diff --git a/.github/workflows/publish.docs.yml b/.github/workflows/docs.yml similarity index 62% rename from .github/workflows/publish.docs.yml rename to .github/workflows/docs.yml index 9100e821..6ca5285b 100644 --- a/.github/workflows/publish.docs.yml +++ b/.github/workflows/docs.yml @@ -1,5 +1,5 @@ --- -name: Publish (docs) +name: Publish docs on: # yamllint disable-line rule:truthy workflow_dispatch: push: @@ -10,21 +10,15 @@ permissions: contents: read jobs: - publish: + publish-docs: runs-on: ubuntu-latest permissions: contents: write steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - # renovate: datasource=golang-version - go-version: 1.21.0 - cache-dependency-path: | - **/go.sum - **/go.mod + go-version-file: "go.mod" - name: Generate cmd docs run: make docs - name: Run mkdocs diff --git a/.github/workflows/lint.golang.yml b/.github/workflows/lint.golang.yml deleted file mode 100644 index bf398d80..00000000 --- a/.github/workflows/lint.golang.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -name: Lint (Golang) -on: # yamllint disable-line rule:truthy - pull_request: - types: [opened, synchronize] - paths: - - .github/workflows/lint.golang.yml - - go.* - - cmd/** - - pkg/** - -jobs: - golangci-lint: - name: Golang CI lint - runs-on: ubuntu-latest - steps: - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - # renovate: datasource=golang-version - go-version: "1.21.0" - check-latest: true - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 - with: - # renovate: datasource=github-releases depName=golangci/golangci-lint - version: v1.56.2 diff --git a/.github/workflows/test.golang.yml b/.github/workflows/qa.yml similarity index 50% rename from .github/workflows/test.golang.yml rename to .github/workflows/qa.yml index 7b2635c5..045a022e 100644 --- a/.github/workflows/test.golang.yml +++ b/.github/workflows/qa.yml @@ -1,48 +1,60 @@ --- -name: Test (Golang) +name: QA on: # yamllint disable-line rule:truthy pull_request: types: [opened, synchronize] paths: - - .github/workflows/test.golang.yml - - go.* - - cmd/** - - pkg/** + - ".github/workflows/qa.yml" + - "go.*" + - "**.go" push: branches: [main] +permissions: + contents: read + pull-requests: read + checks: write + jobs: - go-test: - name: Golang test + lint: + name: Run linters runs-on: ubuntu-latest steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - # renovate: datasource=golang-version - go-version: "1.21.0" - check-latest: true + go-version-file: "go.mod" + - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 + with: + # renovate: datasource=github-releases depName=golangci/golangci-lint + version: v1.57.1 + skip-pkg-cache: true + + tests: + name: Run tests + runs-on: ubuntu-latest + steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version-file: "go.mod" - uses: tlylt/install-graphviz@b2201200d85f06f0189cb74d9b69208504cf12cd # v1.0.0 - - - name: Run golang tests - run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./... - - name: Archive code coverage results - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + - run: go test -v -race -covermode=atomic -coverprofile=coverage.out ./... + - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: - name: golang-coverage-report + name: coverage-results path: coverage.out retention-days: 1 codecov: - name: Codecov + name: Upload coverage to Codecov + needs: [tests] runs-on: ubuntu-latest - needs: [go-test] steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: - name: golang-coverage-report - + name: coverage-results - uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/release.goreleaser.yml b/.github/workflows/release.yml similarity index 56% rename from .github/workflows/release.goreleaser.yml rename to .github/workflows/release.yml index 65ebbd0c..b3a0d429 100644 --- a/.github/workflows/release.goreleaser.yml +++ b/.github/workflows/release.yml @@ -1,5 +1,5 @@ --- -name: Release (Goreleaser) +name: Release on: # yamllint disable-line rule:truthy push: tags: [v*] @@ -8,17 +8,13 @@ jobs: goreleaser: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 with: - # renovate: datasource=golang-version - go-version: "1.21.0" - - name: Run GoReleaser - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 + go-version-file: "go.mod" + - uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 with: distribution: goreleaser # renovate: datasource=github-tags depName=goreleaser/goreleaser diff --git a/.github/workflows/lint.github-action.yml b/.github/workflows/security.yml similarity index 66% rename from .github/workflows/lint.github-action.yml rename to .github/workflows/security.yml index 01183bc0..6fc9f444 100644 --- a/.github/workflows/lint.github-action.yml +++ b/.github/workflows/security.yml @@ -1,23 +1,21 @@ --- -name: Lint (Github Actions workflows) +name: Actions security on: # yamllint disable-line rule:truthy pull_request: types: [opened, synchronize] paths: [.github/workflows/**] jobs: - # CI harden security tries to keep your github actions secure by following these simple rules: - # - Check if no issues are found on your Github Action - # - Ensure that all action and reusable workflow are pinned using directly a commit SHA - ci_harden_security: - name: Github Action security hardening + # Actions security tries to keep your GitHub actions secure by following these simple rules: + # - Check if no issues are found on your GitHub Actions + # - Ensure that all GitHub Actions and reusable workflow are pinned using directly a commit SHA + actions_security: runs-on: ubuntu-latest permissions: security-events: write steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - - name: Lint your Github Actions + - name: Github Actions lint run: | curl -O https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json echo "::add-matcher::.github/actionlint-matcher.json" diff --git a/.github/workflows/lint.yaml.yml b/.github/workflows/yaml.yml similarity index 88% rename from .github/workflows/lint.yaml.yml rename to .github/workflows/yaml.yml index 617c9949..e8c72b51 100644 --- a/.github/workflows/lint.yaml.yml +++ b/.github/workflows/yaml.yml @@ -1,17 +1,15 @@ --- -name: Lint (YAML) +name: YAML lint on: # yamllint disable-line rule:truthy pull_request: types: [opened, synchronize] paths: ["**.ya?ml"] jobs: - yamllint: - name: YAML lint + lintyaml: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # tag=v3.1.1 with: format: github diff --git a/README.md b/README.md index 4e3b1838..52102729 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ DIB: Docker Image Builder ========================= ![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/radiofrance/dib?sort=semver) -![CI Status](https://img.shields.io/github/actions/workflow/status/radiofrance/dib/ci.yml?label=CI&logo=github-actions&logoColor=fff) +![CI Status](https://img.shields.io/github/actions/workflow/status/radiofrance/dib/qa.yml?label=QA&logo=github-actions&logoColor=fff) [![codecov](https://codecov.io/gh/radiofrance/dib/branch/main/graph/badge.svg)](https://codecov.io/gh/radiofrance/dib) [![Go Report Card](https://goreportcard.com/badge/github.com/radiofrance/dib)](https://goreportcard.com/report/github.com/radiofrance/dib)