Prepare for v1.0.2 release #177
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.26.2' | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Run tests | |
| run: go test -v -race -coverprofile=coverage.out ./... | |
| - name: Upload coverage | |
| uses: codecov/codecov-action@v6 | |
| with: | |
| files: ./coverage.out | |
| fail_ci_if_error: false | |
| continue-on-error: true | |
| integration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.26.2' | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Run integration tests | |
| working-directory: ./test | |
| run: go test -v -tags=integration -timeout=5m ./... | |
| e2e: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: '1.26.2' | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Run E2E tests | |
| working-directory: ./test | |
| run: go test -v -tags=e2e -timeout=5m ./... | |
| docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Log in to GitHub Container Registry | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set build metadata | |
| id: build_meta | |
| run: | | |
| if [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
| echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT | |
| else | |
| echo "VERSION=dev-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| fi | |
| echo "COMMIT=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| echo "DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT | |
| echo "BUILT_BY=github-actions" >> $GITHUB_OUTPUT | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v6 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build image for scanning | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| target: production | |
| load: true | |
| tags: roji:release-scan | |
| build-args: | | |
| VERSION=${{ steps.build_meta.outputs.VERSION }} | |
| COMMIT=${{ steps.build_meta.outputs.COMMIT }} | |
| DATE=${{ steps.build_meta.outputs.DATE }} | |
| BUILT_BY=${{ steps.build_meta.outputs.BUILT_BY }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'roji:release-scan' | |
| format: 'table' | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' | |
| ignore-unfixed: true | |
| - name: Build and push Docker image | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: . | |
| target: production | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| VERSION=${{ steps.build_meta.outputs.VERSION }} | |
| COMMIT=${{ steps.build_meta.outputs.COMMIT }} | |
| DATE=${{ steps.build_meta.outputs.DATE }} | |
| BUILT_BY=${{ steps.build_meta.outputs.BUILT_BY }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |