Skip to content

Commit

Permalink
feat(#19): added the code check step for GoLang inside the GitHub Act…
Browse files Browse the repository at this point in the history
…ions provider

Signed-off-by: Felipe Rios <[email protected]>
  • Loading branch information
rios0rios0 committed Feb 8, 2024
1 parent 9199999 commit a1a11b3
Show file tree
Hide file tree
Showing 21 changed files with 309 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
## :vertical_traffic_light: Quality checklist

- [ ] Did you add the changes in the `CHANGELOG.md`?
File renamed without changes.
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
## :vertical_traffic_light: Quality checklist

- [ ] Did you add the changes in the `CHANGELOG.md`?
- [ ] Are the tests passing?
30 changes: 30 additions & 0 deletions .github/workflows/go-debian.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# see the bottom of the file for more information¹
# the parent workflow is responsible for setting up the call events²
on:
workflow_call:

# it wasn't needed to set up anything for GoLang because 'ubuntu-latest' has all dependencies
jobs:
# TODO: everything from the other file + fifth stage

# fifth stage
deployment:
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/deb-releaser@feat/#19'
needs: [ 'tests-test_all' ]
if: "(github.event_name == 'push' && github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/')"


# 1 - this file MUST be inside ".github/workflows" because of GitHub Actions limitations
# 2- the recommended events to trigger this work flow are:
#on:
# push:
# branches:
# - 'main'
# tags:
# - '*'
# pull_request:
# branches:
# - 'main'
# workflow_dispatch:
84 changes: 84 additions & 0 deletions .github/workflows/go-docker.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
# see the bottom of the file for more information¹
# the parent workflow is responsible for setting up the call events²
on:
workflow_call:

# it wasn't needed to set up anything for GoLang because 'ubuntu-latest' has all dependencies
jobs:
# first stage
code_check-style_golangci_lint:
name: 'code-check > style:golangci-lint'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/golang/stages/10-code-check/golangci-lint@feat/#19'
if: "!startsWith(github.ref, 'refs/tags/')"


# second stage
security-sast_horusec:
name: 'security > sast:horusec'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-horusec@feat/#19'
needs: [ 'code_check-style_golangci_lint' ]
if: "!startsWith(github.ref, 'refs/tags/')"

security-sast_semgrep:
name: 'security > sast:semgrep'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-semgrep@feat/#19'
with:
semgrep_lang: 'golang'
needs: [ 'code_check-style_golangci_lint' ]
if: "!startsWith(github.ref, 'refs/tags/')"

security-sast_gitleaks:
name: 'security > sast:gitleaks'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/20-security/docker-gitleaks@feat/#19'
needs: [ 'code_check-style_golangci_lint' ]
if: "!startsWith(github.ref, 'refs/tags/')"


# third stage
tests-test_all:
name: 'tests > test:all'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/golang/stages/30-tests/all@feat/#19'
needs: [ 'security-sast_horusec', 'security-sast_semgrep', 'security-sast_gitleaks' ]
if: "!startsWith(github.ref, 'refs/tags/')"


# fourth stage
delivery-docker:
name: 'delivery > docker'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/docker@feat/#19'
needs: [ 'tests-test_all' ]
if: "(github.event_name == 'push' && github.ref == 'refs/heads/main') || startsWith(github.ref, 'refs/tags/')"

delivery-release:
name: 'delivery > release'
runs-on: 'ubuntu-latest'
steps:
- uses: 'rios0rios0/pipelines/github/global/stages/40-delivery/release@feat/#19'
needs: [ 'tests-test_all' ]
if: "github.event_name == 'push' && github.ref == 'refs/heads/main' && (contains(github.event.workflow_run.head_commit.message, 'origin/chore/bump-') && contains(github.event.workflow_run.head_commit.message, 'chore(bump)'))"


# 1 - this file MUST be inside ".github/workflows" because of GitHub Actions limitations
# 2- the recommended events to trigger this work flow are:
#on:
# push:
# branches:
# - 'main'
# tags:
# - '*'
# pull_request:
# branches:
# - 'main'
# workflow_dispatch:
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ Exceptions are acceptable depending on the circumstances (critical bug fixes tha
- added the missing configuration to Azure DevOps deployment with JS
- added a new step to replace the environment variables contained inside the `yaml` file
- added a script into the Golang `delivery` to get the new `siteName` variable
- added the code check step for GoLang inside the GitHub Actions provider

### Changed

Expand Down
54 changes: 54 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Pipelines Project

