1
0
Fork 0
mirror of https://github.com/Luzifer/preserve.git synced 2024-12-20 09:41:18 +00:00

[CI] Replace deprecated CI tooling

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-12-29 18:00:58 +01:00
parent bf88873cc1
commit 5e6535ccce
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
5 changed files with 153 additions and 18 deletions

81
.github/workflows/test-and-build.yml vendored Normal file
View file

@ -0,0 +1,81 @@
---
name: test-and-build
on:
push:
branches: ['*']
tags: ['v*']
permissions:
contents: write
jobs:
test-and-build:
defaults:
run:
shell: bash
container:
image: luzifer/archlinux
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
steps:
- name: Enable custom AUR package repo
run: echo -e "[luzifer]\nSigLevel = Never\nServer = https://archrepo.hub.luzifer.io/\$arch" >>/etc/pacman.conf
- name: Install required packages
run: |
pacman -Syy --noconfirm \
awk \
git \
go \
golangci-lint-bin \
make \
tar \
trivy \
zip
- uses: actions/checkout@v3
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/preserve/preserve
- name: Lint and test code
run: make lint test
- name: Execute Trivy scan
run: |
trivy fs . \
--dependency-tree \
--exit-code 1 \
--format table \
--ignore-unfixed \
--quiet \
--scanners misconfig,license,secret,vuln \
--severity HIGH,CRITICAL
- name: Build release
run: make publish
env:
FORCE_SKIP_UPLOAD: 'true'
MOD_MODE: readonly
NO_TESTS: 'true'
PACKAGES: '.'
- name: Extract changelog
run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md'
- name: Release
uses: ncipollo/release-action@v1
if: startsWith(github.ref, 'refs/tags/')
with:
artifacts: '.build/*'
bodyFile: release_changelog.md
draft: false
generateReleaseNotes: false
...

View file

@ -1,13 +0,0 @@
---
image: "reporunner/golang-alpine"
checkout_dir: /go/src/github.com/Luzifer/preserve
commands:
- make lint test publish
environment:
DRAFT: "false"
CGO_ENABLED: 0
GO111MODULE: on
MOD_MODE: readonly

View file

@ -4,10 +4,13 @@ COPY . /go/src/github.com/Luzifer/preserve
WORKDIR /go/src/github.com/Luzifer/preserve
RUN set -ex \
&& apk add --update git \
&& apk add --no-cache \
git \
&& go install \
-ldflags "-X main.version=$(git describe --tags --always || echo dev)" \
-mod=readonly
-ldflags "-s -w -X main.version=$(git describe --tags --always || echo dev)" \
-mod=readonly \
-trimpath
FROM alpine:latest
@ -24,6 +27,8 @@ COPY --from=builder /go/bin/preserve /usr/local/bin/preserve
EXPOSE 3000
VOLUME ["/data"]
USER 1000
ENTRYPOINT ["/usr/local/bin/preserve"]
CMD ["--"]

View file

@ -4,8 +4,7 @@ lint:
golangci-lint run --timeout=5m
publish:
curl -sSLo golang.sh https://raw.githubusercontent.com/Luzifer/github-publish/master/golang.sh
bash golang.sh
bash ./ci/build.sh
test:
go test -cover -v ./...

63
ci/build.sh Normal file
View file

@ -0,0 +1,63 @@
#!/usr/bin/env bash
set -euo pipefail
osarch=(
darwin/amd64
darwin/arm64
linux/amd64
linux/arm
linux/arm64
windows/amd64
)
function go_package() {
cd "${4}"
local outname="${3}"
[[ $1 == windows ]] && outname="${3}.exe"
log "=> Building ${3} for ${1}/${2}..."
CGO_ENABLED=0 GOARCH=$2 GOOS=$1 go build \
-ldflags "-s -w -X main.version=${version}" \
-mod=readonly \
-trimpath \
-o "${outname}"
if [[ $1 == linux ]]; then
log "=> Packging ${3} as ${3}_${1}_${2}.tgz..."
tar -czf "${builddir}/${3}_${1}_${2}.tgz" "${outname}"
else
log "=> Packging ${3} as ${3}_${1}_${2}.zip..."
zip "${builddir}/${3}_${1}_${2}.zip" "${outname}"
fi
rm "${outname}"
}
function go_package_all() {
for oa in "${osarch[@]}"; do
local os=$(cut -d / -f 1 <<<"${oa}")
local arch=$(cut -d / -f 2 <<<"${oa}")
(go_package "${os}" "${arch}" "${1}" "${2}")
done
}
function log() {
echo "[$(date +%H:%M:%S)] $@" >&2
}
root=$(pwd)
builddir="${root}/.build"
version="$(git describe --tags --always || echo dev)"
log "Building version ${version}..."
log "Resetting output directory..."
rm -rf "${builddir}"
mkdir -p "${builddir}"
log "Building Preserve..."
go_package_all "preserve" "."
log "Generating SHA256SUMS file..."
(cd "${builddir}" && sha256sum * | tee SHA256SUMS)