144 lines
3.9 KiB
YAML
144 lines
3.9 KiB
YAML
name: Push Validation
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- "**"
|
|
tags-ignore:
|
|
- "*"
|
|
|
|
jobs:
|
|
coverage-badge:
|
|
runs-on: ubuntu-latest
|
|
container: docker.io/catthehacker/ubuntu:act-latest
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
env:
|
|
ARTEFACT_BUCKET_NAME: ${{ vars.ARTEFACT_BUCKET_NAME }}
|
|
ARTEFACT_BUCKET_ENDPONT: ${{ vars.ARTEFACT_BUCKET_ENDPONT }}
|
|
ARTEFACT_BUCKET_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.ARTEFACT_BUCKET_WRITE_ACCESS_SECRET }}
|
|
AWS_DEFAULT_REGION: ${{ vars.ARTEFACT_BUCKET_REGION }}
|
|
AWS_EC2_METADATA_DISABLED: true
|
|
SUMMARY_FILE: ${{ runner.temp }}/push-validation-summary.md
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.26.1'
|
|
check-latest: true
|
|
cache: true
|
|
cache-dependency-path: go.sum
|
|
|
|
- name: Validate formatting
|
|
run: test -z "$(gofmt -l .)"
|
|
|
|
- name: Module hygiene
|
|
run: |
|
|
set -euo pipefail
|
|
go mod tidy
|
|
go mod verify
|
|
|
|
- name: Run gosec security analysis
|
|
uses: securego/gosec@v2.22.4
|
|
with:
|
|
args: ./...
|
|
|
|
- name: Run govulncheck
|
|
uses: golang/govulncheck-action@v1.0.4
|
|
with:
|
|
go-package: ./...
|
|
cache: true
|
|
cache-dependency-path: go.sum
|
|
|
|
- name: Run full unit test suite with coverage
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
go test -covermode=atomic -coverprofile=coverage.out ./...
|
|
|
|
- name: Publish coverage badge artefacts
|
|
id: coverage
|
|
uses: ./coverage-badge
|
|
with:
|
|
artefact-bucket-name: ${{ vars.ARTEFACT_BUCKET_NAME }}
|
|
artefact-bucket-endpoint: ${{ vars.ARTEFACT_BUCKET_ENDPONT }}
|
|
summary-file: ${{ env.SUMMARY_FILE }}
|
|
|
|
- name: Summary
|
|
if: ${{ always() }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
echo 'Summary'
|
|
echo
|
|
|
|
if [[ -s "$SUMMARY_FILE" ]]; then
|
|
cat "$SUMMARY_FILE"
|
|
else
|
|
echo 'No summary generated.'
|
|
fi
|
|
|
|
recommend-release:
|
|
runs-on: ubuntu-latest
|
|
container: docker.io/catthehacker/ubuntu:act-latest
|
|
needs: coverage-badge
|
|
if: ${{ github.ref == 'refs/heads/main' }}
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
env:
|
|
SUMMARY_FILE: ${{ runner.temp }}/push-validation-recommend-summary.md
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.26.1'
|
|
check-latest: true
|
|
cache: true
|
|
cache-dependency-path: go.sum
|
|
|
|
- name: Recommend next release tag on main pushes
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if recommended_tag="$(go run ./cmd/vociferate --recommend --root . 2>release-recommendation.err)"; then
|
|
{
|
|
echo
|
|
echo '## Release Recommendation'
|
|
echo
|
|
echo "- Recommended next tag: \`${recommended_tag}\`"
|
|
} >> "$SUMMARY_FILE"
|
|
else
|
|
recommendation_error="$(tr '\n' ' ' < release-recommendation.err | sed 's/[[:space:]]\+/ /g' | sed 's/^ //; s/ $//')"
|
|
echo "::warning::${recommendation_error}"
|
|
{
|
|
echo
|
|
echo '## Release Recommendation'
|
|
echo
|
|
echo "- No recommended tag emitted: ${recommendation_error}"
|
|
} >> "$SUMMARY_FILE"
|
|
fi
|
|
|
|
- name: Summary
|
|
if: ${{ always() }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
echo 'Summary'
|
|
echo
|
|
|
|
if [[ -s "$SUMMARY_FILE" ]]; then
|
|
cat "$SUMMARY_FILE"
|
|
else
|
|
echo 'No summary generated.'
|
|
fi
|