From 9e6c1f041701434981801ea8de1ca0694b7875e0 Mon Sep 17 00:00:00 2001 From: Winni Neessen Date: Sat, 26 Oct 2024 15:33:05 +0200 Subject: [PATCH] Consolidate CI workflows into a single file Merged separate workflows for Codecov, dependency-review, golangci-lint, govulncheck, offline-tests, reuse compliance, and SonarQube into a unified CI workflow file in `.github/workflows/ci.yml`. This restructuring simplifies our CI setup and ensures more consistent and efficient pipeline management. --- .github/workflows/ci.yml | 197 ++++++++++++++++++++++++ .github/workflows/codecov.yml | 67 -------- .github/workflows/dependency-review.yml | 31 ---- .github/workflows/golangci-lint.yml | 54 ------- .github/workflows/govulncheck.yml | 21 --- .github/workflows/offline-tests.yml | 45 ------ .github/workflows/reuse.yml | 23 --- .github/workflows/sonarqube.yml | 56 ------- 8 files changed, 197 insertions(+), 297 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/codecov.yml delete mode 100644 .github/workflows/dependency-review.yml delete mode 100644 .github/workflows/golangci-lint.yml delete mode 100644 .github/workflows/govulncheck.yml delete mode 100644 .github/workflows/offline-tests.yml delete mode 100644 .github/workflows/reuse.yml delete mode 100644 .github/workflows/sonarqube.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..80b612d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,197 @@ +name: CI + +permissions: + contents: read + +on: + push: + branches: + - main + paths: + - '**.go' + - 'go.*' + - '.github/workflows/ci.yml' + - 'codecov.yml' + pull_request: + branches: + - main + paths: + - '**.go' + - 'go.*' + - '.github/workflows/codecov.yml' + - 'codecov.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + +jobs: + codecov: + name: Test with Codecov coverage (${{ matrix.os }} / ${{ matrix.go }}) + runs-on: ${{ matrix.os }} + concurrency: + group: ci-codecov + cancel-in-progress: true + strategy: + matrix: + os: [ubuntu-latest] + go: ['1.23'] + env: + PERFORM_ONLINE_TEST: ${{ vars.PERFORM_ONLINE_TEST }} + TEST_HOST: ${{ secrets.TEST_HOST }} + TEST_USER: ${{ secrets.TEST_USER }} + TEST_PASS: ${{ secrets.TEST_PASS }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Checkout Code + uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - name: Setup go + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + with: + go-version: ${{ matrix.go }} + check-latest: true + - name: Install sendmail + run: | + sudo apt-get -y install sendmail; which sendmail + - name: Run go test + run: | + go test -race -shuffle=on --coverprofile=coverage.coverprofile --covermode=atomic ./... + - name: Upload coverage to Codecov + if: success() + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + with: + token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos + lint: + name: golangci-lint (${{ matrix.go }}) + concurrency: + group: ci-lint + cancel-in-progress: true + strategy: + matrix: + go: ['1.23'] + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Setup go + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + with: + go-version: ${{ matrix.go }} + check-latest: true + - name: golangci-lint + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 + with: + version: latest + dependency-review: + name: Dependency review + concurrency: + group: ci-dependency-review + cancel-in-progress: true + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Checkout Code + uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - name: 'Dependency Review' + uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 + govulncheck: + name: Go vulnerabilities check + concurrency: + group: ci-govulncheck + cancel-in-progress: true + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Run govulncheck + uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 + test: + name: Test (${{ matrix.os }} / ${{ matrix.go }}) + runs-on: ${{ matrix.os }} + concurrency: + group: ci-test + cancel-in-progress: true + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + go: ['1.19', '1.20', '1.21', '1.22', '1.23'] + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Checkout Code + uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - name: Setup go + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + with: + go-version: ${{ matrix.go }} + - name: Run go test + run: | + go test -race -shuffle=on ./... + reuse: + name: REUSE Compliance Check + runs-on: ubuntu-latest + concurrency: + group: ci-reuse + cancel-in-progress: true + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Checkout Code + uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - name: REUSE Compliance Check + uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0 + sonarqube: + name: Test with SonarQube review (${{ matrix.os }} / ${{ matrix.go }}) + runs-on: ${{ matrix.os }} + concurrency: + group: ci-codecov + cancel-in-progress: true + strategy: + matrix: + os: [ubuntu-latest] + go: ['1.23'] + env: + PERFORM_ONLINE_TEST: ${{ vars.PERFORM_ONLINE_TEST }} + TEST_HOST: ${{ secrets.TEST_HOST }} + TEST_USER: ${{ secrets.TEST_USER }} + TEST_PASS: ${{ secrets.TEST_PASS }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + with: + egress-policy: audit + - name: Checkout Code + uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master + - name: Setup go + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + with: + go-version: ${{ matrix.go }} + check-latest: true + - name: Install sendmail + run: | + sudo apt-get -y install sendmail; which sendmail + - name: Run go test + run: | + go test -shuffle=on -race --coverprofile=./cov.out ./... + - name: SonarQube scan + uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # master + if: success() + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + - name: SonarQube quality gate + uses: sonarsource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3028f89193576e958b9 # master + timeout-minutes: 5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} \ No newline at end of file diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml deleted file mode 100644 index b9661f8..0000000 --- a/.github/workflows/codecov.yml +++ /dev/null @@ -1,67 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: Codecov workflow -on: - push: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/codecov.yml' - - 'codecov.yml' - pull_request: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/codecov.yml' - - 'codecov.yml' -env: - TEST_HOST: ${{ secrets.TEST_HOST }} - TEST_FROM: ${{ secrets.TEST_USER }} - TEST_ALLOW_SEND: "1" - TEST_SMTPAUTH_USER: ${{ secrets.TEST_USER }} - TEST_SMTPAUTH_PASS: ${{ secrets.TEST_PASS }} - TEST_SMTPAUTH_TYPE: "LOGIN" - TEST_ONLINE_SCRAM: "1" - TEST_HOST_SCRAM: ${{ secrets.TEST_HOST_SCRAM }} - TEST_USER_SCRAM: ${{ secrets.TEST_USER_SCRAM }} - TEST_PASS_SCRAM: ${{ secrets.TEST_PASS_SCRAM }} -permissions: - contents: read - -jobs: - run: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - go: ['1.23'] - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - name: Checkout Code - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master - - name: Setup go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 - with: - go-version: ${{ matrix.go }} - - name: Install sendmail - if: matrix.go == '1.23' && matrix.os == 'ubuntu-latest' - run: | - sudo apt-get -y install sendmail; which sendmail - - name: Run Tests - run: | - go test -race --coverprofile=coverage.coverprofile --covermode=atomic ./... - - name: Upload coverage to Codecov - if: success() && matrix.go == '1.23' && matrix.os == 'ubuntu-latest' - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 - with: - token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml deleted file mode 100644 index 56b5c10..0000000 --- a/.github/workflows/dependency-review.yml +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-FileCopyrightText: 2022-2023 The go-mail Authors -# -# SPDX-License-Identifier: CC0-1.0 - -# Dependency Review Action -# -# This Action will scan dependency manifest files that change as part of a Pull Request, -# surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. -# -# Source repository: https://github.com/actions/dependency-review-action -name: 'Dependency Review' -on: [pull_request] - -permissions: - contents: read - -jobs: - dependency-review: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - name: 'Checkout Repository' - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: 'Dependency Review' - uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5 diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml deleted file mode 100644 index 7313e04..0000000 --- a/.github/workflows/golangci-lint.yml +++ /dev/null @@ -1,54 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: golangci-lint -on: - push: - tags: - - v* - branches: - - main - pull_request: -permissions: - contents: read - # Optional: allow read access to pull request. Use with `only-new-issues` option. - # pull-requests: read -jobs: - golangci: - name: lint - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 - with: - go-version: '1.23' - - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - - name: golangci-lint - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 - with: - # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version - version: latest - - # Optional: working directory, useful for monorepos - # working-directory: somedir - - # Optional: golangci-lint command line arguments. - # args: --issues-exit-code=0 - - # Optional: show only new issues if it's a pull request. The default value is `false`. - # only-new-issues: true - - # Optional: if set to true then the all caching functionality will be complete disabled, - # takes precedence over all other caching options. - # skip-cache: true - - # Optional: if set to true then the action don't cache or restore ~/go/pkg. - # skip-pkg-cache: true - - # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. - # skip-build-cache: true diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml deleted file mode 100644 index 9d5cdfb..0000000 --- a/.github/workflows/govulncheck.yml +++ /dev/null @@ -1,21 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: Govulncheck Security Scan - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - name: Run govulncheck - uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 \ No newline at end of file diff --git a/.github/workflows/offline-tests.yml b/.github/workflows/offline-tests.yml deleted file mode 100644 index 22cddd7..0000000 --- a/.github/workflows/offline-tests.yml +++ /dev/null @@ -1,45 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: Offline tests workflow -on: - push: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/offline-tests.yml' - pull_request: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/offline-tests.yml' -permissions: - contents: read - -jobs: - run: - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - go: ['1.19', '1.20', '1.21', '1.22', '1.23'] - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - name: Checkout Code - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master - - name: Setup go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 - with: - go-version: ${{ matrix.go }} - - name: Run Tests - run: | - go test -race -shuffle=on ./... \ No newline at end of file diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml deleted file mode 100644 index 04fd414..0000000 --- a/.github/workflows/reuse.yml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: REUSE Compliance Check - -on: [push, pull_request] - -permissions: - contents: read - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - - name: REUSE Compliance Check - uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0 diff --git a/.github/workflows/sonarqube.yml b/.github/workflows/sonarqube.yml deleted file mode 100644 index d260ef7..0000000 --- a/.github/workflows/sonarqube.yml +++ /dev/null @@ -1,56 +0,0 @@ -# SPDX-FileCopyrightText: 2022 Winni Neessen -# -# SPDX-License-Identifier: CC0-1.0 - -name: SonarQube - -permissions: - contents: read - -on: - push: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/sonarqube.yml' - pull_request: - branches: - - main - paths: - - '**.go' - - 'go.*' - - '.github/workflows/sonarqube.yml' -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 - with: - egress-policy: audit - - - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 - with: - fetch-depth: 0 - - - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 - with: - go-version: '1.23' - - - name: Run unit Tests - run: | - go test -shuffle=on -race --coverprofile=./cov.out ./... - - - uses: sonarsource/sonarqube-scan-action@884b79409bbd464b2a59edc326a4b77dc56b2195 # master - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} - - - uses: sonarsource/sonarqube-quality-gate-action@dc2f7b0dd95544cd550de3028f89193576e958b9 # master - timeout-minutes: 5 - env: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}