        if: github.actor != 'github-actions[bot]' && github.ref == 'refs/heads/main'
        run: |
          if [ -f coverage.svg ]; then
            git config user.name "github-actions[bot]"
            git config user.email "github-actions[bot]@users.noreply.github.com"
            git add coverage.svg
            if git diff --cached --quiet; then
              echo "No changes to coverage.svg"
            else
              git commit -m "ci: update coverage badge"
              git push origin HEAD:refs/heads/main
            fi
          else
            echo "coverage.svg not found, skipping"
          fi

  build:
    name: Build binary with version
    runs-on: ubuntu-latest
    needs: test
    steps:
      - uses: actions/checkout@v6
      - name: Set up Go
        uses: actions/setup-go@v6
        with:
          go-version: '1.25.1'
      - name: Compute version and git sha
        id: ver
        run: |
          echo "GITHUB_REF=${GITHUB_REF}"
          GIT_SHA=$(git rev-parse --short=8 HEAD)
          echo "git_sha=$GIT_SHA" >> $GITHUB_OUTPUT
          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
            TAG=${GITHUB_REF#refs/tags/}
            echo "tag=$TAG" >> $GITHUB_OUTPUT
            # Version string: <tag> (sha)
            VERSION="$TAG ($GIT_SHA)"
          else
            VERSION="$GIT_SHA"
          fi
          echo "version=$VERSION" >> $GITHUB_OUTPUT
      - name: Build
        run: |
          echo "Building with version ${{ steps.ver.outputs.version }} (git ${GITHUB_SHA::8})"
          BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          go build -ldflags "-X main.version='${{ steps.ver.outputs.version }}' -X main.gitCommit='${{ steps.ver.outputs.git_sha }}' -X main.buildDate='${BUILD_DATE}'" -o keymaster ./cmd/keymaster
      - name: Upload binary
        uses: actions/upload-artifact@v6
        with:
          name: keymaster-${{ steps.ver.outputs.version }}
          path: keymaster