-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(#19): added the code check step for GoLang inside the GitHub Act…
…ions provider Signed-off-by: Felipe Rios <[email protected]>
- Loading branch information
1 parent
9199999
commit a1a11b3
Showing
21 changed files
with
309 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
## :vertical_traffic_light: Quality checklist | ||
|
||
- [ ] Did you add the changes in the `CHANGELOG.md`? |
File renamed without changes.
1 change: 0 additions & 1 deletion
1
.github/PULL_REQUEST_TEMPLATE/default.md → .github/pull_request_template/default.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,3 @@ | ||
## :vertical_traffic_light: Quality checklist | ||
|
||
- [ ] Did you add the changes in the `CHANGELOG.md`? | ||
- [ ] Are the tests passing? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# see the bottom of the file for more information¹ | ||
# the parent workflow is responsible for setting up the call events² | ||
on: | ||
workflow_call: | ||
|
||
# it wasn't needed to set up anything for GoLang because 'ubuntu-latest' has all dependencies | ||
jobs: | ||
# TODO: everything from the other file + fifth stage | ||
|
||
# fifth stage | ||
deployment: | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/deb-releaser@feat/#19' | ||
needs: [ 'tests-test_all' ] | ||
if: "(github.event_name == 'push' && github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/')" | ||
|
||
|
||
# 1 - this file MUST be inside ".github/workflows" because of GitHub Actions limitations | ||
# 2- the recommended events to trigger this work flow are: | ||
#on: | ||
# push: | ||
# branches: | ||
# - 'main' | ||
# tags: | ||
# - '*' | ||
# pull_request: | ||
# branches: | ||
# - 'main' | ||
# workflow_dispatch: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
# see the bottom of the file for more information¹ | ||
# the parent workflow is responsible for setting up the call events² | ||
on: | ||
workflow_call: | ||
|
||
# it wasn't needed to set up anything for GoLang because 'ubuntu-latest' has all dependencies | ||
jobs: | ||
# first stage | ||
code_check-style_golangci_lint: | ||
name: 'code-check > style:golangci-lint' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/golang/stages/10-code-check/golangci-lint@feat/#19' | ||
if: "!startsWith(github.ref, 'refs/tags/')" | ||
|
||
|
||
# second stage | ||
security-sast_horusec: | ||
name: 'security > sast:horusec' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-horusec@feat/#19' | ||
needs: [ 'code_check-style_golangci_lint' ] | ||
if: "!startsWith(github.ref, 'refs/tags/')" | ||
|
||
security-sast_semgrep: | ||
name: 'security > sast:semgrep' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-semgrep@feat/#19' | ||
with: | ||
semgrep_lang: 'golang' | ||
needs: [ 'code_check-style_golangci_lint' ] | ||
if: "!startsWith(github.ref, 'refs/tags/')" | ||
|
||
security-sast_gitleaks: | ||
name: 'security > sast:gitleaks' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-gitleaks@feat/#19' | ||
needs: [ 'code_check-style_golangci_lint' ] | ||
if: "!startsWith(github.ref, 'refs/tags/')" | ||
|
||
|
||
# third stage | ||
tests-test_all: | ||
name: 'tests > test:all' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/golang/stages/30-tests/all@feat/#19' | ||
needs: [ 'security-sast_horusec', 'security-sast_semgrep', 'security-sast_gitleaks' ] | ||
if: "!startsWith(github.ref, 'refs/tags/')" | ||
|
||
|
||
# fourth stage | ||
delivery-docker: | ||
name: 'delivery > docker' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/docker@feat/#19' | ||
needs: [ 'tests-test_all' ] | ||
if: "(github.event_name == 'push' && github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/')" | ||
|
||
delivery-release: | ||
name: 'delivery > release' | ||
runs-on: 'ubuntu-latest' | ||
steps: | ||
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/release@feat/#19' | ||
needs: [ 'tests-test_all' ] | ||
if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && (contains(github.event.workflow_run.head_commit.message, 'origin/chore/bump-') && contains(github.event.workflow_run.head_commit.message, 'chore(bump)'))" | ||
|
||
|
||
# 1 - this file MUST be inside ".github/workflows" because of GitHub Actions limitations | ||
# 2- the recommended events to trigger this work flow are: | ||
#on: | ||
# push: | ||
# branches: | ||
# - 'main' | ||
# tags: | ||
# - '*' | ||
# pull_request: | ||
# branches: | ||
# - 'main' | ||
# workflow_dispatch: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# Pipelines Project | ||
|
||
## Getting Started with GitLab | ||
|
||
```yaml | ||
include: | ||
- remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/golang/go-docker.yaml' | ||
|
||
.delivery: | ||
script: | ||
- docker build -t "$REGISTRY_PATH$IMAGE_SUFFIX:$TAG" -f .ci/40-delivery/Dockerfile . | ||
cache: | ||
key: 'test:all' | ||
paths: !reference [ .go, cache, paths ] | ||
policy: 'pull' | ||
``` | ||
## Getting Started with Azure DevOps | ||
```yaml | ||
trigger: | ||
branches: | ||
include: | ||
- 'main' | ||
tags: | ||
include: | ||
- '*' | ||
|
||
pool: | ||
vmImage: 'ubuntu-latest' | ||
|
||
variables: | ||
- ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/') }}: | ||
- group: 'your-tag-group-for-production' | ||
- ${{ else }}: | ||
- group: 'your-tag-group-for-development' | ||
|
||
resources: | ||
repositories: | ||
- repository: 'pipelines' | ||
type: 'github' | ||
name: 'rios0rios0/pipelines' | ||
endpoint: 'SVC_GITHUB' | ||
|
||
stages: | ||
- template: 'azure-devops/golang/go-arm.yaml@pipelines' | ||
``` | ||
## Contributing | ||
## License | ||
This project is licensed under the MIT License. |
File renamed without changes.
