Skip to content

Commit

Permalink
chore: improving ci config (#550)
Browse files Browse the repository at this point in the history 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
  • Loading branch information
@caarlos0
caarlos0 committed Sep 25, 2022
1 parent 4db80eb commit cbf543f
Show file tree
Hide file tree
Showing 8 changed files with 101 additions and 79 deletions.
85 changes: 23 additions & 62 deletions .github/workflows/build.yml
View file
Expand Up @@ -6,32 +6,47 @@ on:
- v*
branches:
- main
paths:
- 'go.*'
- '**/*.go'
- 'Taskfile.yml'
- 'Dockerfile'
- '.github/workflows/build.yml'
- 'testdata/'
pull_request:
paths:
- 'go.*'
- '**/*.go'
- 'Taskfile.yml'
- 'Dockerfile'
- '.github/workflows/build.yml'
- 'testdata/'

permissions:
contents: write
id-token: write
packages: write
contents: read

jobs:
govulncheck:
uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
with:
go-version: '>=1.19.1'
semgrep:
uses: caarlos0/meta/.github/workflows/semgrep.yml@main
ruleguard:
uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
with:
go-version: '>=1.19.1'
args: '-disable largeloopcopy'
unit-tests:
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
Expand Down Expand Up @@ -59,7 +74,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
Expand All @@ -73,58 +88,4 @@ jobs:
run: ./scripts/test.sh acceptance ubuntu-latest
env:
TEST_PATTERN: "/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/"
goreleaser:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- unit-tests
- Acceptance-Tests
permissions:
contents: write
id-token: write
packages: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v2.6.0
- uses: anchore/sbom-action/download-syft@v0.12.0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- run: task build
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v3
if: success()
with:
version: latest
args: release --rm-dist
distribution: goreleaser-pro
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}

2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
View file
Expand Up @@ -6,7 +6,7 @@ on:

jobs:
analyze:
name: analyze
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest

permissions:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/docs.yml
View file
Expand Up @@ -13,6 +13,7 @@ permissions: read-all

jobs:
htmltest:
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand All @@ -22,6 +23,7 @@ jobs:
- uses: actions/setup-go@v3
with:
go-version: 1.19
cache: true
- run: task docs:build
- uses: wjdp/htmltest-action@master
with:
Expand Down
20 changes: 7 additions & 13 deletions .github/workflows/generate.yml
View file
Expand Up @@ -13,23 +13,17 @@ on:
jobs:
docs:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
steps:
-
name: checkout
uses: actions/checkout@v3
-
name: setup go
uses: actions/setup-go@v3
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19
-
name: Set up Task
uses: arduino/setup-task@v1
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
-
name: Refresh docs
run: task docs:generate
- run: task docs:generate
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: "docs: update cmd docs"
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/lint.yml
View file
Expand Up @@ -14,8 +14,9 @@ jobs:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ~1.19
- uses: actions/checkout@v3
go-version: '>=1.19.1'
cache: true
- uses: golangci/golangci-lint-action@v3
2 changes: 1 addition & 1 deletion .github/workflows/lock.yml
View file
Expand Up @@ -14,7 +14,7 @@ permissions:

jobs:
lock:
if: github.repository == 'goreleaser/nfpm'
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v3
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/milestone.yml
View file
Expand Up @@ -15,6 +15,7 @@ permissions:
jobs:
milestone:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
steps:
- uses: actions/github-script@v6
with:
Expand Down
63 changes: 63 additions & 0 deletions .github/workflows/release.yml
View file
@@ -0,0 +1,63 @@
name: release

on:
push:
tags:
- 'v*'

permissions:
contents: write
id-token: write
packages: write

jobs:
goreleaser:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v2.6.0
- uses: anchore/sbom-action/download-syft@v0.12.0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- run: task build
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v3
if: success()
with:
version: latest
args: release --rm-dist
distribution: goreleaser-pro
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}

0 comments on commit cbf543f

Please sign in to comment.