# CI for Go services. Copy to .gitea/workflows/ci.yaml in the repo. name: ci on: pull_request: branches: [main] push: branches: [main] jobs: shared: runs-on: docker steps: - uses: actions/checkout@v4 with: { fetch-depth: 0 } - name: commitlint (PR only) if: github.event_name == 'pull_request' uses: wagoid/commitlint-github-action@v6 - name: gitleaks uses: gitleaks/gitleaks-action@v2 - name: trivy fs scan uses: aquasecurity/trivy-action@master with: scan-type: fs severity: HIGH,CRITICAL exit-code: 1 test: runs-on: docker steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 with: { go-version: '1.22' } - name: cache uses: actions/cache@v4 with: path: ~/go/pkg/mod key: go-${{ hashFiles('go.sum') }} - name: fmt run: test -z "$(gofmt -l .)" - name: vet run: go vet ./... - name: lint uses: golangci/golangci-lint-action@v6 with: { version: latest } - name: test (with integration via testcontainers) run: go test -race -coverprofile=cover.out ./... - name: coverage gate run: | go tool cover -func=cover.out | tail -1 | awk '{ if ($3+0 < 70.0) { print "coverage below 70%"; exit 1 } }' - name: build run: go build ./... image: needs: [shared, test] if: github.event_name == 'push' && github.ref == 'refs/heads/main' runs-on: docker steps: - uses: actions/checkout@v4 - name: login to registry uses: docker/login-action@v3 with: registry: registry.yourplatform.com username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_PASS }} - name: build + push uses: docker/build-push-action@v6 with: push: true tags: | registry.yourplatform.com/${{ github.event.repository.name }}:sha-${{ github.sha }} registry.yourplatform.com/${{ github.event.repository.name }}:env-stage - name: sbom uses: anchore/sbom-action@v0 with: image: registry.yourplatform.com/${{ github.event.repository.name }}:sha-${{ github.sha }} - name: orca deploy stage run: orca apply --env=stage --image-tag=sha-${{ github.sha }} env: ORCA_TOKEN: ${{ secrets.ORCA_STAGE_TOKEN }} - name: e2e on stage run: orca exec --env=stage e2e-runner