Skip to content
This repository has been archived by the owner on Jun 22, 2024. It is now read-only.

Image Signing

Image Signing #65

Workflow file for this run

name: Test & Validate
on:
pull_request:
types: ['synchronize', 'opened']
branches:
- main
env:
GITHUB_TOKEN: ${{ github.token }}
MENDABLE_API_KEY: ${{secrets.MENDABLE_API_KEY}}
SLACK_SIGNING_SECRET: ${{secrets.SLACK_SIGNING_SECRET}}
SVU_VERSION: 1.11.0
concurrency:
group: test-${{ github.ref }}
cancel-in-progress: true
jobs:
run-ci:
runs-on: ubuntu-latest
defaults:
run:
shell: bash
if: ${{ !github.event.pull_request.draft }}
steps:
# If the condition above is not met, aka, the PR is not in draft status, then this step is skipped.
# Because this step is part of the critical path, omission of this step will result in remaining CI steps not gettinge executed.
# As of 8/8/2022 there is now way to enforce this beahvior in GitHub Actions CI.
- run: exit 0
linting:
needs: [run-ci]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: actions/setup-go@v4
with:
go-version: '1.21'
check-latest: true
- name: Lint Internal Package
uses: golangci/golangci-lint-action@v3
with:
args: --verbose --timeout 5m
test:
name: Test
needs: [run-ci,linting]
runs-on: ubuntu-latest
steps:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
check-latest: true
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3
- name: Go Tests
run: |
go test -race ./...
release-preview:
needs: [run-ci]
runs-on: ubuntu-latest
outputs:
VERSION: ${{ steps.tag.outputs.VERSION }}
PREV_VERSION: ${{ steps.tag.outputs.PREV_VERSION }}
SAME_VERSION: ${{ steps.tag.outputs.SAME_VERSION }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: get-tags
run: git fetch --force --tags
- name: Get svu
run: |
URL="https://github.com/caarlos0/svu/releases/download/v${SVU_VERSION}/svu_${SVU_VERSION}_linux_amd64.tar.gz"
wget --quiet $URL --output-document svu.tar.gz
tar -xzf svu.tar.gz
chmod +x svu
sudo mv svu /usr/local/bin/
- id: tag
run: |
VERSION=$(svu next --tag-mode all-branches)
PREV_VERSION=$(svu current --tag-mode all-branches)
if [ "$VERSION" = "$PREV_VERSION" ]; then
echo "no new version detected"
SAME_VERSION=true
echo "SAME_VERSION=true" >> $GITHUB_OUTPUT
else
echo "new version detected"
SAME_VERSION=false
echo "SAME_VERSION=false" >> $GITHUB_OUTPUT
# Check if the tag already exists before creating it
if git rev-parse "v$VERSION" >/dev/null 2>&1; then
echo "Tag v$VERSION already exists, skipping tag creation."
else
git tag "$VERSION"
git push --tags
fi
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
echo "PREV_VERSION=$PREV_VERSION" >> $GITHUB_OUTPUT
goreleaser:
needs: [release-preview]
runs-on: ubuntu-latest
env:
GORELEASER_CURRENT_TAG: ${{ needs.tag.outputs.VERSION }}
GORELEASER_PREVIOUS_TAG: ${{ needs.tag.outputs.PREV_VERSION }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- run: git fetch --force --tags
- uses: actions/setup-go@v4
with:
go-version: '1.21'
check-latest: true
- uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
args: release --clean --snapshot --skip-publish
version: latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
compile:
name: Compile validation
needs: [run-ci,linting]
runs-on: ubuntu-latest
steps:
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
check-latest: true
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v3
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v3
with:
args: -v
- name: build
run: |
go build -race -ldflags="-X 'spectrocloud.com/spectromate/cmd.VersionString=1.0.0'" -o=spectromate -v
Docker:
needs: [run-ci,linting,test,compile]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: '1.21'
check-latest: true
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
uses: docker/[email protected]
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ghcr.io/${{ github.repository }}:dev
build-args: |
VERSION=1.0.0