Tanishq Dubey
e52dd17a41
Some checks failed
CI/CD Pipeline / Security Scan (push) Failing after 17s
CI/CD Pipeline / Lint (push) Failing after 10m32s
CI/CD Pipeline / Test (push) Successful in 21m16s
CI/CD Pipeline / Build (arm64, darwin) (push) Failing after 9m44s
CI/CD Pipeline / Build (amd64, linux) (push) Failing after 10m14s
CI/CD Pipeline / Build (amd64, darwin) (push) Failing after 10m19s
CI/CD Pipeline / Build (amd64, windows) (push) Failing after 10m18s
CI/CD Pipeline / Build (arm64, linux) (push) Failing after 9m33s
CI/CD Pipeline / Release (push) Has been skipped
183 lines
4.3 KiB
YAML
183 lines
4.3 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
|
|
jobs:
|
|
test:
|
|
name: Test
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24.2'
|
|
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Download dependencies
|
|
run: go mod download
|
|
|
|
- name: Verify dependencies
|
|
run: go mod verify
|
|
|
|
- name: Run tests
|
|
run: go test -v -race -coverprofile=coverage.out ./...
|
|
|
|
- name: Upload coverage to Codecov
|
|
uses: codecov/codecov-action@v5
|
|
with:
|
|
file: ./coverage.out
|
|
flags: unittests
|
|
name: codecov-umbrella
|
|
|
|
build:
|
|
name: Build
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
|
|
strategy:
|
|
matrix:
|
|
goos: [linux, windows, darwin]
|
|
goarch: [amd64, arm64]
|
|
exclude:
|
|
- goos: windows
|
|
goarch: arm64
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24.2'
|
|
|
|
- name: Cache Go modules
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-
|
|
|
|
- name: Download dependencies
|
|
run: go mod download
|
|
|
|
- name: Build binaries
|
|
env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
run: |
|
|
mkdir -p bin/${{ matrix.goos }}-${{ matrix.goarch }}
|
|
|
|
# Build CLI
|
|
go build -ldflags="-s -w" -o bin/${{ matrix.goos }}-${{ matrix.goarch }}/onx${{ matrix.goos == 'windows' && '.exe' || '' }} ./cmd/onx
|
|
|
|
# Build daemon
|
|
go build -ldflags="-s -w" -o bin/${{ matrix.goos }}-${{ matrix.goarch }}/onxd${{ matrix.goos == 'windows' && '.exe' || '' }} ./cmd/onxd
|
|
|
|
- name: Upload build artifacts
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: onyx-${{ matrix.goos }}-${{ matrix.goarch }}
|
|
path: bin/${{ matrix.goos }}-${{ matrix.goarch }}/
|
|
|
|
security:
|
|
name: Security Scan
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24.2'
|
|
|
|
- name: Run Gosec Security Scanner
|
|
uses: securecodewarrior/github-action-gosec@master
|
|
with:
|
|
args: './...'
|
|
|
|
- name: Run SAST with Gosec
|
|
run: |
|
|
go install github.com/securecodewarrior/gosec/v2/cmd/gosec@latest
|
|
gosec -fmt sarif -out gosec.sarif ./...
|
|
|
|
- name: Upload SARIF file
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: gosec.sarif
|
|
|
|
lint:
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.24.2'
|
|
|
|
- name: Run golangci-lint
|
|
uses: golangci/golangci-lint-action@v6
|
|
with:
|
|
version: latest
|
|
args: --timeout=5m
|
|
|
|
release:
|
|
name: Release
|
|
runs-on: ubuntu-latest
|
|
needs: [test, build, security, lint]
|
|
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: artifacts/
|
|
|
|
- name: Create release
|
|
uses: actions/create-release@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tag_name: v${{ github.run_number }}
|
|
release_name: Release v${{ github.run_number }}
|
|
draft: false
|
|
prerelease: false
|
|
|
|
- name: Upload release assets
|
|
uses: actions/upload-release-asset@v1
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
upload_url: ${{ steps.create_release.outputs.upload_url }}
|
|
asset_path: artifacts/
|
|
asset_name: onyx-binaries.zip
|
|
asset_content_type: application/zip |