fix: create manifest in project root to avoid dist clean issue #25
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| tags: | |
| - "v*" | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| env: | |
| GO_VERSION: "1.21" | |
| GOLANGCI_LINT_VERSION: "v1.57" | |
| jobs: | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Run golangci-lint | |
| uses: golangci/golangci-lint-action@v3 | |
| with: | |
| version: ${{ env.GOLANGCI_LINT_VERSION }} | |
| args: --timeout 5m | |
| working-directory: . | |
| - name: Check code formatting | |
| run: | | |
| if [ -n "$(gofmt -l .)" ]; then | |
| echo "The following files need formatting:" | |
| gofmt -l . | |
| exit 1 | |
| fi | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| go-version: ["1.21"] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| cache: true | |
| - name: Download dependencies | |
| run: go mod download | |
| - name: Run tests | |
| run: go test -v -cover -coverprofile=coverage.out ./internal/... | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v5 | |
| if: matrix.go-version == env.GO_VERSION | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| slug: Trozz/terraform-provider-pocketid | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| strategy: | |
| matrix: | |
| include: | |
| - os: linux | |
| arch: amd64 | |
| - os: linux | |
| arch: arm64 | |
| - os: darwin | |
| arch: amd64 | |
| - os: darwin | |
| arch: arm64 | |
| - os: windows | |
| arch: amd64 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Build binary | |
| env: | |
| GOOS: ${{ matrix.os }} | |
| GOARCH: ${{ matrix.arch }} | |
| run: | | |
| output="terraform-provider-pocketid_${{ matrix.os }}_${{ matrix.arch }}" | |
| if [ "${{ matrix.os }}" = "windows" ]; then | |
| output="${output}.exe" | |
| fi | |
| go build -o "$output" -ldflags "-X main.version=${{ github.ref_name }}" . | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: terraform-provider-pocketid_${{ matrix.os }}_${{ matrix.arch }} | |
| path: terraform-provider-pocketid* | |
| # Acceptance tests are not run in CI because Pocket-ID requires: | |
| # 1. Manual passkey registration through the UI | |
| # 2. Manual API key generation through the UI | |
| # 3. No programmatic way to bootstrap an instance | |
| # | |
| # To run acceptance tests locally: | |
| # 1. Start a Pocket-ID instance | |
| # 2. Register a user with a passkey | |
| # 3. Generate an API key | |
| # 4. Set POCKETID_BASE_URL and POCKETID_API_TOKEN | |
| # 5. Run: make test-acc | |
| docs: | |
| name: Documentation | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Install tfplugindocs | |
| run: go install github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs@latest | |
| - name: Generate documentation | |
| run: tfplugindocs generate | |
| - name: Check for uncommitted changes | |
| run: | | |
| if [[ -n $(git status -s) ]]; then | |
| echo "Documentation is out of date. Please run 'make docs' and commit the changes." | |
| git diff | |
| exit 1 | |
| fi | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| needs: [lint, test, build] | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache: true | |
| - name: Import GPG key | |
| id: import_gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Run GoReleaser | |
| uses: goreleaser/goreleaser-action@v5 | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} | |
| security-scan: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| needs: [lint, test] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: "fs" | |
| scan-ref: "." | |
| format: "sarif" | |
| output: "trivy-results.sarif" | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "trivy-results.sarif" | |
| - name: Run gosec security scanner | |
| uses: securego/gosec@master | |
| with: | |
| args: "-fmt sarif -out gosec-results.sarif ./..." | |
| - name: Upload gosec results | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: "gosec-results.sarif" |