luzifer/twitch-bot
1
0
Fork 0
Code Issues1 Pull requests Activity

CI: Re-join workflow, enable renovate

Browse source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2025-04-06 15:54:29 +02:00
parent a57aa101db
commit edc1d9da5b
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
12 changed files with 113 additions and 499 deletions

227
.github/workflows/generated_workflow.yml vendored
View file

@ -1,29 +1,48 @@
---
name: CI Workflow
on: push
permissions:
contents: read
jobs:
doc-generator:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs:
- test
defaults:
test:
defaults: &runDefaults
run:
shell: bash
container:
container: &archEnvContainer
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Lint and test code
run: make lint test frontend_lint
- name: Build release (quick local for compile)
run: make build_prod
- name: Execute Trivy scan
run: make trivy
doc-generator:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
permissions:
contents: read
pages: write
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
with:
lfs: true
show-progress: false
submodules: true
- name: Marking workdir safe
@ -31,56 +50,50 @@ jobs:
- name: Generate documentation
run: make render_docs DOCS_BASE_URL=https://luzifer.github.io/twitch-bot/
- name: Upload GitHub Pages artifact
uses: actions/upload-pages-artifact@v1
uses: actions/upload-pages-artifact@v3.0.1
with:
path: .rendered-docs
- name: Deploy artifact
uses: actions/deploy-pages@v1
uses: actions/deploy-pages@v4.0.5
docker-publish:
if: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/master' }}
needs:
- test
defaults:
run:
shell: bash
needs: [test]
defaults: *runDefaults
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Log into registry
uses: docker/login-action@v3
uses: docker/login-action@v3.4.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Build & Publish
run: bash ci/docker-publish.sh
integration-crdb:
if: ${{ github.ref == 'refs/heads/master' }}
needs:
- test
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
runs-on: ubuntu-latest
services:
crdb:
image: luzifer/crdb-gh-service
options: --health-cmd "curl -sSf http://localhost:8080/health" --health-interval 10s --health-timeout 5s --health-retries 5
options: >
--health-cmd "curl -sSf http://localhost:8080/health"
--health-interval 10s
--health-retries 5
--health-timeout 5s
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
cockroachdb-bin
- uses: actions/checkout@v4
run: pacman -Syy --noconfirm cockroachdb-bin
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
@ -88,27 +101,27 @@ jobs:
- name: Set up CRDB service
run: |
cockroach sql --host crdb --insecure <<EOF
CREATE DATABASE integration;
CREATE USER "twitch_bot" WITH PASSWORD NULL;
ALTER DATABASE integration OWNER to "twitch_bot";
CREATE DATABASE integration;
CREATE USER "twitch_bot" WITH PASSWORD NULL;
ALTER DATABASE integration OWNER to "twitch_bot";
EOF
- name: Run tests against CRDB
env:
GO_TEST_DB_ENGINE: postgres
GO_TEST_DB_DSN: host=crdb user=twitch_bot dbname=integration port=26257 sslmode=disable timezone=UTC
GO_TEST_DB_DSN: >
host=crdb
user=twitch_bot
dbname=integration
port=26257
sslmode=disable
timezone=UTC
run: make short_test
integration-mariadb:
if: ${{ github.ref == 'refs/heads/master' }}
needs:
- test
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
runs-on: ubuntu-latest
services:
mariadb:
@ -117,13 +130,17 @@ jobs:
MYSQL_PASSWORD: twitch-bot-pass
MYSQL_ROOT_PASSWORD: root-pass
MYSQL_USER: twitch-bot
options: --health-cmd "healthcheck.sh --connect --innodb_initialized" --health-interval 10s --health-timeout 5s --health-retries 5
options: >
--health-cmd "healthcheck.sh
--connect
--innodb_initialized"
--health-interval 10s
--health-retries 5
--health-timeout 5s
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
mariadb-clients
- uses: actions/checkout@v4
run: pacman -Syy --noconfirm mariadb-clients
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
@ -131,26 +148,20 @@ jobs:
- name: Set up MariaDB service
run: |
mariadb -h mariadb -u root --password=root-pass <<EOF
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
EOF
- name: Run tests against MariaDB
env:
GO_TEST_DB_ENGINE: mysql
GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mariadb:3306)/integration?charset=utf8mb4&parseTime=True
run: make short_test
integration-mysql:
if: ${{ github.ref == 'refs/heads/master' }}
needs:
- test
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
runs-on: ubuntu-latest
services:
mysql:
@ -159,13 +170,15 @@ jobs:
MYSQL_PASSWORD: twitch-bot-pass
MYSQL_ROOT_PASSWORD: root-pass
MYSQL_USER: twitch-bot
options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 5
options: >
--health-cmd "mysqladmin ping"
--health-interval 10s
--health-retries 5
--health-timeout 5s
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
mariadb-clients
- uses: actions/checkout@v4
run: pacman -Syy --noconfirm mariadb-clients
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
@ -173,35 +186,33 @@ jobs:
- name: Set up MySQL service
run: |
mariadb --skip-ssl -h mysql -u root --password=root-pass <<EOF
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
EOF
- name: Run tests against MySQL
env:
GO_TEST_DB_ENGINE: mysql
GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mysql:3306)/integration?charset=utf8mb4&parseTime=True
run: make short_test
integration-postgres:
if: ${{ github.ref == 'refs/heads/master' }}
needs:
- test
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_PASSWORD: twitch-bot-pass
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
options: >
--health-cmd pg_isready
--health-interval 10s
--health-retries 5
--health-timeout 5s
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
@ -209,30 +220,30 @@ jobs:
- name: Run tests against PostgreSQL
env:
GO_TEST_DB_ENGINE: postgres
GO_TEST_DB_DSN: host=postgres user=postgres password=twitch-bot-pass dbname=postgres port=5432 sslmode=disable timezone=UTC
GO_TEST_DB_DSN: >
host=postgres
user=postgres
password=twitch-bot-pass
dbname=postgres
port=5432
sslmode=disable
timezone=UTC
run: make short_test
release:
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs:
- test
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
needs: [test]
defaults: *runDefaults
container: *archEnvContainer
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4.2.2
with:
show-progress: false
- name: Marking workdir safe
run: |
git config --global --add safe.directory /__w/twitch-bot/twitch-bot
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Build release
run: make publish
- name: Extract changelog
@ -248,27 +259,3 @@ jobs:
bodyFile: release_changelog.md
draft: false
generateReleaseNotes: false
test:
if: ${{ github.ref != 'refs/heads/stable' }}
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: |
git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Lint and test code
run: make lint test frontend_lint
- name: Build release (quick local for compile)
run: make build_prod
- name: Execute Trivy scan
run: make trivy