10 changes: 10 additions & 0 deletions
10
github/global/stages/20-security/docker-gitleaks/action.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19' | ||
- run: $SCRIPTS_DIR/global/scripts/gitleaks/run.sh | ||
shell: 'bash' |
11 changes: 11 additions & 0 deletions
11
github/global/stages/20-security/docker-horusec/action.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19' | ||
- run: $SCRIPTS_DIR/global/scripts/horusec/run.sh | ||
shell: 'bash' | ||
continue-on-error: true # TODO: this is a temporary fix, remove it after the issue is fixed |
15 changes: 15 additions & 0 deletions
15
github/global/stages/20-security/docker-semgrep/action.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
on: | ||
workflow_call: | ||
|
||
inputs: | ||
semgrep_lang: | ||
description: 'Sempgrep language to be used as default source' | ||
required: true | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19' | ||
- run: $SCRIPTS_DIR/global/scripts/semgrep/run.sh "${{ inputs.semgrep_lang }}" | ||
shell: 'bash' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'docker/login-action@v3' | ||
with: | ||
registry: 'ghcr.io' | ||
username: '${{ github.actor }}' | ||
password: '${{ secrets.GITHUB_TOKEN }}' | ||
- uses: 'docker/build-push-action@v5' | ||
with: | ||
file: '.ci/40-delivery/Dockerfile' | ||
context: '.' | ||
push: true | ||
tags: "ghcr.io/${{ github.repository }}:latest,ghcr.io/${{ github.repository }}:${{ github.ref_type == 'tag' && github.ref[10:] || 'latest' }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
outputs: | ||
upload_url: ${{ steps.create_release.outputs.upload_url }} | ||
steps: | ||
- uses: 'softprops/action-gh-release@v1' | ||
with: | ||
draft: false | ||
prerelease: false | ||
name: '${{ github.ref[10:] }}' | ||
tag_name: '${{ github.ref[10:] }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- run: | | ||
echo "SCRIPTS_DIR=${{ github.workspace }}/pipelines_$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV | ||
echo "SCRIPTS_REPO=https://github.com/rios0rios0/pipelines.git" >> $GITHUB_ENV | ||
shell: 'bash' | ||
- uses: 'actions/checkout@v4' | ||
with: | ||
repository: 'rios0rios0/pipelines' | ||
path: '${{ env.SCRIPTS_DIR }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../.github/workflows/go-debian.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../.github/workflows/go-docker.yaml |
Empty file.
43 changes: 43 additions & 0 deletions
43
github/golang/stages/10-code-check/golangci-lint/action.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19' | ||
# TODO: you must use a GitHub App with the checks:write | ||
#- id: create-check-run | ||
# uses: actions/github-script@v5 | ||
# with: | ||
# script: | | ||
# const { data: checkRun } = await github.rest.checks.create({ | ||
# owner: context.repo.owner, | ||
# repo: context.repo.repo, | ||
# name: 'custom-check', | ||
# head_sha: context.sha, | ||
# status: 'in_progress', | ||
# output: { | ||
# title: 'Custom Check', | ||
# summary: 'The check is in progress...' | ||
# } | ||
# }); | ||
# return checkRun.id; | ||
- id: 'golangci_lint' | ||
run: $SCRIPTS_DIR/global/scripts/golangci-lint/run.sh || echo "EXIT_CODE=$?" >> $GITHUB_ENV && exit $EXIT_CODE | ||
shell: 'bash' | ||
continue-on-error: true | ||
# TODO: you must use a GitHub App with the checks:write | ||
#- uses: actions/github-script@v7 | ||
# with: | ||
# script: | | ||
# await github.rest.checks.update({ | ||
# owner: context.repo.owner, | ||
# repo: context.repo.repo, | ||
# check_run_id: ${{ steps.get-check-run-id.outputs.result }}, | ||
# conclusion: 'success', | ||
# output: { | ||
# title: 'Custom Check', | ||
# summary: "golangci-lint had detected issues in the code :x:" | ||
# } | ||
# }); |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
on: | ||
workflow_call: | ||
|
||
runs: | ||
using: 'composite' | ||
steps: | ||
- uses: 'actions/checkout@v3' | ||
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19' | ||
- run: $SCRIPTS_DIR/global/scripts/golang/test/run.sh | ||
shell: 'bash' |
Empty file.