Skip to content

release: v3.1.0 — trap webhook, i18n actions, lint & coverage #67

release: v3.1.0 — trap webhook, i18n actions, lint & coverage

release: v3.1.0 — trap webhook, i18n actions, lint & coverage #67

Workflow file for this run

name: ci
on:
push:
branches: [ "main", "develop" ]
tags: [ "v*.*.*" ]
pull_request:
branches: [ "main", "develop" ]
workflow_dispatch:
permissions:
contents: write
security-events: write
pages: write
id-token: write
env:
REGISTRY: docker.io
IMAGE_NAME: snmp-olt-zte-c320
GO_VERSION: '1.26'
jobs:
# ========================
# Job 1: Lint, Test & Govulncheck
# ========================
test:
name: Lint, Test & Govulncheck
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: true
cache-dependency-path: go.sum
- name: Download Go modules
run: go mod download
- name: Run Linter
uses: golangci/golangci-lint-action@v7
with:
version: v2.11.4
args: --timeout=5m --verbose
- name: Run Govulncheck
run: |
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck ./...
- name: Run Unit Tests with Coverage
run: go test -v -race -coverprofile=coverage.out -count=1 ./...
- name: Upload Coverage Report to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.out
# ========================
# Job 2: Build & Push Docker Image
# ========================
build-and-push:
name: Build & Push Docker Image
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/v'))
permissions:
contents: read
packages: write
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix=
- name: Determine version
id: version
env:
GIT_REF: ${{ github.ref }}
GIT_SHA: ${{ github.sha }}
run: |
if [[ "${GIT_REF}" == refs/tags/v* ]]; then
echo "value=${GIT_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
else
echo "value=${GIT_SHA::7}" >> "$GITHUB_OUTPUT"
fi
- name: Capture build timestamp
id: buildtime
run: echo "value=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_OUTPUT"
- name: Build & Push Docker Image
id: build
uses: docker/build-push-action@v6
with:
context: .
target: prod
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
APP_VERSION=${{ steps.version.outputs.value }}
APP_COMMIT=${{ github.sha }}
APP_BUILD_TIME=${{ steps.buildtime.outputs.value }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan Image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ github.ref == 'refs/heads/develop' && 'develop' || 'latest' }}
format: 'sarif'
output: 'trivy-results.sarif'
ignore-unfixed: true
exit-code: 0
- name: Ensure trivy results file exists
run: |
if [ ! -f "trivy-results.sarif" ]; then
echo '{"version": "2.1.0","$schema": "https://json.schemastore.org/sarif-2.1.0.json","runs": []}' > trivy-results.sarif
fi
- name: Upload Vulnerability Report
uses: github/codeql-action/upload-sarif@v3
if: always() && hashFiles('trivy-results.sarif') != ''
with:
sarif_file: 'trivy-results.sarif'
# ========================
# Job 3: Publish Helm Chart to GitHub Pages
# ========================
helm-release:
name: Publish Helm Chart
runs-on: ubuntu-latest
needs: test
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm
uses: azure/setup-helm@v4
- name: Add Helm repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
- name: Run chart-releaser
uses: helm/chart-releaser-action@v1.7.0
with:
charts_dir: examples/helm
skip_existing: "true"
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"