fix: improve cleanup file detection and add metrics tracking #110
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ 'v*' ] | |
| paths: | |
| - '**.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'cmd/**' | |
| - 'internal/**' | |
| - 'pkg/**' | |
| - 'Dockerfile' | |
| - '.github/workflows/ci.yml' | |
| pull_request: | |
| branches: [ main ] | |
| paths: | |
| - '**.go' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - 'cmd/**' | |
| - 'internal/**' | |
| - 'pkg/**' | |
| - 'Dockerfile' | |
| - '.github/workflows/ci.yml' | |
| jobs: | |
| test-matrix: | |
| name: Test Go ${{ matrix.go-version }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| go-version: ['1.22', '1.23', '1.24'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go ${{ matrix.go-version }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ matrix.go-version }}-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-${{ matrix.go-version }}- | |
| - name: Get dependencies | |
| run: go mod download | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Run go vet | |
| run: go vet ./... | |
| - name: Run tests | |
| run: go test -v -race -coverprofile=coverage.out ./... | |
| - name: Upload coverage to Codecov | |
| if: matrix.go-version == '1.23' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| - name: Build main binary | |
| run: CGO_ENABLED=0 go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -v -o tenangdb ./cmd | |
| - name: Build exporter binary | |
| run: CGO_ENABLED=0 go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -v -o tenangdb-exporter ./cmd/tenangdb-exporter | |
| security-and-lint: | |
| name: Security & Lint | |
| runs-on: ubuntu-latest | |
| needs: test-matrix | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.23' | |
| - name: Cache Go modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-1.23-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go-1.23- | |
| - name: Run linting | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| args: --timeout=5m | |
| - name: Run security checks | |
| run: | | |
| echo "🔍 Running security checks..." | |
| # Check for hardcoded secrets | |
| if grep -r "password\|secret\|key" --include="*.go" . > /dev/null 2>&1; then | |
| echo "⚠️ Found potential hardcoded secrets" | |
| grep -r "password\|secret\|key" --include="*.go" . | head -3 | |
| else | |
| echo "✅ No hardcoded secrets found" | |
| fi | |
| # Run vulnerability check | |
| echo "🔍 Running vulnerability scan..." | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck ./... | |
| echo "✅ Security checks completed" | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: [test-matrix] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Build Docker image for testing | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| load: true | |
| tags: tenangdb:test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test basic functionality | |
| run: | | |
| echo "🧪 Testing basic functionality with Docker..." | |
| # Test main binary version command | |
| docker run --rm tenangdb:test version | |
| # Test main binary help command | |
| docker run --rm tenangdb:test --help | |
| # Test backup command help | |
| docker run --rm tenangdb:test backup --help | |
| # Test exporter binary version command | |
| docker run --rm tenangdb:test tenangdb-exporter version | |
| # Test exporter binary help command | |
| docker run --rm tenangdb:test tenangdb-exporter --help | |
| # Test invalid config handling for main binary | |
| if docker run --rm tenangdb:test backup --config non-existent-config.yaml --dry-run 2>/dev/null; then | |
| echo "❌ Should fail with non-existent config" | |
| exit 1 | |
| else | |
| echo "✅ Properly handles non-existent config" | |
| fi | |
| echo "✅ Integration tests completed successfully" | |
| docker-build: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: [test-matrix, security-and-lint] | |
| if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| labels: | | |
| org.opencontainers.image.title=TenangDB | |
| org.opencontainers.image.description=Backup yang Bikin Tenang - MySQL backup automation tool | |
| org.opencontainers.image.vendor=Ainun Abdullah | |
| org.opencontainers.image.licenses=MIT | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} | |
| COMMIT_SHA=${{ github.sha }} | |
| status-check: | |
| name: Status Check | |
| runs-on: ubuntu-latest | |
| needs: [test-matrix, security-and-lint, integration-test, docker-build] | |
| if: always() | |
| steps: | |
| - name: Check all jobs | |
| run: | | |
| if [ "${{ needs.test-matrix.result }}" != "success" ]; then | |
| echo "test-matrix failed: ${{ needs.test-matrix.result }}" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.security-and-lint.result }}" != "success" ]; then | |
| echo "security-and-lint failed: ${{ needs.security-and-lint.result }}" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.integration-test.result }}" != "success" ]; then | |
| echo "integration-test failed: ${{ needs.integration-test.result }}" | |
| exit 1 | |
| fi | |
| if [ "${{ needs.docker-build.result }}" != "success" ] && [ "${{ needs.docker-build.result }}" != "skipped" ]; then | |
| echo "docker-build failed: ${{ needs.docker-build.result }}" | |
| exit 1 | |
| fi | |
| echo "All CI checks passed successfully!" |