Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: improving ci config #550

Merged
merged 1 commit into from Sep 25, 2022
Merged

chore: improving ci config #550

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
85 changes: 23 additions & 62 deletions .github/workflows/build.yml
View file
Open in desktop
Expand Up @@ -6,32 +6,47 @@ on:
- v*
branches:
- main
paths:
- 'go.*'
- '**/*.go'
- 'Taskfile.yml'
- 'Dockerfile'
- '.github/workflows/build.yml'
- 'testdata/'
pull_request:
paths:
- 'go.*'
- '**/*.go'
- 'Taskfile.yml'
- 'Dockerfile'
- '.github/workflows/build.yml'
- 'testdata/'

permissions:
contents: write
id-token: write
packages: write
contents: read

jobs:
govulncheck:
uses: caarlos0/meta/.github/workflows/govulncheck.yml@main
with:
go-version: '>=1.19.1'
semgrep:
uses: caarlos0/meta/.github/workflows/semgrep.yml@main
ruleguard:
uses: caarlos0/meta/.github/workflows/ruleguard.yml@main
with:
go-version: '>=1.19.1'
args: '-disable largeloopcopy'
unit-tests:
strategy:
matrix:
os: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
Expand Down Expand Up @@ -59,7 +74,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
Expand All @@ -73,58 +88,4 @@ jobs:
run: ./scripts/test.sh acceptance ubuntu-latest
env:
TEST_PATTERN: "/${{ matrix.pkgFormat }}/${{ matrix.pkgPlatform }}/"
goreleaser:
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
needs:
- unit-tests
- Acceptance-Tests
permissions:
contents: write
id-token: write
packages: write
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '~1.19'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v2.6.0
- uses: anchore/sbom-action/download-syft@v0.12.0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- run: task build
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v3
if: success()
with:
version: latest
args: release --rm-dist
distribution: goreleaser-pro
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}

2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
View file
Open in desktop
Expand Up @@ -6,7 +6,7 @@ on:

jobs:
analyze:
name: analyze
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest

permissions:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/docs.yml
View file
Open in desktop
Expand Up @@ -13,6 +13,7 @@ permissions: read-all

jobs:
htmltest:
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
Expand All @@ -22,6 +23,7 @@ jobs:
- uses: actions/setup-go@v3
with:
go-version: 1.19
cache: true
- run: task docs:build
- uses: wjdp/htmltest-action@master
with:
Expand Down
20 changes: 7 additions & 13 deletions .github/workflows/generate.yml
View file
Open in desktop
Expand Up @@ -13,23 +13,17 @@ on:
jobs:
docs:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
steps:
-
name: checkout
uses: actions/checkout@v3
-
name: setup go
uses: actions/setup-go@v3
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19
-
name: Set up Task
uses: arduino/setup-task@v1
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
-
name: Refresh docs
run: task docs:generate
- run: task docs:generate
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: "docs: update cmd docs"
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/lint.yml
View file
Open in desktop
Expand Up @@ -14,8 +14,9 @@ jobs:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ~1.19
- uses: actions/checkout@v3
go-version: '>=1.19.1'
cache: true
- uses: golangci/golangci-lint-action@v3
2 changes: 1 addition & 1 deletion .github/workflows/lock.yml
View file
Open in desktop
Expand Up @@ -14,7 +14,7 @@ permissions:

jobs:
lock:
if: github.repository == 'goreleaser/nfpm'
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v3
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/milestone.yml
View file
Open in desktop
Expand Up @@ -15,6 +15,7 @@ permissions:
jobs:
milestone:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
steps:
- uses: actions/github-script@v6
with:
Expand Down
63 changes: 63 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
@@ -0,0 +1,63 @@
name: release

on:
push:
tags:
- 'v*'

permissions:
contents: write
id-token: write
packages: write

jobs:
goreleaser:
runs-on: ubuntu-latest
if: github.event.pull_request.head.repo.full_name == github.repository
env:
DOCKER_CLI_EXPERIMENTAL: "enabled"
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: actions/setup-go@v3
with:
go-version: '>=1.19.1'
cache: true
- uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- uses: sigstore/cosign-installer@v2.6.0
- uses: anchore/sbom-action/download-syft@v0.12.0
- uses: docker/setup-qemu-action@v2
- uses: docker/setup-buildx-action@v2
- run: task setup
- run: task build
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- uses: docker/login-action@v2
if: startsWith(github.ref, 'refs/tags/v')
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: goreleaser/goreleaser-action@v3
if: success()
with:
version: latest
args: release --rm-dist
distribution: goreleaser-pro
env:
GITHUB_TOKEN: ${{ secrets.GH_PAT }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
TWITTER_CONSUMER_KEY: ${{ secrets.TWITTER_CONSUMER_KEY }}
TWITTER_CONSUMER_SECRET: ${{ secrets.TWITTER_CONSUMER_SECRET }}
TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}
DISCORD_WEBHOOK_ID: ${{ secrets.DISCORD_WEBHOOK_ID }}
DISCORD_WEBHOOK_TOKEN: ${{ secrets.DISCORD_WEBHOOK_TOKEN }}
FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
AUR_KEY: ${{ secrets.AUR_KEY }}