UUXO/hmac-file-server
1
1
Fork 0
Code Pull Requests Actions Packages Projects Releases 1 Wiki Activity

ci: rewrite workflow for Gitea runner with Docker build
Some checks failed
CI/CD / Test (push) Has been cancelled
Details
CI/CD / Lint (push) Has been cancelled
Details
CI/CD / Build monitor-darwin-amd64 (push) Has been cancelled
Details
CI/CD / Build monitor-linux-amd64 (push) Has been cancelled
Details
CI/CD / Build monitor-darwin-arm64 (push) Has been cancelled
Details
CI/CD / Build monitor-linux-arm64 (push) Has been cancelled
Details
CI/CD / Build server-darwin-amd64 (push) Has been cancelled
Details
CI/CD / Build server-linux-amd64 (push) Has been cancelled
Details
CI/CD / Build server-darwin-arm64 (push) Has been cancelled
Details
CI/CD / Build server-linux-arm64 (push) Has been cancelled
Details
CI/CD / Generate SBOM (push) Has been cancelled
Details
CI/CD / Build & Push Docker Image (push) Has been cancelled
Details
CI/CD / Release (push) Has been cancelled
Details

Browse Source
This commit is contained in:
A. Renz
2025-12-11 20:00:54 +01:00
parent 5572401257
commit 69319e9723
1 changed files with 103 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
.gitea/workflows/ci.yml
View File

