clean: faster github actions

radiofrance · Mar 26, 2024 · 1c23c62 · 1c23c62
1 parent 6d015fa
commit 1c23c62
Show file tree

Hide file tree

Showing 7 changed files with 49 additions and 80 deletions.
diff --git a/.github/workflows/publish.docs.yml → .github/workflows/docs.yml b/.github/workflows/publish.docs.yml → .github/workflows/docs.yml
@@ -1,5 +1,5 @@
 ---
-name: Publish (docs)
+name: Publish docs
 on: # yamllint disable-line rule:truthy
   workflow_dispatch:
   push:
@@ -10,21 +10,15 @@ permissions:
   contents: read
 
 jobs:
-  publish:
+  publish-docs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - name: Setup Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          # renovate: datasource=golang-version
-          go-version: 1.21.0
-          cache-dependency-path: |
-            **/go.sum
-            **/go.mod
+          go-version-file: "go.mod"
       - name: Generate cmd docs
         run: make docs
       - name: Run mkdocs

diff --git a/.github/workflows/lint.golang.yml b/.github/workflows/lint.golang.yml
diff --git a/.github/workflows/test.golang.yml → .github/workflows/qa.yml b/.github/workflows/test.golang.yml → .github/workflows/qa.yml
@@ -1,48 +1,58 @@
 ---
-name: Test (Golang)
+name: QA
 on: # yamllint disable-line rule:truthy
   pull_request:
     types: [opened, synchronize]
     paths:
-      - .github/workflows/test.golang.yml
-      - go.*
-      - cmd/**
-      - pkg/**
+      - ".github/workflows/qa.yml"
+      - "go.*"
+      - "**.go"
   push:
     branches: [main]
 
+permissions:
+  contents: read
+  pull-requests: read
+
 jobs:
-  go-test:
-    name: Golang test
+  lint:
+    name: Run linters
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          # renovate: datasource=golang-version
-          go-version: "1.21.0"
-          check-latest: true
+          go-version-file: "go.mod"
+      - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        with:
+          # renovate: datasource=github-releases depName=golangci/golangci-lint
+          version: v1.57.1
+
+  tests:
+    name: Run tests
+    runs-on: ubuntu-latest
+    steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        with:
+          go-version-file: "go.mod"
       - uses: tlylt/install-graphviz@b2201200d85f06f0189cb74d9b69208504cf12cd # v1.0.0
-
-      - name: Run golang tests
-        run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./...
-      - name: Archive code coverage results
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      - run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./...
+      - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
-          name: golang-coverage-report
+          name: coverage-results
           path: coverage.out
           retention-days: 1
 
   codecov:
-    name: Codecov
+    name: Upload coverage to Codecov
+    needs: [tests]
     runs-on: ubuntu-latest
-    needs: [go-test]
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
         with:
-          name: golang-coverage-report
-
+          name: coverage-results
       - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

diff --git a/.github/workflows/release.goreleaser.yml → .github/workflows/release.yml b/.github/workflows/release.goreleaser.yml → .github/workflows/release.yml
@@ -1,5 +1,5 @@
 ---
-name: Release (Goreleaser)
+name: Release
 on: # yamllint disable-line rule:truthy
   push:
     tags: [v*]
@@ -8,17 +8,13 @@ jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
-      - name: Set up Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
-          # renovate: datasource=golang-version
-          go-version: "1.21.0"
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
+          go-version-file: "go.mod"
+      - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
           distribution: goreleaser
           # renovate: datasource=github-tags depName=goreleaser/goreleaser

diff --git a/.github/workflows/lint.github-action.yml → .github/workflows/security.yml b/.github/workflows/lint.github-action.yml → .github/workflows/security.yml
@@ -1,23 +1,21 @@
 ---
-name: Lint (Github Actions workflows)
+name: Actions security
 on: # yamllint disable-line rule:truthy
   pull_request:
     types: [opened, synchronize]
     paths: [.github/workflows/**]
 
 jobs:
-  # CI harden security tries to keep your github actions secure by following these simple rules:
-  # - Check if no issues are found on your Github Action
-  # - Ensure that all action and reusable workflow are pinned using directly a commit SHA
-  ci_harden_security:
-    name: Github Action security hardening
+  # Actions security tries to keep your GitHub actions secure by following these simple rules:
+  # - Check if no issues are found on your GitHub Actions
+  # - Ensure that all GitHub Actions and reusable workflow are pinned using directly a commit SHA
+  actions_security:
     runs-on: ubuntu-latest
     permissions:
       security-events: write
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Lint your Github Actions
+      - name: Github Actions lint
         run: |
           curl -O https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json
           echo "::add-matcher::.github/actionlint-matcher.json"

diff --git a/.github/workflows/lint.yaml.yml → .github/workflows/yaml.yml b/.github/workflows/lint.yaml.yml → .github/workflows/yaml.yml
@@ -1,17 +1,15 @@
 ---
-name: Lint (YAML)
+name: YAML lint
 on: # yamllint disable-line rule:truthy
   pull_request:
     types: [opened, synchronize]
     paths: ["**.ya?ml"]
 
 jobs:
-  yamllint:
-    name: YAML lint
+  lintyaml:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
       - uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # tag=v3.1.1
         with:
           format: github
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@ DIB: Docker Image Builder
 =========================
 
 ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/radiofrance/dib?sort=semver)
-![CI Status](https://img.shields.io/github/actions/workflow/status/radiofrance/dib/ci.yml?label=CI&logo=github-actions&logoColor=fff)
+![CI Status](https://img.shields.io/github/actions/workflow/status/radiofrance/dib/qa.yml?label=QA&logo=github-actions&logoColor=fff)
 [![codecov](https://codecov.io/gh/radiofrance/dib/branch/main/graph/badge.svg)](https://codecov.io/gh/radiofrance/dib)
 [![Go Report Card](https://goreportcard.com/badge/github.com/radiofrance/dib)](https://goreportcard.com/report/github.com/radiofrance/dib)