mirror of
https://github.com/Dvorinka/Devour.git
synced 2026-06-03 20:13:03 +00:00
Tomas Dvorak
112 lines
2.7 KiB
Markdown
112 lines
2.7 KiB
Markdown
# GitHub Actions Workflows
|
|
|
|
This directory contains the CI/CD workflows for the Devour project.
|
|
|
|
## Workflows
|
|
|
|
### 1. CI/CD Pipeline (`ci.yml`)
|
|
|
|
**Triggers:**
|
|
- Push to `main` or `develop` branches
|
|
- Pull requests to `main` or `develop` branches
|
|
- Release publications
|
|
|
|
**Jobs:**
|
|
- **Test**: Runs unit tests with race detection and uploads coverage to Codecov
|
|
- **Lint**: Runs golangci-lint for code quality checks
|
|
- **Security**: Scans for security vulnerabilities using Gosec
|
|
- **Build**: Builds cross-platform binaries (Linux, Windows, macOS) for amd64/arm64
|
|
- **Docker**: Builds and pushes Docker images to Docker Hub
|
|
- **Release**: Creates GitHub releases with compiled binaries
|
|
|
|
### 2. Code Quality (`quality.yml`)
|
|
|
|
**Triggers:**
|
|
- Push to `main` or `develop` branches
|
|
- Pull requests to `main` or `develop` branches
|
|
|
|
**Checks:**
|
|
- `go vet` for potential issues
|
|
- Code formatting with `gofmt`
|
|
- Inefficient assignments with `ineffassign`
|
|
- Spelling errors with `misspell`
|
|
- Static analysis with `staticcheck`
|
|
- TODO/FIXME comment detection
|
|
- `go mod tidy` validation
|
|
- Code coverage threshold (minimum 80%)
|
|
- SonarCloud analysis (optional)
|
|
|
|
### 3. Dependabot (`dependabot.yml`)
|
|
|
|
**Features:**
|
|
- Weekly dependency updates for Go modules
|
|
- Weekly GitHub Actions updates
|
|
- Automatic pull requests with dependency updates
|
|
|
|
## Required Secrets
|
|
|
|
To enable all features, add these secrets to your GitHub repository:
|
|
|
|
### Docker Hub Integration
|
|
- `DOCKER_USERNAME`: Your Docker Hub username
|
|
- `DOCKER_PASSWORD`: Your Docker Hub password or access token
|
|
|
|
### SonarCloud Integration (Optional)
|
|
- `SONAR_TOKEN`: Your SonarCloud project token
|
|
|
|
## Environment Variables
|
|
|
|
- `GO_VERSION`: Set to '1.24' (can be updated in workflows)
|
|
|
|
## Build Artifacts
|
|
|
|
### Binaries
|
|
The CI pipeline builds binaries for:
|
|
- Linux (amd64, arm64)
|
|
- Windows (amd64)
|
|
- macOS (amd64, arm64)
|
|
|
|
### Docker Images
|
|
- Multi-platform images (linux/amd64, linux/arm64)
|
|
- Tags: branch name, PR number, semantic version tags
|
|
|
|
## Coverage Reports
|
|
|
|
- Test coverage is uploaded to Codecov
|
|
- Minimum coverage threshold: 80%
|
|
- Coverage reports are generated for each test run
|
|
|
|
## Security Scanning
|
|
|
|
- Gosec security scanner runs on every push/PR
|
|
- SARIF results are uploaded to GitHub Security tab
|
|
- Dependencies are automatically updated by Dependabot
|
|
|
|
## Local Development
|
|
|
|
To run the same checks locally:
|
|
|
|
```bash
|
|
# Run tests with coverage
|
|
make test-coverage
|
|
|
|
# Run linting
|
|
make lint
|
|
|
|
# Format code
|
|
make fmt
|
|
|
|
# Build for production
|
|
make build-prod
|
|
|
|
# Build Docker image
|
|
make docker
|
|
```
|
|
|
|
## Release Process
|
|
|
|
1. Create a new tag: `git tag v1.0.0`
|
|
2. Push the tag: `git push origin v1.0.0`
|
|
3. Create a GitHub release (or let the workflow create it automatically)
|
|
4. Binaries and Docker images will be built and published automatically
|