@@ -1,52 +1,55 @@
name: CI # CI/CD Pipeline for hmac-file-server
name: CI/CD
on: on:
push: push:
branches: [main, master] branches: [main, master]
tags: tags: ['v*']
- 'v*'
pull_request: pull_request:
branches: [main, master] branches: [main, master]
env: env:
GO_VERSION: '1.24' GITEA_URL: https://git.uuxo.net
jobs: jobs:
test: test:
name: Test name: Test
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: golang:1.24-bookworm
steps: steps:
- name: Checkout - name: Install git
uses: actions/checkout@v4 run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go - name: Checkout code
uses: actions/setup-go@v5 run: |
with: git config --global --add safe.directory "$GITHUB_WORKSPACE"
go-version: ${{ env.GO_VERSION }} git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Download dependencies - name: Download dependencies
run: go mod download run: go mod download
- name: Run tests - name: Run tests with race detection
run: go test -v -race -coverprofile=coverage.out ./... run: go test -race -coverprofile=coverage.out -covermode=atomic ./...
- name: Upload coverage - name: Generate coverage report
uses: actions/upload-artifact@v4 run: |
with: go tool cover -func=coverage.out
name: coverage go tool cover -html=coverage.out -o coverage.html
path: coverage.out
lint: lint:
name: Lint name: Lint
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: golang:1.24-bookworm
steps: steps:
- name: Checkout - name: Install git
uses: actions/checkout@v4 run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go - name: Checkout code
uses: actions/setup-go@v5 run: |
with: git config --global --add safe.directory "$GITHUB_WORKSPACE"
go-version: ${{ env.GO_VERSION }} git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Run go vet - name: Run go vet
run: go vet ./... run: go vet ./...
@@ -57,132 +60,129 @@ jobs:
echo "The following files are not formatted:" echo "The following files are not formatted:"
gofmt -l . gofmt -l .
exit 1 exit 1
fi
build: build:
name: Build ${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} name: Build ${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [test, lint] needs: [test, lint]
container:
image: golang:1.24-bookworm
strategy: strategy:
matrix: matrix:
binary: [server, monitor] binary: [server, monitor]
goos: [linux, darwin] goos: [linux, darwin]
goarch: [amd64, arm64] goarch: [amd64, arm64]
steps: steps:
- name: Checkout - name: Install git
uses: actions/checkout@v4 run: apt-get update && apt-get install -y git ca-certificates
- name: Setup Go - name: Checkout code
uses: actions/setup-go@v5 run: |
with: git config --global --add safe.directory "$GITHUB_WORKSPACE"
go-version: ${{ env.GO_VERSION }} git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Build binary
- name: Build
env: env:
GOOS: ${{ matrix.goos }} GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }} GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0 CGO_ENABLED: 0
run: | run: |
go build -ldflags="-s -w -X main.Version=${{ github.ref_name }}" \ go build -ldflags="-s -w -X main.Version=${GITHUB_REF_NAME}" \
-o hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} \ -o dist/hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} \
./cmd/${{ matrix.binary }} ./cmd/${{ matrix.binary }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
path: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }}
sbom: sbom:
name: Generate SBOM name: Generate SBOM
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [test] needs: [test]
container:
image: golang:1.24-bookworm
steps: steps:
- name: Checkout - name: Install git
uses: actions/checkout@v4 run: apt-get update && apt-get install -y git ca-certificates curl
- name: Setup Go - name: Checkout code
uses: actions/setup-go@v5 run: |
with: git config --global --add safe.directory "$GITHUB_WORKSPACE"
go-version: ${{ env.GO_VERSION }} git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Install cyclonedx-gomod - name: Install Syft
run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest run: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Generate SBOM - name: Generate SBOM
run: cyclonedx-gomod mod -output sbom.json -json run: |
syft . -o spdx-json=sbom-spdx.json
- name: Upload SBOM syft . -o cyclonedx-json=sbom-cyclonedx.json
uses: actions/upload-artifact@v4
with:
name: sbom
path: sbom.json
docker: docker:
name: Build Docker Images name: Build & Push Docker Image
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [test, lint] needs: [test, lint]
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/'))
container:
image: docker:24-cli
options: --privileged
services:
docker:
image: docker:24-dind
options: --privileged
steps: steps:
- name: Checkout - name: Install dependencies
uses: actions/checkout@v4 run: apk add --no-cache git curl
- name: Set up QEMU - name: Checkout code
uses: docker/setup-qemu-action@v3 run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git clone --depth 1 --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 run: |
docker buildx create --use --name builder --driver docker-container
docker buildx inspect --bootstrap
- name: Login to Gitea Container Registry - name: Login to Gitea Registry
uses: docker/login-action@v3 run: |
with: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.uuxo.net -u "${{ secrets.REGISTRY_USER }}" --password-stdin
registry: git.uuxo.net
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: git.uuxo.net/uuxo/hmac-file-server
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: Build and push - name: Build and push
uses: docker/build-push-action@v5 run: |
with: # Determine tags
context: . if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
file: ./Dockerfile.multiarch VERSION=${GITHUB_REF#refs/tags/}
platforms: linux/amd64,linux/arm64 TAGS="-t git.uuxo.net/uuxo/hmac-file-server:${VERSION} -t git.uuxo.net/uuxo/hmac-file-server:latest"
push: true else
tags: ${{ steps.meta.outputs.tags }} TAGS="-t git.uuxo.net/uuxo/hmac-file-server:${GITHUB_SHA::8} -t git.uuxo.net/uuxo/hmac-file-server:main"
labels: ${{ steps.meta.outputs.labels }} fi
docker buildx build \
--platform linux/amd64,linux/arm64 \
--push \
--file Dockerfile.multiarch \
${TAGS} \
.
release: release:
name: Release name: Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: [build, sbom, docker] needs: [build, sbom, docker]
if: startsWith(github.ref, 'refs/tags/') if: startsWith(github.ref, 'refs/tags/v')
container:
image: golang:1.24-bookworm
steps: steps:
- name: Download all artifacts - name: Install tools
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Create checksums
run: | run: |
cd artifacts apt-get update && apt-get install -y git ca-certificates
find . -type f -name "hmac-file-*" -exec sha256sum {} \; > checksums.txt curl -sSfL https://github.com/goreleaser/goreleaser/releases/download/v2.4.8/goreleaser_Linux_x86_64.tar.gz | tar xz -C /usr/local/bin goreleaser
cat checksums.txt curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
- name: Create Release - name: Checkout code
uses: softprops/action-gh-release@v1 run: |
with: git config --global --add safe.directory "$GITHUB_WORKSPACE"
files: | git clone --branch ${GITHUB_REF_NAME} ${{ env.GITEA_URL }}/${GITHUB_REPOSITORY}.git .
artifacts/hmac-file-*/hmac-file-* git fetch --tags
artifacts/sbom/sbom.json
artifacts/checksums.txt - name: Run goreleaser
generate_release_notes: true env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: goreleaser release --clean