3
Makefile
View file

@ -69,9 +69,6 @@ update-chrome-major: ## Patch latest Chrome major version into linkcheck
's/chromeMajor = [0-9]+/chromeMajor = $(shell curl -sSf https://lv.luzifer.io/v1/catalog/google-chrome/stable/version | cut -d '.' -f 1)/' \
internal/linkcheck/useragent.go
gh-workflow: ## Regenerate CI workflow
bash ci/create-workflow.sh
##@ Vulnerability scanning
trivy: ## Run Trivy against the code

7
ci/workflow-parts/index.yaml
View file

@ -1,7 +0,0 @@
name: CI Workflow
on: push
permissions:
contents: read
jobs: {}

44
ci/workflow-parts/part_doc-generator.yml
View file

@ -1,44 +0,0 @@
---
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
permissions:
contents: read
pages: write
id-token: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
lfs: true
show-progress: false
submodules: true
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Generate documentation
run: make render_docs DOCS_BASE_URL=https://luzifer.github.io/twitch-bot/
- name: Upload GitHub Pages artifact
uses: actions/upload-pages-artifact@v1
with:
path: .rendered-docs
- name: Deploy artifact
uses: actions/deploy-pages@v1
...

30
ci/workflow-parts/part_docker-publish.yml
View file

@ -1,30 +0,0 @@
---
if: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/master' }}
needs: [test]
defaults:
run:
shell: bash
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Log into registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Build & Publish
run: bash ci/docker-publish.sh
...

