mirror of
https://github.com/btouchard/ackify.git
synced 2026-05-18 06:29:22 -05:00
Benjamin
62f8a56c7a
Add complete Go application for cryptographic document signature validation with OAuth2 authentication, Ed25519 signatures, and PostgreSQL storage following clean architecture principles.
184 lines
5.1 KiB
YAML
184 lines
5.1 KiB
YAML
name: CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main, develop ]
|
|
pull_request:
|
|
branches: [ main, develop ]
|
|
release:
|
|
types: [ published ]
|
|
|
|
env:
|
|
REGISTRY: docker.io
|
|
IMAGE_NAME: btouchard/ackify
|
|
|
|
jobs:
|
|
test:
|
|
name: Run Tests
|
|
runs-on: ubuntu-latest
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:15-alpine
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: testpassword
|
|
POSTGRES_DB: ackify_test
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
ports:
|
|
- 5432:5432
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version: '1.24.5'
|
|
cache: true
|
|
|
|
- name: Download dependencies
|
|
run: go mod download
|
|
|
|
- name: Run go fmt check
|
|
run: |
|
|
if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
|
|
echo "The following files need to be formatted:"
|
|
gofmt -s -l .
|
|
exit 1
|
|
fi
|
|
|
|
- name: Run go vet
|
|
run: go vet ./...
|
|
|
|
- name: Run unit tests
|
|
env:
|
|
APP_BASE_URL: "http://localhost:8080"
|
|
APP_ORGANISATION: "Test Org"
|
|
OAUTH_CLIENT_ID: "test-client-id"
|
|
OAUTH_CLIENT_SECRET: "test-client-secret"
|
|
OAUTH_COOKIE_SECRET: "dGVzdC1jb29raWUtc2VjcmV0LXRlc3QtY29va2llLXNlY3JldA=="
|
|
run: go test -v -race -short ./...
|
|
|
|
- name: Run integrations tests
|
|
env:
|
|
DB_DSN: "postgres://postgres:testpassword@localhost:5432/ackify_test?sslmode=disable"
|
|
INTEGRATION_TESTS: "true"
|
|
run: go test -v -race -tags=integrations ./internal/infrastructure/database/...
|
|
|
|
- name: Generate coverage report
|
|
env:
|
|
DB_DSN: "postgres://postgres:testpassword@localhost:5432/ackify_test?sslmode=disable"
|
|
INTEGRATION_TESTS: "true"
|
|
APP_BASE_URL: "http://localhost:8080"
|
|
APP_ORGANISATION: "Test Org"
|
|
OAUTH_CLIENT_ID: "test-client-id"
|
|
OAUTH_CLIENT_SECRET: "test-client-secret"
|
|
OAUTH_COOKIE_SECRET: "dGVzdC1jb29raWUtc2VjcmV0LXRlc3QtY29va2llLXNlY3JldA=="
|
|
run: go test -v -race -tags=integrations -coverprofile=coverage.out ./...
|
|
|
|
- name: Upload coverage to Codecov
|
|
if: success()
|
|
uses: codecov/codecov-action@v3
|
|
with:
|
|
file: ./coverage.out
|
|
flags: unittests,integrations
|
|
name: codecov-umbrella
|
|
|
|
build:
|
|
name: Build and Push Docker Image
|
|
runs-on: ubuntu-latest
|
|
needs: test
|
|
if: github.event_name != 'pull_request'
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ secrets.DOCKER_USERNAME }}
|
|
password: ${{ secrets.DOCKER_PASSWORD }}
|
|
|
|
- name: Extract metadata
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
|
tags: |
|
|
type=ref,event=branch
|
|
type=ref,event=pr
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=semver,pattern={{major}}
|
|
type=sha,prefix={{branch}}-
|
|
type=raw,value=latest,enable={{is_default_branch}}
|
|
|
|
- name: Build and push Docker image
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
build-args: |
|
|
VERSION=${{ github.ref_name }}
|
|
COMMIT=${{ github.sha }}
|
|
BUILD_DATE=${{ github.event.head_commit.timestamp }}
|
|
|
|
security:
|
|
name: Security Scan
|
|
runs-on: ubuntu-latest
|
|
needs: build
|
|
if: github.event_name != 'pull_request'
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
uses: aquasecurity/trivy-action@master
|
|
with:
|
|
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}'
|
|
format: 'sarif'
|
|
output: 'trivy-results.sarif'
|
|
|
|
# - name: Upload Trivy scan results to GitHub Security tab
|
|
# uses: github/codeql-action/upload-sarif@v2
|
|
# if: always()
|
|
# with:
|
|
# sarif_file: 'trivy-results.sarif'
|
|
|
|
notify:
|
|
name: Notify
|
|
runs-on: ubuntu-latest
|
|
needs: [test, build, security]
|
|
if: always() && github.event_name != 'pull_request'
|
|
|
|
steps:
|
|
- name: Notify success
|
|
if: needs.test.result == 'success' && needs.build.result == 'success'
|
|
run: |
|
|
echo "✅ CI/CD Pipeline completed successfully!"
|
|
echo "🚀 Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.ref_name }}"
|
|
|
|
- name: Notify failure
|
|
if: needs.test.result == 'failure' || needs.build.result == 'failure'
|
|
run: |
|
|
echo "❌ CI/CD Pipeline failed!"
|
|
echo "Please check the logs above for details."
|
|
exit 1 |