## Getting Started with GitLab

```yaml
include:
- remote: 'https://raw.githubusercontent.com/rios0rios0/pipelines/main/gitlab/golang/go-docker.yaml'

.delivery:
script:
- docker build -t "$REGISTRY_PATH$IMAGE_SUFFIX:$TAG" -f .ci/40-delivery/Dockerfile .
cache:
key: 'test:all'
paths: !reference [ .go, cache, paths ]
policy: 'pull'
```
## Getting Started with Azure DevOps
```yaml
trigger:
branches:
include:
- 'main'
tags:
include:
- '*'

pool:
vmImage: 'ubuntu-latest'

variables:
- ${{ if startsWith(variables['Build.SourceBranch'], 'refs/tags/') }}:
- group: 'your-tag-group-for-production'
- ${{ else }}:
- group: 'your-tag-group-for-development'

resources:
repositories:
- repository: 'pipelines'
type: 'github'
name: 'rios0rios0/pipelines'
endpoint: 'SVC_GITHUB'

stages:
- template: 'azure-devops/golang/go-arm.yaml@pipelines'
```
## Contributing
## License
This project is licensed under the MIT License.
File renamed without changes.
10 changes: 10 additions & 0 deletions github/global/stages/20-security/docker-gitleaks/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19'
- run: $SCRIPTS_DIR/global/scripts/gitleaks/run.sh
shell: 'bash'
11 changes: 11 additions & 0 deletions github/global/stages/20-security/docker-horusec/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19'
- run: $SCRIPTS_DIR/global/scripts/horusec/run.sh
shell: 'bash'
continue-on-error: true # TODO: this is a temporary fix, remove it after the issue is fixed
15 changes: 15 additions & 0 deletions github/global/stages/20-security/docker-semgrep/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
on:
workflow_call:

inputs:
semgrep_lang:
description: 'Sempgrep language to be used as default source'
required: true

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19'
- run: $SCRIPTS_DIR/global/scripts/semgrep/run.sh "${{ inputs.semgrep_lang }}"
shell: 'bash'
18 changes: 18 additions & 0 deletions github/global/stages/40-delivery/docker/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'docker/login-action@v3'
with:
registry: 'ghcr.io'
username: '${{ github.actor }}'
password: '${{ secrets.GITHUB_TOKEN }}'
- uses: 'docker/build-push-action@v5'
with:
file: '.ci/40-delivery/Dockerfile'
context: '.'
push: true
tags: "ghcr.io/${{ github.repository }}:latest,ghcr.io/${{ github.repository }}:${{ github.ref_type == 'tag' && github.ref[10:] || 'latest' }}"
14 changes: 14 additions & 0 deletions github/global/stages/40-delivery/release/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
on:
workflow_call:

runs:
using: 'composite'
outputs:
upload_url: ${{ steps.create_release.outputs.upload_url }}
steps:
- uses: 'softprops/action-gh-release@v1'
with:
draft: false
prerelease: false
name: '${{ github.ref[10:] }}'
tag_name: '${{ github.ref[10:] }}'
14 changes: 14 additions & 0 deletions github/golang/abstracts/scripts-repo/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- run: |
echo "SCRIPTS_DIR=${{ github.workspace }}/pipelines_$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV
echo "SCRIPTS_REPO=https://github.com/rios0rios0/pipelines.git" >> $GITHUB_ENV
shell: 'bash'
- uses: 'actions/checkout@v4'
with:
repository: 'rios0rios0/pipelines'
path: '${{ env.SCRIPTS_DIR }}'
1 change: 1 addition & 0 deletions github/golang/go-debian.yaml
1 change: 1 addition & 0 deletions github/golang/go-docker.yaml
Empty file added github/golang/scripts/.gitkeep
Empty file.
43 changes: 43 additions & 0 deletions github/golang/stages/10-code-check/golangci-lint/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19'
# TODO: you must use a GitHub App with the checks:write
#- id: create-check-run
# uses: actions/github-script@v5
# with:
# script: |
# const { data: checkRun } = await github.rest.checks.create({
# owner: context.repo.owner,
# repo: context.repo.repo,
# name: 'custom-check',
# head_sha: context.sha,
# status: 'in_progress',
# output: {
# title: 'Custom Check',
# summary: 'The check is in progress...'
# }
# });
# return checkRun.id;
- id: 'golangci_lint'
run: $SCRIPTS_DIR/global/scripts/golangci-lint/run.sh || echo "EXIT_CODE=$?" >> $GITHUB_ENV && exit $EXIT_CODE
shell: 'bash'
continue-on-error: true
# TODO: you must use a GitHub App with the checks:write
#- uses: actions/github-script@v7
# with:
# script: |
# await github.rest.checks.update({
# owner: context.repo.owner,
# repo: context.repo.repo,
# check_run_id: ${{ steps.get-check-run-id.outputs.result }},
# conclusion: 'success',
# output: {
# title: 'Custom Check',
# summary: "golangci-lint had detected issues in the code :x:"
# }
# });
Empty file.
10 changes: 10 additions & 0 deletions github/golang/stages/30-tests/all/action.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
on:
workflow_call:

runs:
using: 'composite'
steps:
- uses: 'actions/checkout@v3'
- uses: 'rios0rios0/pipelines/github/golang/abstracts/scripts-repo@feat/#19'
- run: $SCRIPTS_DIR/global/scripts/golang/test/run.sh
shell: 'bash'
Empty file.

0 comments on commit a1a11b3

Please sign in to comment.