-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
switch to using reusable workflows (#149)
While at it also make testing jobs faster by caching more aggressively
- Loading branch information
1 parent
acb536c
commit 2629561
Showing
8 changed files
with
39 additions
and
290 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,13 +9,6 @@ on: | |
|
|
||
| jobs: | ||
| lint-dockerfile: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Lint Dockerfile | ||
| uses: hadolint/[email protected] | ||
| with: | ||
| dockerfile: Dockerfile | ||
| permissions: | ||
| contents: read | ||
| uses: capnspacehook/go-workflows/.github/workflows/lint-docker.yml@master | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,62 +11,7 @@ on: | |
| workflow_dispatch: {} | ||
|
|
||
| jobs: | ||
| check-mod-tidy: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| id: install-go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Ensure go.mod was tidied | ||
| run: | | ||
| go mod tidy -compat ${{ steps.install-go.outputs.go-version }} | ||
| STATUS=$(git status --porcelain go.mod go.sum) | ||
| if [ -n "$STATUS" ]; then | ||
| echo "Running go mod tidy modified go.mod and/or go.sum" | ||
| exit 1 | ||
| fi | ||
| exit 0 | ||
| staticcheck: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 10 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| id: install-go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Lint with staticcheck | ||
| uses: dominikh/[email protected] | ||
| with: | ||
| install-go: false | ||
|
|
||
| golangci-lint: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 15 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| id: install-go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Lint with golangci-lint | ||
| uses: golangci/[email protected] | ||
| lint-go: | ||
| permissions: | ||
| contents: read | ||
| uses: capnspacehook/go-workflows/.github/workflows/lint-go.yml@master | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,126 +8,9 @@ on: | |
| - "v*.*.*" | ||
|
|
||
| jobs: | ||
| release-binary: | ||
| runs-on: ubuntu-latest | ||
| if: github.ref_type == 'tag' | ||
| timeout-minutes: 15 | ||
| release: | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Checkout tags | ||
| run: git fetch --force --tags | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@v4 | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Install cosign | ||
| uses: sigstore/cosign-installer@main | ||
|
|
||
| - name: Build and release with goreleaser | ||
| uses: goreleaser/goreleaser-action@v5 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| distribution: goreleaser | ||
| version: latest | ||
| args: release | ||
|
|
||
| release-image: | ||
| runs-on: ubuntu-latest | ||
| timeout-minutes: 15 | ||
| permissions: | ||
| id-token: write | ||
| packages: write | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install cosign | ||
| uses: sigstore/cosign-installer@v3 | ||
|
|
||
| - name: Install Docker buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Build list of Docker tags to use | ||
| id: tag-types | ||
| run: | | ||
| if [[ ${{ contains(github.ref, 'tag') }} == true ]]; then | ||
| TAGS=" | ||
| type=semver,pattern={{major}},priority=920 | ||
| type=semver,pattern={{major}}.{{minor}},priority=910 | ||
| type=semver,pattern={{version}},priority=900 | ||
| type=ref,event=branch | ||
| type=sha,format=long" | ||
| else | ||
| TAGS=" | ||
| type=ref,event=branch | ||
| type=sha,format=long" | ||
| fi | ||
| # https://trstringer.com/github-actions-multiline-strings | ||
| { | ||
| echo "TAGS<<EOF" | ||
| echo "$TAGS" | ||
| echo "EOF" | ||
| } >> "$GITHUB_ENV" | ||
| - name: Set Docker labels and tags | ||
| id: metadata | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ghcr.io/${{ github.repository }} | ||
| flavor: | | ||
| latest=true | ||
| tags: ${{ env.TAGS }} | ||
|
|
||
| - name: Login to container registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Get latest git tag | ||
| id: get-tag | ||
| uses: olegtarasov/[email protected] | ||
|
|
||
| - name: Set build arguments | ||
| id: build-args | ||
| run: | | ||
| VERSION=${{ steps.get-tag.outputs.tag }} | ||
| if [[ -z ${VERSION} ]]; then | ||
| VERSION=devel | ||
| fi | ||
| echo "version=${VERSION}" >> "${GITHUB_OUTPUT}" | ||
| - name: Build and push Docker image | ||
| id: build-push | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| push: true | ||
| build-args: | | ||
| VERSION=${{ steps.build-args.outputs.version }} | ||
| tags: ${{ steps.metadata.outputs.tags }} | ||
| labels: ${{ steps.metadata.outputs.labels }} | ||
|
|
||
| - name: Sign container image | ||
| env: | ||
| COSIGN_EXPERIMENTAL: "true" | ||
| run: cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build-push.outputs.digest }} | ||
|
|
||
| - name: Scan container image for vulnerabilities | ||
| uses: chainguard-images/actions/vul-scans@main | ||
| with: | ||
| image: ghcr.io/${{ github.repository }}@${{ steps.build-push.outputs.digest }} | ||
| RUN_SNYK: false | ||
| uses: capnspacehook/go-workflows/.github/workflows/release.yml@master | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,6 +10,9 @@ on: | |
|
|
||
| workflow_dispatch: {} | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| race-test: | ||
| # required for nftables to work correctly | ||
|
|
@@ -20,10 +23,12 @@ jobs: | |
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@v4 | ||
| uses: WillAbides/setup-go[email protected] | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Cache Go files | ||
| uses: capnspacehook/cache-go@v1 | ||
|
|
||
| # the test is compiled and run as root so that whalewall can | ||
| # interface with nftables, which is a privileged operation | ||
|
|
@@ -39,10 +44,12 @@ jobs: | |
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@v4 | ||
| uses: WillAbides/setup-go[email protected] | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Cache Go files | ||
| uses: capnspacehook/cache-go@v1 | ||
|
|
||
| # run the integration tests but use a binary to create rules | ||
| # to test with landlock and seccomp filters active | ||
|
|
@@ -71,10 +78,12 @@ jobs: | |
| tags: whalewall:test | ||
|
|
||
| - name: Install Go | ||
| uses: actions/setup-go@v4 | ||
| uses: WillAbides/setup-go[email protected] | ||
| with: | ||
| go-version-file: go.mod | ||
| check-latest: true | ||
|
|
||
| - name: Cache Go files | ||
| uses: capnspacehook/cache-go@v1 | ||
|
|
||
| # run the integration tests but use a container to create rules | ||
| # to test with landlock and seccomp filters active | ||
|
|
||
Oops, something went wrong.