name: CI on: push: branches: [main, master] tags: - 'v*' pull_request: branches: [main, master] env: GO_VERSION: '1.24' jobs: test: name: Test runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - name: Download dependencies run: go mod download - name: Run tests run: go test -v -race -coverprofile=coverage.out ./... - name: Upload coverage uses: actions/upload-artifact@v4 with: name: coverage path: coverage.out lint: name: Lint runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - name: Run go vet run: go vet ./... - name: Check formatting run: | if [ -n "$(gofmt -l .)" ]; then echo "The following files are not formatted:" gofmt -l . exit 1 build: name: Build ${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} runs-on: ubuntu-latest needs: [test, lint] strategy: matrix: binary: [server, monitor] goos: [linux, darwin] goarch: [amd64, arm64] steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - name: Build env: GOOS: ${{ matrix.goos }} GOARCH: ${{ matrix.goarch }} CGO_ENABLED: 0 run: | go build -ldflags="-s -w -X main.Version=${{ github.ref_name }}" \ -o hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} \ ./cmd/${{ matrix.binary }} - name: Upload artifact uses: actions/upload-artifact@v4 with: name: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} path: hmac-file-${{ matrix.binary }}-${{ matrix.goos }}-${{ matrix.goarch }} sbom: name: Generate SBOM runs-on: ubuntu-latest needs: [test] steps: - name: Checkout uses: actions/checkout@v4 - name: Setup Go uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - name: Install cyclonedx-gomod run: go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest - name: Generate SBOM run: cyclonedx-gomod mod -output sbom.json -json - name: Upload SBOM uses: actions/upload-artifact@v4 with: name: sbom path: sbom.json docker: name: Build Docker Images runs-on: ubuntu-latest needs: [test, lint] if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) steps: - name: Checkout uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Gitea Container Registry uses: docker/login-action@v3 with: registry: git.uuxo.net username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.REGISTRY_TOKEN }} - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: git.uuxo.net/uuxo/hmac-file-server tags: | type=ref,event=branch type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - name: Build and push uses: docker/build-push-action@v5 with: context: . file: ./Dockerfile.multiarch platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} release: name: Release runs-on: ubuntu-latest needs: [build, sbom, docker] if: startsWith(github.ref, 'refs/tags/') steps: - name: Download all artifacts uses: actions/download-artifact@v4 with: path: artifacts - name: Create checksums run: | cd artifacts find . -type f -name "hmac-file-*" -exec sha256sum {} \; > checksums.txt cat checksums.txt - name: Create Release uses: softprops/action-gh-release@v1 with: files: | artifacts/hmac-file-*/hmac-file-* artifacts/sbom/sbom.json artifacts/checksums.txt generate_release_notes: true