# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json name: Build, Test, Coverage, and Publish on: push: branches: [main] pull_request: branches: [main] release: types: [created] permissions: {} jobs: test: name: Run Tests with Coverage and SARIF runs-on: ubuntu-latest permissions: contents: write checks: write pull-requests: write security-events: write statuses: write steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Go uses: ./.github/actions/setup with: token: ${{ github.token }} - name: Download dependencies shell: bash run: go mod download - name: Run tests with coverage shell: bash run: | go test -race -covermode=atomic -json -coverprofile=coverage.out ./... | tee test-results.json - name: Check coverage id: coverage if: always() shell: bash run: | if [[ ! -f coverage.out ]]; then echo "coverage.out is missing; tests likely failed before producing coverage" exit 1 fi coverage="$(go tool cover -func=coverage.out | grep total | awk '{print substr($3, 1, length($3)-1)}')" echo "total_coverage=$coverage" >> "$GITHUB_ENV" echo "Coverage: $coverage%" - name: Upload test results if: always() uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: test-results path: test-results.json - name: Cleanup if: always() shell: bash run: rm -f coverage.out test-results.json - name: Fail if coverage is below threshold if: always() shell: bash run: | if [[ -z "${total_coverage:-}" ]]; then echo "total_coverage is unset; previous step likely failed" exit 1 fi awk -v cov="$total_coverage" 'BEGIN{ if (cov < 60) exit 1; else exit 0 }' || { echo "Coverage ($total_coverage%) is below the threshold (60%)" exit 1 } build: name: Build Binaries needs: test runs-on: ubuntu-latest permissions: contents: write packages: write strategy: matrix: goos: [linux, darwin, windows] goarch: [amd64, arm64] steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Go uses: ./.github/actions/setup with: token: ${{ github.token }} - name: Download dependencies run: go mod download - name: Build binary for ${{ matrix.goos }}-${{ matrix.goarch }} run: | mkdir -p dist GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build \ -ldflags "-X main.Version=${{ github.ref_name }}" \ -o dist/gibidify-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goos == 'windows' && '.exe' || '' }} \ . - name: Generate SHA256 checksum run: | cd dist for f in gibidify-*; do sha256sum "$f" > "$f.sha256" done - name: Upload artifact uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: gibidify-${{ matrix.goos }}-${{ matrix.goarch }} path: dist/* docker: name: Build and Publish Docker Image if: github.event_name == 'release' needs: build runs-on: ubuntu-latest permissions: contents: write packages: write steps: - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Go uses: ./.github/actions/setup with: token: ${{ github.token }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Log in to GitHub Container Registry run: | echo "${{ github.token }}" | docker login ghcr.io \ -u "$(echo "${{ github.actor }}" | tr '[:upper:]' '[:lower:]')" \ --password-stdin - name: Build and push Docker image run: | repo="$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')" docker buildx build --platform linux/amd64 \ --tag "ghcr.io/${repo}/gibidify:${{ github.ref_name }}" \ --tag "ghcr.io/${repo}/gibidify:latest" \ --push .