1
0
Fork 0
mirror of https://github.com/Luzifer/envrun.git synced 2024-12-20 18:31:17 +00:00

Replace repo-runner CI

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-09-30 12:40:35 +02:00
parent 0e50bf03d6
commit c987e101b7
Signed by: luzifer
GPG key ID: D91C3E91E4CAD6F5
3 changed files with 83 additions and 12 deletions

70
.github/workflows/test-and-build.yml vendored Normal file
View file

@ -0,0 +1,70 @@
---
name: test-and-build
on:
push:
branches: ['*']
tags: ['v*']
permissions:
contents: write
jobs:
test-and-build:
defaults:
run:
shell: bash
container:
image: luzifer/archlinux
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
steps:
- name: Enable custom AUR package repo
run: echo -e "[luzifer]\nSigLevel = Never\nServer = https://archrepo.hub.luzifer.io/\$arch" >>/etc/pacman.conf
- name: Install required packages
run: |
pacman -Syy --noconfirm \
awk \
git \
go \
golangci-lint-bin \
make \
tar \
trivy \
zip
- uses: actions/checkout@v3
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/envrun/envrun
- name: Build release
run: make publish
env:
FORCE_SKIP_UPLOAD: 'true'
MOD_MODE: readonly
NO_TESTS: 'true'
PACKAGES: '.'
- name: Execute Trivy scan
run: make trivy
- name: Extract changelog
run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md'
- name: Release
uses: ncipollo/release-action@v1
if: startsWith(github.ref, 'refs/tags/')
with:
artifacts: '.build/*'
bodyFile: release_changelog.md
draft: false
generateReleaseNotes: false
...

View file

@ -1,12 +0,0 @@
---
image: "reporunner/golang-alpine"
checkout_dir: /go/src/github.com/Luzifer/envrun
commands:
- make publish
environment:
CGO_ENABLED: 0
GO111MODULE: on
MOD_MODE: readonly

View file

@ -1,3 +1,16 @@
publish: publish:
curl -sSLo golang.sh https://raw.githubusercontent.com/Luzifer/github-publish/master/golang.sh curl -sSLo golang.sh https://raw.githubusercontent.com/Luzifer/github-publish/master/golang.sh
bash golang.sh bash golang.sh
# -- Vulnerability scanning --
trivy:
trivy fs . \
--dependency-tree \
--exit-code 1 \
--format table \
--ignore-unfixed \
--quiet \
--scanners config,license,secret,vuln \
--severity HIGH,CRITICAL \
--skip-dirs docs