Merge pull request #105 from algorandfoundation/image_workflow #225
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
env: | |
commit_msg: "" | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: {} | |
# Inputs are available under: github.event.inputs.{name} | |
# inputs: | |
# name: | |
# description: 'Variable description' | |
# required: true | |
# default: 'default value here' | |
# https://docs.github.com/en/actions/reference/events-that-trigger-workflows#workflow_dispatch | |
jobs: | |
# Scan direct Go dependencies for known vulnerabilities | |
scan: | |
name: scan for vulnerabilities | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# List direct dependencies | |
- name: List dependencies | |
run: go list -mod=readonly -f '{{if not .Indirect}}{{.}}{{end}}' -m all > go.list | |
# Scan dependencies using Nancy | |
# Can be excluded if the commit message contains: [scan-deps skip] | |
# https://github.com/sonatype-nexus-community/nancy-github-action | |
- name: Scan dependencies | |
id: scan-deps | |
if: ${{ !contains(env.commit_msg, '[scan-deps skip]') }} | |
uses: sonatype-nexus-community/[email protected] | |
# Validate the protocol buffer definitions on the project | |
# using 'buf'. Remove if not required. | |
protos: | |
name: validate protobuf definitions | |
needs: scan | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# Setup buf | |
- name: Setup buf | |
id: buf-setup | |
uses: bufbuild/[email protected] | |
with: | |
version: 1.29.0 | |
github_token: ${{ github.token }} | |
# Static analysis | |
- name: Static analysis | |
id: buf-lint | |
uses: bufbuild/[email protected] | |
if: ${{ steps.buf-setup.outcome == 'success' }} | |
# Detect breaking changes | |
- name: Detect breaking changes | |
id: buf-breaking | |
uses: bufbuild/[email protected] | |
if: steps.buf-lint.outcome == 'success' && !contains(env.commit_msg, '[buf-breaking skip]') | |
with: | |
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.repository.default_branch }}" | |
env: | |
BUF_INPUT_HTTPS_USERNAME: ${{ github.actor }} | |
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.ACCESS_TOKEN }} | |
# Runs on every push and pull request on the selected branches. | |
# Can also be executed manually. | |
test: | |
name: code quality and correctness | |
needs: protos | |
strategy: | |
matrix: | |
os: [ubuntu-latest] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 15 | |
steps: | |
# Checkout code | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
# Configure runner environment | |
- name: Set up runner environment | |
run: ./.github/workflows/assets/utils.sh setup | |
env: | |
GITHUB_USER: ${{ github.actor }} | |
ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
# Go | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: 1.21.x | |
# Get commit message | |
- name: Get commit message | |
run: | | |
echo 'commit_msg<<EOF' >> $GITHUB_ENV | |
git log --format=%B -n 1 ${{ github.sha }} >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
# Style consistency and static analysis using 'golangci-lint' | |
# https://github.com/marketplace/actions/run-golangci-lint | |
- name: Static analysis | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
version: v1.54.2 | |
# Run algokit localnet for tests | |
- name: Algokit localnet | |
run: pipx install algokit && algokit localnet start | |
# Run unit tests | |
- name: Test | |
run: make test | |
# Ensure project compile and build successfully | |
- name: Build | |
run: make build-for os=linux arch=amd64 | |
# Save artifacts | |
- name: Save artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: assets | |
path: | | |
coverage.html |