feat(GPX-698): Refactor and cleanup #367
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish new release | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: | |
| - '*' | |
| pull_request: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '20 8 * * 4' | |
| jobs: | |
| golangci: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.20' | |
| cache: true | |
| - uses: actions/checkout@v3 | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| # Optional: golangci-lint command line arguments. | |
| args: --issues-exit-code=1 --timeout=5m --disable typecheck | |
| - name: go vet | |
| run: go vet ./... | |
| scan-code: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| scanners: 'vuln,secret,config' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH, MEDIUM, LOW' | |
| exit-code: '1' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| category: 'code' | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ./.cache # Note that this path is not influenced by working-directory set in defaults, for example | |
| key: multena-proxy-${{ github.run_id }} | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.20.0' | |
| cache: true | |
| - name: Install dependencies | |
| run: go get . | |
| - name: Build | |
| run: go build -ldflags="-X main.Commit=$(git rev-parse HEAD)" -o . -v ./... | |
| - name: Copy build | |
| run: mkdir ./.cache && cp ./multena-proxy ./.cache/multena-proxy | |
| - name: Test | |
| run: go test -v ./... | |
| push: | |
| needs: [ build-and-test, scan-code, golangci ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: ./.cache # Note that this path is not influenced by working-directory set in defaults, for example | |
| key: multena-proxy-${{ github.run_id }} | |
| fail-on-cache-miss: true | |
| - name: move from cache | |
| run: mv ./.cache/multena-proxy ./multena-proxy | |
| - name: Set image name | |
| run: echo "IMAGE_ID=$(echo ${{ github.repository }} | tr '[A-Z]' '[a-z]')" >> $GITHUB_ENV | |
| - name: Autotag | |
| uses: phish108/autotag-action@v1.1.64 | |
| id: autotag | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| continue-on-error: true | |
| - name: Create a new release | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: ${{ steps.autotag.outputs.new-tag }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| continue-on-error: true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| # list of Docker images to use as base name for tags | |
| images: | | |
| ghcr.io/${{ env.IMAGE_ID }} | |
| # generate Docker tags based on the following events/attributes | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=semver,pattern={{version}},value=${{ steps.autotag.outputs.new-tag }} | |
| type=sha | |
| flavor: | | |
| latest=true | |
| - name: Buildah Action | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: ${{ env.IMAGE_NAME }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| containerfiles: | | |
| ./build/Containerfile | |
| - name: Log in to the GitHub Container registry | |
| uses: redhat-actions/podman-login@v1 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: push image to trivy | |
| run: | | |
| buildah push ${{ steps.build-image.outputs.image-with-tag }} oci:./multena-proxy-oci | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| input: './multena-proxy-oci' | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH, MEDIUM, LOW' | |
| exit-code: '1' | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| category: 'container' | |
| - name: Image digest | |
| run: echo ${{ steps.docker_build.outputs.digest }} | |
| - name: Push to GitHub Container Repository | |
| if: github.event_name != 'pull_request' | |
| id: push-to-ghcr | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ${{ env.REGISTRY }} |