mirror of
https://github.com/Luzifer/envrun.git
synced 2024-12-20 18:31:17 +00:00
Replace repo-runner CI
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
0e50bf03d6
commit
c987e101b7
3 changed files with 83 additions and 12 deletions
70
.github/workflows/test-and-build.yml
vendored
Normal file
70
.github/workflows/test-and-build.yml
vendored
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
name: test-and-build
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: ['*']
|
||||||
|
tags: ['v*']
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
test-and-build:
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
shell: bash
|
||||||
|
|
||||||
|
container:
|
||||||
|
image: luzifer/archlinux
|
||||||
|
env:
|
||||||
|
CGO_ENABLED: 0
|
||||||
|
GOPATH: /go
|
||||||
|
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Enable custom AUR package repo
|
||||||
|
run: echo -e "[luzifer]\nSigLevel = Never\nServer = https://archrepo.hub.luzifer.io/\$arch" >>/etc/pacman.conf
|
||||||
|
|
||||||
|
- name: Install required packages
|
||||||
|
run: |
|
||||||
|
pacman -Syy --noconfirm \
|
||||||
|
awk \
|
||||||
|
git \
|
||||||
|
go \
|
||||||
|
golangci-lint-bin \
|
||||||
|
make \
|
||||||
|
tar \
|
||||||
|
trivy \
|
||||||
|
zip
|
||||||
|
|
||||||
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
- name: Marking workdir safe
|
||||||
|
run: git config --global --add safe.directory /__w/envrun/envrun
|
||||||
|
|
||||||
|
- name: Build release
|
||||||
|
run: make publish
|
||||||
|
env:
|
||||||
|
FORCE_SKIP_UPLOAD: 'true'
|
||||||
|
MOD_MODE: readonly
|
||||||
|
NO_TESTS: 'true'
|
||||||
|
PACKAGES: '.'
|
||||||
|
|
||||||
|
- name: Execute Trivy scan
|
||||||
|
run: make trivy
|
||||||
|
|
||||||
|
- name: Extract changelog
|
||||||
|
run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md'
|
||||||
|
|
||||||
|
- name: Release
|
||||||
|
uses: ncipollo/release-action@v1
|
||||||
|
if: startsWith(github.ref, 'refs/tags/')
|
||||||
|
with:
|
||||||
|
artifacts: '.build/*'
|
||||||
|
bodyFile: release_changelog.md
|
||||||
|
draft: false
|
||||||
|
generateReleaseNotes: false
|
||||||
|
|
||||||
|
...
|
|
@ -1,12 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
image: "reporunner/golang-alpine"
|
|
||||||
checkout_dir: /go/src/github.com/Luzifer/envrun
|
|
||||||
|
|
||||||
commands:
|
|
||||||
- make publish
|
|
||||||
|
|
||||||
environment:
|
|
||||||
CGO_ENABLED: 0
|
|
||||||
GO111MODULE: on
|
|
||||||
MOD_MODE: readonly
|
|
13
Makefile
13
Makefile
|
@ -1,3 +1,16 @@
|
||||||
publish:
|
publish:
|
||||||
curl -sSLo golang.sh https://raw.githubusercontent.com/Luzifer/github-publish/master/golang.sh
|
curl -sSLo golang.sh https://raw.githubusercontent.com/Luzifer/github-publish/master/golang.sh
|
||||||
bash golang.sh
|
bash golang.sh
|
||||||
|
|
||||||
|
# -- Vulnerability scanning --
|
||||||
|
|
||||||
|
trivy:
|
||||||
|
trivy fs . \
|
||||||
|
--dependency-tree \
|
||||||
|
--exit-code 1 \
|
||||||
|
--format table \
|
||||||
|
--ignore-unfixed \
|
||||||
|
--quiet \
|
||||||
|
--scanners config,license,secret,vuln \
|
||||||
|
--severity HIGH,CRITICAL \
|
||||||
|
--skip-dirs docs
|
||||||
|
|
Loading…
Reference in a new issue