Feature: Moving to pure Dagger based CI/CD Pipeline from Goreleaser #1320

Workflow file for this run

.github/workflows/default.yaml at 8d74804

	name: Main and Pull Request Pipeline

	on:
	push:
	branches: [main]
	tags:
	- "v..*"
	pull_request:
	paths-ignore:
	- "*.md"
	- "assets/**"

	permissions:
	contents: write

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Dagger Version
	uses: sagikazarmark/[email protected]

	- name: Generate Document
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: run-doc --source=. export --path=doc

	- name: Check for changes
	run: \|
	# Check if any docs have been modified
	changed_files=$(git ls-files --others --modified --deleted --exclude-standard)

	# If there are files changed, fail the workflow
	if [ -n "$changed_files" ]; then
	echo "file changes found"
	echo "please check if docs were added for new commands or updated for new commands"
	echo "$changed_files"
	exit 1 # This will fail the workflow
	else
	echo "No file changes found."
	fi
	continue-on-error: false

	- name: Run Dagger golangci-lint
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: lint-report --source=. export --path=golangci-lint.report

	- name: Generate lint summary
	run: \|
	echo "<h2> 📝 Lint results</h2>" >> $GITHUB_STEP_SUMMARY
	cat golangci-lint.report >> $GITHUB_STEP_SUMMARY
	# Check if the lint report contains any content (error or issues)
	if [ -s golangci-lint.report ]; then
	# If the file contains content, output an error message and exit with code 1
	echo "⚠️ Linting issues found!" >> $GITHUB_STEP_SUMMARY
	exit 1
	fi

	# - uses: reviewdog/action-setup@v1
	# - name: Run Reviewdog
	# env:
	# REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# run: \|
	# reviewdog -f=sarif -name="Golang Linter Report" -reporter=github-check -filter-mode nofilter -fail-level any -tee < golangci-lint-report.sarif

	vulnerability-check:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Dagger Version
	uses: sagikazarmark/[email protected]

	- name: Run Vulnerability Check
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: vulnerability-check-report --source=. export --path=vulnerability-check.report

	- name: Generate vulnerability summary
	run: \|
	echo "<h2> 🔒 Vulnerability Check Results</h2>" >> $GITHUB_STEP_SUMMARY
	cat vulnerability-check.report >> $GITHUB_STEP_SUMMARY
	# Check if the lint report contains any content (error or issues)
	if ! grep -q "No vulnerabilities found." vulnerability-check.report; then
	# If the file contains content, output an error message and exit with code 1
	echo "⚠️ Linting issues found!" >> $GITHUB_STEP_SUMMARY
	exit 1
	fi

	test-code:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repo
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Run Tests
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: test-report --source=. export --path=TestReport.json

	- name: Summarize Tests
	uses: robherley/[email protected]
	with:
	fromJSONFile: TestReport.json

	- name: Run Test Coverage Report
	if: github.event_name == 'pull_request'
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: test-coverage-report --source=. export --path=coverage-report.md

	- name: Add coverage to step summary
	if: github.event_name == 'pull_request'
	run: cat coverage-report.md >> $GITHUB_STEP_SUMMARY

	- name: Run Test Coverage
	if: github.event_name == 'pull_request'
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: test-coverage --source=. export --path=coverage.out

	- uses: codecov/codecov-action@v5
	if: github.event_name == 'pull_request'
	with:
	verbose: true
	env:
	CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

	- name: Build Binary
	uses: dagger/dagger-for-github@v7
	with:
	version: ${{ steps.dagger_version.outputs.version }}
	verb: call
	args: build-dev --source=. --platform linux/amd64 export --path=./harbor-dev

	push-latest-images:
	needs:
	- lint
	- test-code
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	steps:
	- name: Print GitHub ref for debugging
	run: \|
	echo "GitHub ref: $GITHUB_REF"

	- name: Checkout repo
	if: github.event_name == 'push' && (github.ref == 'refs/heads/main')
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Publish and Sign Snapshot Image
	if: github.event_name == 'push' && (github.ref == 'refs/heads/main')
	uses: ./.github/actions/publish-and-sign
	with:
	IMAGE_TAGS: latest
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
	REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }}
	REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }}

	publish-release:
	needs:
	- lint
	- test-code
	permissions:
	contents: write
	packages: write
	id-token: write
	runs-on: ubuntu-latest
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	steps:
	- name: Checkout repo
	if: github.event_name == 'push' && (github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/'))
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Checkout repo
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Create Build Dir
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	run: mkdir -p dist

	- name: Building Binaries
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	with:
	version: "latest"
	verb: call
	args: "build --build-dir=./dist export --path=./dist"

	- name: Archiving Binaries
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	with:
	version: "latest"
	verb: call
	args: "archive --build-dir=./dist export --path=./dist"

	- name: NFPM Build (deb/rpm)
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	with:
	version: "latest"
	verb: call
	args: "nfpm-build --build-dir=./dist export --path=./dist"

	- name: Creating Checksum
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	with:
	version: "latest"
	verb: call
	args: "checksum --build-dir=./dist export --path=./dist"

	- name: Publish Release
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	version: "latest"
	verb: call
	args: "publish-release --build-dir=./dist --token=env://GITHUB_TOKEN "

	- name: Apt Build
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: dagger/dagger-for-github@v7
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	version: "latest"
	verb: call
	args: "apt-build --build-dir=./dist --token=env://GITHUB_TOKEN "

	- name: Upload Build Artifact
	uses: actions/upload-artifact@v4
	with:
	name: build-dir
	path: ./dist

	- name: Publish and Sign Tagged Image
	if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/'))
	uses: ./.github/actions/publish-and-sign
	with:
	IMAGE_TAGS: "latest,${{ github.ref_name }}"
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
	REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }}
	REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }}
	BUILD_DIR: "./dist"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Feature: Moving to pure Dagger based CI/CD Pipeline from Goreleaser #1320

Workflow file

Feature: Moving to pure Dagger based CI/CD Pipeline from Goreleaser #1320

Uh oh!

Workflow file for this run