aether/vociferate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity
Files
f52ca179ac22dcd143659108b73cc70cd1375218
vociferate/.gitea/workflows/push-validation.yml
Micheal Wilkinson f52ca179ac
Some checks failed
Push Validation / recommend-release (push) Has been cancelled
Details
Push Validation / coverage-badge (push) Has been cancelled
Details
chore(workflows): use go-version-file for setup-go
2026-03-21 16:25:40 +00:00

167 lines
4.6 KiB
YAML
Raw Blame History

name: Push Validation
on:
push:
branches:
- "**"
tags-ignore:
- "*"
jobs:
coverage-badge:
runs-on: ubuntu-latest
container: docker.io/catthehacker/ubuntu:act-latest
defaults:
run:
shell: bash
env:
ARTEFACT_BUCKET_NAME: ${{ vars.ARTEFACT_BUCKET_NAME }}
ARTEFACT_BUCKET_ENDPONT: ${{ vars.ARTEFACT_BUCKET_ENDPONT }}
ARTEFACT_BUCKET_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }}
AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
AWS_EC2_METADATA_DISABLED: true
SUMMARY_FILE: ${{ runner.temp }}/push-validation-summary.md
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: false
cache: true
cache-dependency-path: go.sum
- name: Validate formatting
run: test -z "$(gofmt -l .)"
- name: Module hygiene
run: |
set -euo pipefail
go mod tidy
if ! go mod verify; then
echo "go mod verify failed; refreshing module cache and retrying" >&2
go clean -modcache
go mod download
go mod verify
fi
- name: Restore cached gosec binary
id: cache-gosec
uses: actions/cache@v4
with:
path: ${{ runner.temp }}/gosec-bin
key: gosec-v2.22.4-${{ runner.os }}-${{ runner.arch }}
- name: Install gosec binary
if: steps.cache-gosec.outputs.cache-hit != 'true'
run: |
set -euo pipefail
mkdir -p "${RUNNER_TEMP}/gosec-bin"
GOBIN="${RUNNER_TEMP}/gosec-bin" go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
- name: Run gosec security analysis
run: |
set -euo pipefail
"${RUNNER_TEMP}/gosec-bin/gosec" ./...
- name: Run govulncheck
uses: golang/govulncheck-action@v1.0.4
with:
go-version-file: go.mod
check-latest: false
go-package: ./...
cache: true
cache-dependency-path: go.sum
- name: Run full unit test suite with coverage
run: |
set -euo pipefail
go test -covermode=atomic -coverprofile=coverage.out ./...
- name: Publish coverage badge artefacts
id: coverage
uses: ./coverage-badge
with:
artefact-bucket-name: ${{ vars.ARTEFACT_BUCKET_NAME }}
artefact-bucket-endpoint: ${{ vars.ARTEFACT_BUCKET_ENDPONT }}
summary-file: ${{ env.SUMMARY_FILE }}
- name: Summary
if: ${{ always() }}
run: |
set -euo pipefail
echo 'Summary'
echo
if [[ -s "$SUMMARY_FILE" ]]; then
cat "$SUMMARY_FILE"
else
echo 'No summary generated.'
fi
recommend-release:
runs-on: ubuntu-latest
container: docker.io/catthehacker/ubuntu:act-latest
needs: coverage-badge
if: ${{ github.ref == 'refs/heads/main' }}
defaults:
run:
shell: bash
env:
SUMMARY_FILE: ${{ runner.temp }}/push-validation-recommend-summary.md
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: false
cache: true
cache-dependency-path: go.sum
- name: Recommend next release tag on main pushes
run: |
set -euo pipefail
if recommended_tag="$(go run ./cmd/vociferate --recommend --root . 2>release-recommendation.err)"; then
{
echo
echo '## Release Recommendation'
echo
echo "- Recommended next tag: \`${recommended_tag}\`"
} >> "$SUMMARY_FILE"
else
recommendation_error="$(tr '\n' ' ' < release-recommendation.err | sed 's/[[:space:]]\+/ /g' | sed 's/^ //; s/ $//')"
echo "::warning::${recommendation_error}"
{
echo
echo '## Release Recommendation'
echo
echo "- No recommended tag emitted: ${recommendation_error}"
} >> "$SUMMARY_FILE"
fi
- name: Summary
if: ${{ always() }}
run: |
set -euo pipefail
echo 'Summary'
echo
if [[ -s "$SUMMARY_FILE" ]]; then
cat "$SUMMARY_FILE"
else
echo 'No summary generated.'
fi
Reference in New Issue View Git Blame Copy Permalink