chore(go): enforce package coverage gates

2026-03-21 11:14:40 +00:00
parent 692e205a63
commit ad5196420e
4 changed files with 177 additions and 3 deletions
--- a/.gitea/workflows/pr-validation.yml
+++ b/.gitea/workflows/pr-validation.yml
@@ -59,13 +59,68 @@ jobs:
        run: |
          set -euo pipefail

-          go test -covermode=atomic -coverprofile=coverage.out ./...
+          go test -covermode=atomic -coverprofile=coverage.out ./... | tee go-test-coverage.log
          go tool cover -html=coverage.out -o coverage.html

          total="$(go tool cover -func=coverage.out | awk '/^total:/ {sub(/%/, "", $3); print $3}')"
          printf '{\n  "total": "%s"\n}\n' "$total" > coverage-summary.json
          printf 'total=%s\n' "$total" >> "$GITHUB_OUTPUT"

+          set +e
+          awk '
+            /^ok[[:space:]]/ && /coverage: [0-9.]+% of statements/ {
+              pkg = $2
+              cov = $0
+              sub(/^.*coverage: /, "", cov)
+              sub(/% of statements.*$/, "", cov)
+              status = "target"
+              if (cov + 0 < 50) {
+                status = "fail"
+                fail = 1
+              } else if (cov + 0 < 65) {
+                status = "high-risk"
+              } else if (cov + 0 < 80) {
+                status = "warning"
+              }
+              printf "%s %.1f %s\n", pkg, cov + 0, status
+            }
+            END {
+              if (fail) {
+                exit 2
+              }
+            }
+          ' go-test-coverage.log > coverage-packages.raw
+          package_gate_status=$?
+          set -e
+
+          {
+            echo '| Package | Coverage | Status |'
+            echo '| --- | ---: | --- |'
+          } > coverage-packages.md
+
+          while read -r pkg cov status; do
+            case "$status" in
+              fail)
+                pretty='FAIL (<50%)'
+                ;;
+              high-risk)
+                pretty='High risk (50%-64.99%)'
+                ;;
+              warning)
+                pretty='Warning (65%-79.99%)'
+                ;;
+              *)
+                pretty='Target (>=80%)'
+                ;;
+            esac
+            printf '| `%s` | %.1f%% | %s |\n' "$pkg" "$cov" "$pretty" >> coverage-packages.md
+          done < coverage-packages.raw
+
+          if [[ "$package_gate_status" -ne 0 ]]; then
+            echo "Per-package coverage gate failed: one or more packages are below 50%." >&2
+            exit 1
+          fi
+
      - name: Run security analysis
        run: |
          set -euo pipefail
@@ -172,6 +227,9 @@ jobs:
            echo '- Total: `${{ steps.coverage.outputs.total }}%`'
            echo '- Report: ${{ steps.upload.outputs.report_url }}'
            echo '- Badge: ${{ steps.upload.outputs.badge_url }}'
+            echo
+            echo '### Package Coverage'
+            cat coverage-packages.md
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Run behavior suite
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -51,13 +51,68 @@ jobs:
        run: |
          set -euo pipefail

-          go test -covermode=atomic -coverprofile=coverage.out ./...
+          go test -covermode=atomic -coverprofile=coverage.out ./... | tee go-test-coverage.log
          go tool cover -html=coverage.out -o coverage.html

          total="$(go tool cover -func=coverage.out | awk '/^total:/ {sub(/%/, "", $3); print $3}')"
          printf '{\n  "total": "%s"\n}\n' "$total" > coverage-summary.json
          printf 'total=%s\n' "$total" >> "$GITHUB_OUTPUT"

+          set +e
+          awk '
+            /^ok[[:space:]]/ && /coverage: [0-9.]+% of statements/ {
+              pkg = $2
+              cov = $0
+              sub(/^.*coverage: /, "", cov)
+              sub(/% of statements.*$/, "", cov)
+              status = "target"
+              if (cov + 0 < 50) {
+                status = "fail"
+                fail = 1
+              } else if (cov + 0 < 65) {
+                status = "high-risk"
+              } else if (cov + 0 < 80) {
+                status = "warning"
+              }
+              printf "%s %.1f %s\n", pkg, cov + 0, status
+            }
+            END {
+              if (fail) {
+                exit 2
+              }
+            }
+          ' go-test-coverage.log > coverage-packages.raw
+          package_gate_status=$?
+          set -e
+
+          {
+            echo '| Package | Coverage | Status |'
+            echo '| --- | ---: | --- |'
+          } > coverage-packages.md
+
+          while read -r pkg cov status; do
+            case "$status" in
+              fail)
+                pretty='FAIL (<50%)'
+                ;;
+              high-risk)
+                pretty='High risk (50%-64.99%)'
+                ;;
+              warning)
+                pretty='Warning (65%-79.99%)'
+                ;;
+              *)
+                pretty='Target (>=80%)'
+                ;;
+            esac
+            printf '| `%s` | %.1f%% | %s |\n' "$pkg" "$cov" "$pretty" >> coverage-packages.md
+          done < coverage-packages.raw
+
+          if [[ "$package_gate_status" -ne 0 ]]; then
+            echo "Per-package coverage gate failed: one or more packages are below 50%." >&2
+            exit 1
+          fi
+
      - name: Run security analysis
        run: |
          set -euo pipefail
@@ -128,6 +183,9 @@ jobs:
            echo '- Total: `${{ steps.coverage.outputs.total }}%`'
            echo '- Report: ${{ steps.upload.outputs.report_url }}'
            echo '- Badge: ${{ steps.upload.outputs.badge_url }}'
+            echo
+            echo '### Package Coverage'
+            cat coverage-packages.md
          } >> "$GITHUB_STEP_SUMMARY"

      - name: Run behavior suite on main pushes