Skip to content
CI/CD Pipeline

chore: build fix #8

Sign in to view logs

chore: build fix

chore: build fix #8

Workflow file for this run

.github/workflows/ci.yml at 379a4fb
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
tags: ["v*"]
pull_request:
branches: [main, develop]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
name: Test
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ["1.23"]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-${{ matrix.go-version }}-
- name: Download dependencies
run: go mod download
- name: Verify dependencies
run: go mod verify
- name: Run go vet
run: go vet ./...
- name: Run go fmt
run: |
fmt_output=$(go fmt ./...)
if [ -n "$fmt_output" ]; then
echo "The following files need formatting:"
echo "$fmt_output"
exit 1
fi
- name: Run tests
run: make test
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.23"
- name: Run golangci-lint
uses: golangci/golangci-lint-action@v4
with:
version: latest
args: --timeout=5m
build:
name: Build
runs-on: ubuntu-latest
needs: [test, lint]
strategy:
matrix:
goos: [linux, windows, darwin]
goarch: [amd64, arm64]
exclude:
- goos: windows
goarch: arm64
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.23"
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-1.23-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-1.23-
- name: Build binary
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
VERSION=${GITHUB_REF#refs/tags/}
if [[ "$VERSION" == "refs/heads/"* ]]; then
VERSION=${GITHUB_SHA:0:8}
fi
BINARY_NAME=dns-sync
if [ "$GOOS" = "windows" ]; then
BINARY_NAME="${BINARY_NAME}.exe"
fi
mkdir -p build
go build -ldflags "-s -w -X main.version=$VERSION" -o build/${BINARY_NAME}-${GOOS}-${GOARCH} cmd/dns-sync/main.go
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dns-sync-${{ matrix.goos }}-${{ matrix.goarch }}
path: build/
docker:
name: Build and Push Docker Image
runs-on: ubuntu-latest
needs: [test, lint]
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
VERSION=${{ github.ref_name }}
release:
name: Create Release
runs-on: ubuntu-latest
needs: [build]
if: startsWith(github.ref, 'refs/tags/')
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts/
- name: Prepare release assets
run: |
mkdir -p release
for dir in artifacts/*/; do
if [ -d "$dir" ]; then
cd "$dir"
for file in *; do
if [ -f "$file" ]; then
# Create tar.gz for non-Windows binaries
if [[ "$file" != *.exe ]]; then
tar -czf "../../release/${file}.tar.gz" "$file"
else
# Create zip for Windows binaries
zip "../../release/${file%.exe}.zip" "$file"
fi
fi
done
cd - > /dev/null
fi
done
- name: Generate changelog
run: |
if [ -f CHANGELOG.md ]; then
# Extract changelog for current version
awk '/^## \[/{if(p) exit; if($0 ~ /\['${GITHUB_REF#refs/tags/}'\]/) p=1} p' CHANGELOG.md > release_notes.md
else
echo "Release ${GITHUB_REF#refs/tags/}" > release_notes.md
echo "" >> release_notes.md
echo "### Changes" >> release_notes.md
git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 HEAD^)..HEAD >> release_notes.md
fi
- name: Create Release
uses: softprops/action-gh-release@v1
with:
files: release/*
body_path: release_notes.md
draft: false
prerelease: ${{ contains(github.ref, '-') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
security:
name: Security Scan
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: "fs"
scan-ref: "."
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"