fix(lint): resolve all 22 golangci-lint errors #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: [main, develop] | |
| pull_request: | |
| branches: [main, develop] | |
| env: | |
| GO_VERSION: '1.25.5' | |
| COVERAGE_THRESHOLD: 70 | |
| jobs: | |
| lint: | |
| name: Lint Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| cache-dependency-path: core/go.sum | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v8 | |
| with: | |
| version: v2.7.2 | |
| working-directory: core | |
| args: --timeout=5m --config=.golangci.yml | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| cache-dependency-path: core/go.sum | |
| - name: Download dependencies | |
| working-directory: core | |
| run: go mod download | |
| - name: Run tests with coverage | |
| working-directory: core | |
| run: | | |
| go test -v -race -coverprofile=coverage.out -covermode=atomic ./... | |
| go tool cover -func=coverage.out | |
| - name: Check coverage threshold (warning only) | |
| working-directory: core | |
| continue-on-error: true | |
| run: | | |
| COVERAGE=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//') | |
| echo "📊 Current coverage: ${COVERAGE}%" | |
| if (( $(echo "$COVERAGE < ${{ env.COVERAGE_THRESHOLD }}" | bc -l) )); then | |
| echo "⚠️ Warning: Coverage ${COVERAGE}% is below threshold ${{ env.COVERAGE_THRESHOLD }}%" | |
| echo "::warning::Code coverage (${COVERAGE}%) is below the recommended threshold (${{ env.COVERAGE_THRESHOLD }}%)" | |
| else | |
| echo "✅ Coverage meets threshold" | |
| fi | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./core/coverage.out | |
| flags: unittests | |
| name: codecov-apprun | |
| fail_ci_if_error: false | |
| build: | |
| name: Build Application | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| cache-dependency-path: core/go.sum | |
| - name: Build binary | |
| working-directory: core | |
| run: | | |
| go build -v -o bin/apprun-core ./cmd/server | |
| - name: Test binary execution | |
| working-directory: core | |
| run: | | |
| ./bin/apprun-core --version || echo "Version command not implemented yet" | |
| scan-docker-image: | |
| name: Build Docker Image & Security Scan | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| cache-dependency-path: core/go.sum | |
| - name: Run govulncheck (dependency vulnerabilities) | |
| uses: golang/govulncheck-action@v1 | |
| with: | |
| go-version-input: ${{ env.GO_VERSION }} | |
| go-package: ./... | |
| work-dir: core | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker image (multi-arch) | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile | |
| push: false | |
| tags: apprun:ci-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64 | |
| load: true | |
| build-args: | | |
| BASE_IMAGE=ghcr.io/websoft9/apprun-base:latest | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'image' | |
| image-ref: 'apprun:ci-test' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| exit-code: '0' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Check if Trivy results exist | |
| id: check_trivy | |
| run: | | |
| if [ -f "trivy-results.sarif" ]; then | |
| echo "file_exists=true" >> $GITHUB_OUTPUT | |
| echo "✅ Trivy SARIF file generated" | |
| else | |
| echo "file_exists=false" >> $GITHUB_OUTPUT | |
| echo "⚠️ Trivy SARIF file not generated (no vulnerabilities found or scan error)" | |
| fi | |
| - name: Upload Trivy results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v4 | |
| if: steps.check_trivy.outputs.file_exists == 'true' | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Run integration tests | |
| working-directory: tests/integration | |
| run: | | |
| if [ -f "run.sh" ]; then | |
| bash run.sh | |
| else | |
| echo "Integration tests not yet implemented" | |
| fi | |
| summary: | |
| name: CI Summary | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, build, scan-docker-image, integration-test] | |
| if: always() | |
| permissions: | |
| actions: write | |
| steps: | |
| - name: Check job status | |
| run: | | |
| echo "=== CI Pipeline Summary ===" | |
| echo "Lint: ${{ needs.lint.result }}" | |
| echo "Test: ${{ needs.test.result }}" | |
| echo "Build: ${{ needs.build.result }}" | |
| echo "Docker Build & Security: ${{ needs.scan-docker-image.result }}" | |
| echo "Integration Test: ${{ needs.integration-test.result }}" | |
| # Core jobs must pass | |
| if [[ "${{ needs.lint.result }}" != "success" ]] || \ | |
| [[ "${{ needs.test.result }}" != "success" ]] || \ | |
| [[ "${{ needs.build.result }}" != "success" ]] || \ | |
| [[ "${{ needs.scan-docker-image.result }}" != "success" ]]; then | |
| echo "❌ CI Pipeline failed" | |
| exit 1 | |
| fi | |
| echo "✅ CI Pipeline passed" | |
| echo "" | |
| echo "Note: Docker Build workflow will be triggered automatically via workflow_run on main/develop branches" |