name: Test, scan, build, release on: workflow_dispatch: push: paths-ignore: - '**.md' - 'action.yml' branches: - "master" - "main" env: ENABLE_CODE_LINT: false ENABLE_CODE_SCANS: false DEPLOY: false jobs: prepare: name: Preparing build context runs-on: ubuntu-latest outputs: SANITISED_REPOSITORY_NAME: ${{ steps.get_env.outputs.SANITISED_REPOSITORY_NAME }} DOCKER_IMAGE: ${{ steps.get_env.outputs.DOCKER_IMAGE }} GITHUB_COMMIT_NUMBER: ${{ steps.get_env.outputs.GITHUB_COMMIT_NUMBER }} GITHUB_SHA: ${{ steps.get_env.outputs.GITHUB_SHA }} GITHUB_RUN_ID: ${{ steps.get_env.outputs.GITHUB_RUN_ID }} RELEASE_VERSION: ${{ steps.get_env.outputs.RELEASE_VERSION }} steps: - name: Checkout repo uses: actions/checkout@v2 with: fetch-depth: '0' - name: Setting environment variables id: get_env run: | DOWNLOAD_URL=$(curl -s https://api.github.com/repos/lukaszraczylo/semver-generator/releases/latest \ | grep browser_download_url \ | grep semver-gen-linux-amd64 \ | cut -d '"' -f 4) curl -s -L -o semver-gen "$DOWNLOAD_URL" && chmod +x semver-gen TMP_SANITISED_REPOSITORY_NAME=$(echo ${{ github.event.repository.name }} | sed -e 's|\.|-|g') TMP_GITHUB_COMMITS_COUNT=$(git rev-list --count HEAD) TMP_GITHUB_COUNT_NUMBER=$(echo ${GITHUB_RUN_NUMBER}) TMP_RELEASE_VERSION=$(./semver-gen generate -l -c config-release.yaml | sed -e 's|SEMVER ||g') echo "::set-output name=SANITISED_REPOSITORY_NAME::$TMP_SANITISED_REPOSITORY_NAME" echo "::set-output name=DOCKER_IMAGE::ghcr.io/${{ github.repository_owner }}/$TMP_SANITISED_REPOSITORY_NAME" echo "::set-output name=GITHUB_COMMIT_NUMBER::$TMP_GITHUB_COMMITS_COUNT" echo "::set-output name=GITHUB_SHA::$(echo ${GITHUB_SHA::8})" echo "::set-output name=GITHUB_RUN_ID::$TMP_GITHUB_COUNT_NUMBER" echo "::set-output name=RELEASE_VERSION::$TMP_RELEASE_VERSION" test: needs: [ prepare ] name: Code checks pipeline runs-on: ubuntu-20.04 container: github/super-linter:v3.15.5 env: CI: true steps: - name: Checkout repo uses: actions/checkout@v2 - name: Lint Code Base if: env.ENABLE_CODE_LINT == true env: VALIDATE_ALL_CODEBASE: true VALIDATE_DOCKERFILE: false # this leaves us with hadolint only VALIDATE_GO: false # disable bulk validation of go files, run the linter manually DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }} LOG_LEVEL: WARN run: | golangci-lint run --exclude-use-default ./... /action/lib/linter.sh - name: Run unit tests env: GITHUB_TOKEN: ${{ secrets.GHCR_TOKEN }} run: | make test CI_RUN=${CI} - name: Upload codecov result uses: codecov/codecov-action@v1 with: token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos files: coverage.out code_scans: needs: [ prepare ] name: Code scans pipeline runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@v2 - name: Configure git for private modules run: | make update - name: WriteGoList run: go list -json -m all > go.list - name: Running nancy if: env.ENABLE_CODE_SCANS == true uses: sonatype-nexus-community/nancy-github-action@main - name: Running gosec if: env.ENABLE_CODE_SCANS == true uses: securego/gosec@master with: args: ./... build: needs: [ prepare, test, code_scans ] name: Docker image build (regular:multiarch) runs-on: ubuntu-latest steps: - name: Checkout repo uses: actions/checkout@v2 - name: Set up QEMU uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Login to GHCR if: github.event_name != 'pull_request' uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ github.ACTOR }} password: ${{ secrets.GHCR_TOKEN }} - name: Prepare for push id: prep run: | TAGS="${{ needs.prepare.outputs.DOCKER_IMAGE }}:${{ needs.prepare.outputs.GITHUB_SHA }},${{ needs.prepare.outputs.DOCKER_IMAGE }}:${{ needs.prepare.outputs.RELEASE_VERSION }},${{ needs.prepare.outputs.DOCKER_IMAGE }}:latest" echo ::set-output name=tags::${TAGS} BRANCH=$(echo ${GITHUB_REF##*/} | tr '[A-Z]' '[a-z]') LABELS="org.opencontainers.image.revision=${{ needs.prepare.outputs.GITHUB_SHA }}" LABELS="$LABELS,org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" LABELS="$LABELS,org.opencontainers.image.version=$VERSION" LABELS="$LABELS,com.github.repo.branch=$BRANCH" LABELS="$LABELS,com.github.repo.dockerfile=Dockerfile" echo ::set-output name=labels::${LABELS} BUILD_ARGS="BRANCH=$BRANCH" echo ::set-output name=args::${BUILD_ARGS} - name: Build image id: docker_build uses: docker/build-push-action@v2 with: builder: ${{ steps.buildx.outputs.name }} platforms: linux/arm64,linux/amd64 push: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} tags: ${{ steps.prep.outputs.tags }} build-args: | GITHUB_AUTH_TOKEN=${{ secrets.GHCR_TOKEN }} MICROSERVICE_NAME=${{ github.event.repository.name }} GITHUB_COMMIT_NUMBER=${{ needs.prepare.outputs.GITHUB_COMMIT_NUMBER }} GITHUB_SHA=${{ needs.prepare.outputs.GITHUB_SHA }} ${{ steps.prep.outputs.args }} labels: ${{ steps.prep.outputs.labels }} no-cache: false - name: Scan image uses: anchore/scan-action@v2 if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} with: image: "${{ needs.prepare.outputs.DOCKER_IMAGE }}:${{ needs.prepare.outputs.GITHUB_SHA }}" fail-build: true build-binary: needs: [ prepare, test, code_scans ] name: Binary compilation and release runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 with: fetch-depth: 0 - name: Compile binary uses: thatisuday/go-cross-build@v1.0.2 with: platforms: linux/amd64,darwin/amd64,windows/amd64,linux/arm64,darwin/amd64,darwin/arm64 name: semver-gen package: ./ compress: false dest: dist ldflags: -s -w -X main.PKG_VERSION=${{ needs.prepare.outputs.RELEASE_VERSION }} - name: Get list of the commits since last release run: | echo "$(git log $(git describe --tags --abbrev=0)..HEAD --pretty=format:"%h %s")" > .release_notes - name: Create Release id: create_release uses: softprops/action-gh-release@v0.1.5 if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: files: dist/semver-gen-* tag_name: ${{ needs.prepare.outputs.RELEASE_VERSION }} name: ${{ needs.prepare.outputs.RELEASE_VERSION }} body_path: .release_notes draft: false prerelease: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main' }} - name: Delete previous v1 release asset uses: mknejp/delete-release-assets@v1 with: token: ${{ github.token }} fail-if-no-assets: false tag: v1 assets: 'semver-gen-*' - name: Create Release V1 id: create_release_global uses: softprops/action-gh-release@v0.1.5 if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: files: dist/semver-gen-* tag_name: v1 name: v1 body_path: .release_notes draft: false prerelease: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main' }}