UUXO/hmac-file-server
1
1
Fork 0
Code Pull Requests Actions Packages Projects Releases 1 Wiki Activity

ci: rewrite workflow for Gitea runner with Docker build
Some checks failed
CI/CD / Test (push) Has been cancelled
Details
CI/CD / Lint (push) Has been cancelled
Details
CI/CD / Build monitor-darwin-amd64 (push) Has been cancelled
Details
CI/CD / Build monitor-linux-amd64 (push) Has been cancelled
Details
CI/CD / Build monitor-darwin-arm64 (push) Has been cancelled
Details
CI/CD / Build monitor-linux-arm64 (push) Has been cancelled
Details
CI/CD / Build server-darwin-amd64 (push) Has been cancelled
Details
CI/CD / Build server-linux-amd64 (push) Has been cancelled
Details
CI/CD / Build server-darwin-arm64 (push) Has been cancelled
Details
CI/CD / Build server-linux-arm64 (push) Has been cancelled
Details
CI/CD / Generate SBOM (push) Has been cancelled
Details
CI/CD / Build & Push Docker Image (push) Has been cancelled
Details
CI/CD / Release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
A. Renz
2025-12-11 20:00:54 +01:00
parent 5572401257
commit 69319e9723
1 changed files with 103 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
.gitea/workflows/ci.yml
View File

@@ -1,52 +1,55 @@
name: CI
# CI/CD Pipeline for hmac-file-server
name: CI/CD
on:
push:
branches: [main, master]
tags:
- 'v*'
tags: ['v*']
pull_request:
branches: [main, master]
env:
GO_VERSION: '1.24'
GITEA_URL: https://git.uuxo.net
jobs:
test:
name: Test
runs-on: ubuntu-latest
container:
image: golang:1.24-bookworm
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install git
run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Download dependencies
run: go mod download
- name: Run tests
run: go test -v -race -coverprofile=coverage.out ./...
- name: Run tests with race detection
run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
- name: Upload coverage
uses: actions/upload-artifact@v4
with:
name: coverage
path: coverage.out
- name: Generate coverage report
run: |
go tool cover -func=coverage.out
go tool cover -html=coverage.out -o coverage.html
lint:
name: Lint
runs-on: ubuntu-latest
container:
image: golang:1.24-bookworm
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install git
run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Run go vet
run: go vet ./...
@@ -57,132 +60,129 @@ jobs:
echo "The following files are not formatted:"
gofmt -l .
exit 1
fi
build:
name: Build ${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
runs-on: ubuntu-latest
needs: [test, lint]
container:
image: golang:1.24-bookworm
strategy:
matrix:
binary: [server, monitor]
goos: [linux, darwin]
goarch: [amd64, arm64]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install git
run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Build
- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
go build -ldflags="-s -w -X main.Version=${{ github.ref_name }}" \
-o hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} \
go build -ldflags="-s -w -X main.Version=${GITHUB_REF_NAME}" \
-o dist/hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} \
./cmd/${{ matrix.binary }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
path: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
sbom:
name: Generate SBOM
runs-on: ubuntu-latest
needs: [test]
container:
image: golang:1.24-bookworm
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install git
run: apt-get update && apt-get install -y git ca-certificates curl
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Install cyclonedx-gomod
run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
- name: Install Syft
run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Generate SBOM
run: cyclonedx-gomod mod -output sbom.json -json
- name: Upload SBOM
uses: actions/upload-artifact@v4
with:
name: sbom
path: sbom.json
run: |
syft . -o spdx-json=sbom-spdx.json
syft . -o cyclonedx-json=sbom-cyclonedx.json
docker:
name: Build Docker Images
name: Build & Push Docker Image
runs-on: ubuntu-latest
needs: [test, lint]
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/'))
container:
image: docker:24-cli
options: --privileged
services:
docker:
image: docker:24-dind
options: --privileged
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependencies
run: apk add --no-cache git curl
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
run: |
docker buildx create --use --name builder --driver docker-container
docker buildx inspect --bootstrap
- name: Login to Gitea Container Registry
uses: docker/login-action@v3
with:
registry: git.uuxo.net
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: git.uuxo.net/uuxo/hmac-file-server
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Login to Gitea Registry
run: |
echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.uuxo.net -u "${{ secrets.REGISTRY_USER }}" --password-stdin
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.multiarch
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
run: |
# Determine tags
if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
TAGS="-t git.uuxo.net/uuxo/hmac-file-server:${VERSION} -t git.uuxo.net/uuxo/hmac-file-server:latest"
else
TAGS="-t git.uuxo.net/uuxo/hmac-file-server:${GITHUB_SHA::8} -t git.uuxo.net/uuxo/hmac-file-server:main"
fi
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--file Dockerfile.multiarch \
${TAGS} \
.
release:
name: Release
runs-on: ubuntu-latest
needs: [build, sbom, docker]
if: startsWith(github.ref, 'refs/tags/')
if: startsWith(github.ref, 'refs/tags/v')
container:
image: golang:1.24-bookworm
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Create checksums
- name: Install tools
run: |
cd artifacts
find . -type f -name "hmac-file-*" -exec sha256sum {} \; > checksums.txt
cat checksums.txt
apt-get update && apt-get install -y git ca-certificates
curl -sSfL https://github.com/goreleaser/goreleaser/releases/download/v2.4.8/goreleaser_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin goreleaser
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: |
artifacts/hmac-file-*/hmac-file-*
artifacts/sbom/sbom.json
artifacts/checksums.txt
generate_release_notes: true
- name: Checkout code
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
git fetch --tags
- name: Run goreleaser
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: goreleaser release --clean