TDvorak/Devour
1
0
Fork 0
mirror of https://github.com/Dvorinka/Devour.git synced 2026-06-03 20:13:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Tomas Dvorak
2026-02-22 10:46:16 +01:00
parent 28ca9577cd
commit 0b88627e54
5 changed files with 454 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/README.md
+111
View File
@@ -0,0 +1,111 @@
# GitHub Actions Workflows
This directory contains the CI/CD workflows for the Devour project.
## Workflows
### 1. CI/CD Pipeline (`ci.yml`)
**Triggers:**
- Push to `main` or `develop` branches
- Pull requests to `main` or `develop` branches
- Release publications
**Jobs:**
- **Test**: Runs unit tests with race detection and uploads coverage to Codecov
- **Lint**: Runs golangci-lint for code quality checks
- **Security**: Scans for security vulnerabilities using Gosec
- **Build**: Builds cross-platform binaries (Linux, Windows, macOS) for amd64/arm64
- **Docker**: Builds and pushes Docker images to Docker Hub
- **Release**: Creates GitHub releases with compiled binaries
### 2. Code Quality (`quality.yml`)
**Triggers:**
- Push to `main` or `develop` branches
- Pull requests to `main` or `develop` branches
**Checks:**
- `go vet` for potential issues
- Code formatting with `gofmt`
- Inefficient assignments with `ineffassign`
- Spelling errors with `misspell`
- Static analysis with `staticcheck`
- TODO/FIXME comment detection
- `go mod tidy` validation
- Code coverage threshold (minimum 80%)
- SonarCloud analysis (optional)
### 3. Dependabot (`dependabot.yml`)
**Features:**
- Weekly dependency updates for Go modules
- Weekly GitHub Actions updates
- Automatic pull requests with dependency updates
## Required Secrets
To enable all features, add these secrets to your GitHub repository:
### Docker Hub Integration
- `DOCKER_USERNAME`: Your Docker Hub username
- `DOCKER_PASSWORD`: Your Docker Hub password or access token
### SonarCloud Integration (Optional)
- `SONAR_TOKEN`: Your SonarCloud project token
## Environment Variables
- `GO_VERSION`: Set to '1.24' (can be updated in workflows)
## Build Artifacts
### Binaries
The CI pipeline builds binaries for:
- Linux (amd64, arm64)
- Windows (amd64)
- macOS (amd64, arm64)
### Docker Images
- Multi-platform images (linux/amd64, linux/arm64)
- Tags: branch name, PR number, semantic version tags
## Coverage Reports
- Test coverage is uploaded to Codecov
- Minimum coverage threshold: 80%
- Coverage reports are generated for each test run
## Security Scanning
- Gosec security scanner runs on every push/PR
- SARIF results are uploaded to GitHub Security tab
- Dependencies are automatically updated by Dependabot
## Local Development
To run the same checks locally:
```bash
# Run tests with coverage
make test-coverage
# Run linting
make lint
# Format code
make fmt
# Build for production
make build-prod
# Build Docker image
make docker
```
## Release Process
1. Create a new tag: `git tag v1.0.0`
2. Push the tag: `git push origin v1.0.0`
3. Create a GitHub release (or let the workflow create it automatically)
4. Binaries and Docker images will be built and published automatically
.github/workflows/ci.yml
+220
View File
@@ -0,0 +1,220 @@
name: CI/CD Pipeline
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
release:
types: [ published ]
env:
GO_VERSION: '1.24'
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Download dependencies
run: go mod download
- name: Run tests
run: go test -v -race -coverprofile=coverage.out ./...
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.out
flags: unittests
name: codecov-umbrella
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: latest
args: --timeout=5m
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Run Gosec Security Scanner
uses: securecodewarrior/github-action-gosec@master
with:
args: '-no-fail -fmt sarif -out results.sarif ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
build:
name: Build
runs-on: ubuntu-latest
needs: [test, lint]
strategy:
matrix:
goos: [linux, windows, darwin]
goarch: [amd64, arm64]
exclude:
- goos: windows
goarch: arm64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Download dependencies
run: go mod download
- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
run: |
VERSION=${GITHUB_REF#refs/tags/}
if [[ $VERSION == refs/heads/* ]]; then
VERSION=${GITHUB_SHA::7}
fi
BINARY_NAME=devour-${{ matrix.goos }}-${{ matrix.goarch }}
if [ "${{ matrix.goos }}" = "windows" ]; then
BINARY_NAME+=.exe
fi
mkdir -p dist
CGO_ENABLED=0 go build -ldflags "-s -w -X main.Version=$VERSION -X main.BuildTime=$(date -u '+%Y-%m-%d_%H:%M:%S')" -o dist/$BINARY_NAME ./cmd/devour
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: devour-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/
docker:
name: Docker Build
runs-on: ubuntu-latest
needs: [test, lint]
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.event_name == 'release')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: yourorg/devour
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
release:
name: Release
runs-on: ubuntu-latest
needs: [build]
if: github.event_name == 'release'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts/
- name: Create release assets
run: |
mkdir -p release-assets
cd artifacts
for dir in */; do
cd "$dir"
if [[ $dir == *windows* ]]; then
zip -r "../../release-assets/${dir%/}.zip" *
else
tar -czf "../../release-assets/${dir%/}.tar.gz" *
fi
cd ..
done
- name: Upload release assets
uses: softprops/action-gh-release@v2
with:
files: release-assets/*
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
.github/workflows/quality.yml
+86
View File
@@ -0,0 +1,86 @@
name: Code Quality
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
quality-check:
name: Quality Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.24'
- name: Run go vet
run: go vet ./...
- name: Run go fmt check
run: |
if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
echo "The following files are not formatted:"
gofmt -s -l .
exit 1
fi
- name: Run ineffassign
run: |
go install github.com/gordonklaus/ineffassign@latest
ineffassign ./...
- name: Run misspell
run: |
go install github.com/client9/misspell/cmd/misspell@latest
misspell -error .
- name: Run staticcheck
run: |
go install honnef.co/go/tools/cmd/staticcheck@latest
staticcheck ./...
- name: Check for TODO/FIXME comments
run: |
if grep -r "TODO\|FIXME" --include="*.go" .; then
echo "Found TODO/FIXME comments. Please address them or add to issue tracker."
exit 1
fi
- name: Run go mod tidy check
run: |
go mod tidy
if [[ -n $(git status --porcelain go.mod go.sum) ]]; then
echo "go.mod or go.sum is not tidy"
git diff go.mod go.sum
exit 1
fi
- name: Calculate code coverage
run: |
go test -coverprofile=coverage.out ./...
go tool cover -func=coverage.out | grep total | awk '{print $3}' | sed 's/%//' > coverage.txt
echo "Coverage: $(cat coverage.txt)%"
- name: Check coverage threshold
run: |
COVERAGE=$(cat coverage.txt)
THRESHOLD=80
if (( $(echo "$COVERAGE < $THRESHOLD" | bc -l) )); then
echo "Coverage $COVERAGE% is below threshold $THRESHOLD%"
exit 1
fi
echo "Coverage $COVERAGE% meets threshold $THRESHOLD%"
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}