-
Notifications
You must be signed in to change notification settings - Fork 0
145 lines (127 loc) · 3.87 KB
/
ci.yml
File metadata and controls
145 lines (127 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
permissions:
contents: read
jobs:
test:
name: test (go ${{ matrix.go }} / ${{ matrix.os }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
go: ["1.25"]
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: ${{ matrix.go }}
cache: true
- name: Download modules
run: go mod download
- name: Verify go.mod / go.sum are tidy
if: matrix.os == 'ubuntu-latest'
run: |
go mod tidy
git diff --exit-code -- go.mod go.sum
- name: Vet
run: go vet ./...
- name: Build
run: go build ./...
- name: Test (race)
run: go test -race -count=1 -timeout=5m ./...
# Integration tests need service containers (Linux-only in Actions).
# Split out from the matrix so it runs once against a real Postgres +
# MinIO and gates on TEST_* env vars the same way a developer would.
integration:
name: integration (postgres + minio)
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_USER: vle
POSTGRES_PASSWORD: vle
POSTGRES_DB: vle_test
ports: ["5432:5432"]
options: >-
--health-cmd "pg_isready -U vle -d vle_test"
--health-interval 5s
--health-timeout 5s
--health-retries 10
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: "1.25"
cache: true
# MinIO can't run as a `services:` container because GitHub Actions
# doesn't expose a way to pass the required `server /data` command.
# Start it in a step instead, wait for health, create the bucket.
- name: Start MinIO
run: |
docker run -d --name minio \
-p 9000:9000 \
-e MINIO_ROOT_USER=minioadmin \
-e MINIO_ROOT_PASSWORD=minioadmin \
quay.io/minio/minio:latest server /data
for i in {1..30}; do
if curl -sf http://localhost:9000/minio/health/live > /dev/null; then
echo "MinIO ready"
break
fi
echo "waiting for MinIO ($i)..."
sleep 2
done
docker run --rm --network host \
-e MC_HOST_local=http://minioadmin:minioadmin@localhost:9000 \
quay.io/minio/mc mb -p local/vle-test
- name: Run integration tests
env:
TEST_DATABASE_URL: postgres://vle:vle@localhost:5432/vle_test?sslmode=disable
TEST_S3_ENDPOINT: http://localhost:9000
TEST_S3_BUCKET: vle-test
TEST_S3_ACCESS_KEY: minioadmin
TEST_S3_SECRET_KEY: minioadmin
TEST_S3_PATH_STYLE: "true"
TEST_S3_REGION: us-east-1
run: go test -count=1 -timeout=5m -run 'Integration' ./...
lint:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version: "1.25"
cache: true
- name: staticcheck
uses: dominikh/staticcheck-action@v1
with:
version: latest
install-go: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v9
with:
version: latest
args: --timeout=5m
govulncheck:
name: govulncheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
with:
go-version: "1.25"
cache: true
- name: Install govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
- name: Scan
run: govulncheck ./...