54
ci/workflow-parts/part_integration-crdb.yml
View file

@ -1,54 +0,0 @@
---
if: ${{ github.ref == 'refs/heads/master' }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
services:
crdb:
image: luzifer/crdb-gh-service
options: >-
--health-cmd "curl -sSf http://localhost:8080/health"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
cockroachdb-bin
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Set up CRDB service
run: |
cockroach sql --host crdb --insecure <<EOF
CREATE DATABASE integration;
CREATE USER "twitch_bot" WITH PASSWORD NULL;
ALTER DATABASE integration OWNER to "twitch_bot";
EOF
- name: Run tests against CRDB
env:
GO_TEST_DB_ENGINE: postgres
GO_TEST_DB_DSN: host=crdb user=twitch_bot dbname=integration port=26257 sslmode=disable timezone=UTC
run: make short_test
...

57
ci/workflow-parts/part_integration-mariadb.yml
View file

@ -1,57 +0,0 @@
---
if: ${{ github.ref == 'refs/heads/master' }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
services:
mariadb:
image: mariadb:11
env:
MYSQL_PASSWORD: twitch-bot-pass
MYSQL_ROOT_PASSWORD: root-pass
MYSQL_USER: twitch-bot
options: >-
--health-cmd "healthcheck.sh --connect --innodb_initialized"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
mariadb-clients
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Set up MariaDB service
run: |
mariadb -h mariadb -u root --password=root-pass <<EOF
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
EOF
- name: Run tests against MariaDB
env:
GO_TEST_DB_ENGINE: mysql
GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mariadb:3306)/integration?charset=utf8mb4&parseTime=True
run: make short_test
...

57
ci/workflow-parts/part_integration-mysql.yml
View file

@ -1,57 +0,0 @@
---
if: ${{ github.ref == 'refs/heads/master' }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
services:
mysql:
image: mysql:8
env:
MYSQL_PASSWORD: twitch-bot-pass
MYSQL_ROOT_PASSWORD: root-pass
MYSQL_USER: twitch-bot
options: >-
--health-cmd "mysqladmin ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Install required packages
run: |
pacman -Syy --noconfirm \
mariadb-clients
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Set up MySQL service
run: |
mariadb --skip-ssl -h mysql -u root --password=root-pass <<EOF
CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
GRANT ALL ON integration.* TO 'twitch-bot'@'%';
EOF
- name: Run tests against MySQL
env:
GO_TEST_DB_ENGINE: mysql
GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mysql:3306)/integration?charset=utf8mb4&parseTime=True
run: make short_test
...

43
ci/workflow-parts/part_integration-postgres.yml
View file

@ -1,43 +0,0 @@
---
if: ${{ github.ref == 'refs/heads/master' }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
services:
postgres:
image: postgres:15
env:
POSTGRES_PASSWORD: twitch-bot-pass
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Run tests against PostgreSQL
env:
GO_TEST_DB_ENGINE: postgres
GO_TEST_DB_DSN: host=postgres user=postgres password=twitch-bot-pass dbname=postgres port=5432 sslmode=disable timezone=UTC
run: make short_test
...

49
ci/workflow-parts/part_release.yml
View file

@ -1,49 +0,0 @@
---
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
needs: [test]
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: |
git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Build release
run: make publish
- name: Extract changelog
run: 'awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md'
- name: Update stable branch
run: |
git branch -f stable ${GITHUB_SHA}
git push -f origin stable
- name: Release
uses: ncipollo/release-action@v1
with:
artifacts: '.build/*'
bodyFile: release_changelog.md
draft: false
generateReleaseNotes: false
...

35
ci/workflow-parts/part_test.yml
View file

@ -1,35 +0,0 @@
---
if: ${{ github.ref != 'refs/heads/stable' }}
defaults:
run:
shell: bash
container:
image: luzifer/gh-arch-env
env:
CGO_ENABLED: 0
GOPATH: /go
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Marking workdir safe
run: |
git config --global --add safe.directory /__w/twitch-bot/twitch-bot
- name: Lint and test code
run: make lint test frontend_lint
- name: Build release (quick local for compile)
run: make build_prod
- name: Execute Trivy scan
run: make trivy
...

6
renovate.json Normal file
View file

@ -0,0 +1,6 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"https://git.luzifer.io/luzifer/renovate-config/raw/branch/master/default.json"
]
}