From 095b115ae9fd7fa0cc49da39d93412d34e835f73 Mon Sep 17 00:00:00 2001 From: Andy Cobaugh Date: Fri, 1 Oct 2021 18:34:16 -0400 Subject: [PATCH] gh: add github workflows --- .github/workflows/go.yml | 98 ++++++++++++++++++++++++++++++++++ .github/workflows/release.yaml | 28 ++++++++++ 2 files changed, 126 insertions(+) create mode 100644 .github/workflows/go.yml create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml new file mode 100644 index 0000000..9f68ec0 --- /dev/null +++ b/.github/workflows/go.yml @@ -0,0 +1,98 @@ +name: Go + +on: + push: + branches: [ master ] + pull_request: + branches: [ master ] + +jobs: + + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.16.x + + - name: Build + run: go build -v ./... + + - name: Test + run: go test -v ./... + + golangci-lint: + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: golangci-lint + uses: golangci/golangci-lint-action@v2 + with: + # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version + version: latest + + trivy: + name: Trivy + runs-on: ubuntu-18.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'template' + template: '@/contrib/sarif.tpl' + output: 'trivy-results.sarif' + severity: 'HIGH,CRITICAL' + exit-code: 0 + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: 'trivy-results.sarif' + + - name: Run Trivy with human-readable output + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'table' + severity: 'HIGH,CRITICAL' + exit-code: 1 + + goreleaser: + needs: + - build + - golangci-lint + - trivy + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - + name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.16.x + - + name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + # either 'goreleaser' (default) or 'goreleaser-pro' + distribution: goreleaser + version: latest + args: build --snapshot --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Your GoReleaser Pro key, if you are using the 'goreleaser-pro' distribution + # GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..3a192ed --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,28 @@ +name: release + +on: + push: + tags: + - '*' + +jobs: + release: + name: release + runs-on: ubuntu-latest + steps: + + - name: Set up Go 1.x + uses: actions/setup-go@v2 + with: + go-version: 1.16.x + + - name: Check out code into the Go module directory + uses: actions/checkout@v2 + + - name: GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + version: latest + args: release --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file