tenant-registry/.gitea/workflows/ci.yaml at 48528383471693222154870b4d0c0343858eb794

platform/tenant-registry

Fork 0

Files

T

sharang 4852838347

ci / shared (pull_request) Successful in 5s

Details

ci / test (pull_request) Failing after 1m0s

Details

ci / image (pull_request) Has been skipped

Details

ci(tenant-registry): use -coverpkg so server tests count store coverage

The store package has no test files of its own (its API is exercised
end-to-end through the server's eachStore harness against both Memory
and Postgres). Without -coverpkg, store/* shows 0% and drags the
total below the 70% gate even though every store method is run.

-coverpkg=./internal/... routes the instrumentation from server tests
into store + config + server alike.

Refs: M4.2

2026-05-19 12:48:05 +02:00

122 lines

4.0 KiB

YAML

Raw Blame History

 # CI for Go services on Gitea Actions.
 # `shared` always runs; `test` and `image` activate when go.sum lands.
 name: ci
 on:
   pull_request:
     branches: [main]
   push:
     branches: [main]
 jobs:
   shared:
     runs-on: docker
     steps:
       - uses: actions/checkout@v4
         with: { fetch-depth: 0 }
       - name: commitlint (PR only)
         if: github.event_name == 'pull_request'
         shell: bash
         env:
           BASE_SHA: ${{ github.event.pull_request.base.sha }}
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
         run: |
           set -euo pipefail
           pattern='^(feat|fix|docs|chore|refactor|test|perf|build|ci|revert)(\([a-z0-9_/.-]+\))?!?: .{1,72}$'
           bad=0
           while IFS= read -r subject; do
             if ! [[ "$subject" =~ $pattern ]]; then
               echo "::error::Commit subject does not match Conventional Commits: $subject"
               bad=$((bad+1))
             fi
           done < <(git log --format=%s "${BASE_SHA}..${HEAD_SHA}")
           if [ "$bad" -gt 0 ]; then
             echo "::error::$bad commit(s) failed commitlint."
             exit 1
           fi
           echo "commitlint: OK"
       - name: gitleaks
         shell: bash
         run: |
           set -euo pipefail
           GL_VERSION=8.18.4
           curl -fsSL "https://github.com/gitleaks/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz" \
             | tar -xz -C /tmp gitleaks
           /tmp/gitleaks detect --source . --no-banner --redact --verbose --exit-code 1
       - name: trivy fs scan
         shell: bash
         run: |
           set -euo pipefail
           TRIVY_VERSION=0.70.0
           curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
             | tar -xz -C /tmp trivy
           /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist .
   test:
     runs-on: docker
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with: { go-version: '1.24' }
       - name: fmt
         run: test -z "$(gofmt -l .)"
       - name: vet
         run: go vet ./...
       - name: lint
         uses: golangci/golangci-lint-action@v7
         # Pin to a version built on Go 1.25 — the runner's bundled tool
         # is Go 1.24 and refuses to lint a 1.25 module.
         with: { version: v2.12.2 }
       - name: test
         # Coverage scoped to ./internal/... — cmd/server is the entrypoint
         # with signal-handling + bind that isn't worth unit-testing.
         # -coverpkg lets the server tests count their exercise of store/* —
         # store has no test files because every method is exercised end-to-end
         # via the server's eachStore harness against both Memory and Postgres.
         run: go test -race -coverpkg=./internal/... -coverprofile=cover.out ./internal/...
       - name: coverage gate
         run: |
           go tool cover -func=cover.out | tail -1 | awk '{ if ($3+0 < 70.0) { print "coverage below 70%"; exit 1 } }'
       - name: build
         run: go build ./...
   image:
     needs: [shared, test]
     if: github.event_name == 'push' && github.ref == 'refs/heads/main' && hashFiles('Dockerfile') != ''
     runs-on: docker
     steps:
       - uses: actions/checkout@v4
       - uses: docker/login-action@v3
         with:
           registry: registry.breakpilot.com
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASS }}
       - uses: docker/build-push-action@v6
         with:
           push: true
           tags: |
             registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
             registry.breakpilot.com/${{ github.event.repository.name }}:env-stage
       - uses: anchore/sbom-action@v0
         with:
           image: registry.breakpilot.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
       - name: orca deploy stage
         run: orca apply --env=stage --image-tag=sha-${{ github.sha }}
         env:
           ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }}

122 lines 4.0 KiB YAML Raw Blame History

122 lines

4.0 KiB

YAML

Raw Blame History