ivuorinen/gibidify
1
0
Fork 0
mirror of https://github.com/ivuorinen/gibidify.git synced 2026-01-26 11:34:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1e4869b79c8c6ffac0afcd0360ede215e7d5def3
gibidify/.github/workflows/build-test-publish.yml

156 lines
4.5 KiB
YAML
Raw Blame History

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Build, Test, Coverage, and Publish
on:
push:
branches: [main]
pull_request:
branches: [main]
release:
types: [created]
permissions:
contents: read
jobs:
test:
name: Run Tests with Coverage and SARIF
runs-on: ubuntu-latest
permissions:
contents: write
checks: write
pull-requests: write
security-events: write
statuses: write
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
with:
egress-policy: audit
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: "./go.mod"
cache: true
- name: Install dependencies
run: go mod tidy
- name: Run tests
run: go test -json ./... > test-results.json
- name: Generate coverage report
run: go test -coverprofile=coverage.out ./...
- name: Check coverage
id: coverage
run: |
coverage="$(go tool cover -func=coverage.out | grep total | awk '{print substr($3, 1, length($3)-1)}')"
echo "total_coverage=$coverage" >> "$GITHUB_ENV"
echo "Coverage: $coverage%"
- name: Upload test results
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: test-results
path: test-results.json
- name: Cleanup
run: rm coverage.out
- name: Fail if coverage is below threshold
run: |
if (( $(echo "$total_coverage < 50" | bc -l) )); then
echo "Coverage ($total_coverage%) is below the threshold (50%)"
exit 1
fi
build:
name: Build Binaries
needs: test
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
strategy:
matrix:
goos: [linux, darwin, windows]
goarch: [amd64, arm64]
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
with:
go-version-file: "./go.mod"
- name: Run go mod tidy
run: go mod tidy
- name: Build binary for ${{ matrix.goos }}-${{ matrix.goarch }}
run: |
mkdir -p dist
GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} go build \
-ldflags "-X main.Version=${{ github.ref_name }}" \
-o dist/gibidify-${{ matrix.goos }}-${{ matrix.goarch }}${{ matrix.goos == 'windows' && '.exe' || '' }} \
.
- name: Generate SHA256 checksum
run: |
cd dist
for f in gibidify-*; do
sha256sum "$f" > "$f.sha256"
done
- name: Upload artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: gibidify-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/*
docker:
name: Build and Publish Docker Image
if: github.event_name == 'release'
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download Linux binaries
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: gibidify-linux-amd64
path: .
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Log in to GitHub Container Registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build and push multi-arch Docker image
run: |
chmod +x gibidify-linux-amd64
mv gibidify-linux-amd64 gibidify
docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 \
--tag ghcr.io/${{ github.repository }}/gibidify:${{ github.ref_name }} \
--tag ghcr.io/${{ github.repository }}/gibidify:latest \
--push \
--squash .
Reference in New Issue View Git Blame Copy Permalink