chore: bootstrap repo scaffolding (M0.1)
Bootstraps §1.2 scaffolding (README, CONTRIBUTING, CODEOWNERS, CHANGELOG, PR + issue templates, LICENSE, CI workflow, release workflow, commitlint, cliff, .editorconfig, .gitignore, .env.example) and ships a proprietary all-rights-reserved LICENSE naming both founders. Refs: M0.1
This commit was merged in pull request #1.
This commit is contained in:
@@ -0,0 +1,98 @@
|
||||
# CI for Go services. Copy to .gitea/workflows/ci.yaml in the repo.
|
||||
name: ci
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches: [main]
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
shared:
|
||||
runs-on: docker
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with: { fetch-depth: 0 }
|
||||
|
||||
- name: commitlint (PR only)
|
||||
if: github.event_name == 'pull_request'
|
||||
uses: wagoid/commitlint-github-action@v6
|
||||
|
||||
- name: gitleaks
|
||||
uses: gitleaks/gitleaks-action@v2
|
||||
|
||||
- name: trivy fs scan
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
scan-type: fs
|
||||
severity: HIGH,CRITICAL
|
||||
exit-code: 1
|
||||
|
||||
test:
|
||||
runs-on: docker
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- uses: actions/setup-go@v5
|
||||
with: { go-version: '1.22' }
|
||||
|
||||
- name: cache
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: ~/go/pkg/mod
|
||||
key: go-${{ hashFiles('go.sum') }}
|
||||
|
||||
- name: fmt
|
||||
run: test -z "$(gofmt -l .)"
|
||||
|
||||
- name: vet
|
||||
run: go vet ./...
|
||||
|
||||
- name: lint
|
||||
uses: golangci/golangci-lint-action@v6
|
||||
with: { version: latest }
|
||||
|
||||
- name: test (with integration via testcontainers)
|
||||
run: go test -race -coverprofile=cover.out ./...
|
||||
|
||||
- name: coverage gate
|
||||
run: |
|
||||
go tool cover -func=cover.out | tail -1 | awk '{ if ($3+0 < 70.0) { print "coverage below 70%"; exit 1 } }'
|
||||
|
||||
- name: build
|
||||
run: go build ./...
|
||||
|
||||
image:
|
||||
needs: [shared, test]
|
||||
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
|
||||
runs-on: docker
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: login to registry
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: registry.yourplatform.com
|
||||
username: ${{ secrets.REGISTRY_USER }}
|
||||
password: ${{ secrets.REGISTRY_PASS }}
|
||||
|
||||
- name: build + push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
push: true
|
||||
tags: |
|
||||
registry.yourplatform.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
|
||||
registry.yourplatform.com/${{ github.event.repository.name }}:env-stage
|
||||
|
||||
- name: sbom
|
||||
uses: anchore/sbom-action@v0
|
||||
with:
|
||||
image: registry.yourplatform.com/${{ github.event.repository.name }}:sha-${{ github.sha }}
|
||||
|
||||
- name: orca deploy stage
|
||||
run: orca apply --env=stage --image-tag=sha-${{ github.sha }}
|
||||
env:
|
||||
ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }}
|
||||
|
||||
- name: e2e on stage
|
||||
run: orca exec --env=stage e2e-runner
|
||||
Reference in New Issue
Block a user