go-money/.github/workflows/pull_request.yaml at 889f0671bee11849ff51b8709bdc2c3c8520b5a6 · ft-t/go-money · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
on:
  pull_request:
  push:
    branches:
      - master

jobs:
  lint:
    runs-on: ubuntu-latest
    container: golang:1.25-alpine
    env:
      ENVIRONMENT: ci
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - run: apk update && apk add curl openssl git openssh-client build-base && mkdir -p /root/.ssh
      - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
        if: github.ref != 'refs/heads/master'
        with:
          version: latest
          args: --timeout=5m --tests=false ./...
  test:
    runs-on: ubuntu-latest
    container: golang:1.25-alpine
    services:
      postgres:
        image: postgres:latest
        env:
          POSTGRES_PASSWORD: test
          POSTGRES_HOST_AUTH_METHOD: trust
    env:
      ENVIRONMENT: ci
      DB_DB: money
      DB_HOST: postgres
      DB_USER: postgres
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - run: apk update && apk add curl openssl git openssh-client build-base bash gpg && mkdir -p /root/.ssh
      - run: wget -O /usr/bin/mockgen https://github.com/skynet2/mock/releases/latest/download/mockgen && chmod 777 /usr/bin/mockgen
      - run: make generate
      - run: ENVIRONMENT=ci go test -json -coverprofile=/root/coverage_temp.txt -covermode=atomic ./... > /root/test.json
      - run: cat /root/coverage_temp.txt | grep  -v "_mock.go" | grep -v "migrations.go" | grep -v "_mocks.go" | grep  -v "_mocks_test.go" | grep -v "_mock_test.go" | grep -v "main.go" | grep -v "db.go" | grep -v "testingutils" | grep -v "boilerplate" > /root/coverage.txt || true
      - name: Upload coverage report
        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: /root/coverage.txt
          flags: unittests
      - run: cat /root/test.json
        if: always()
      - run: wget https://github.com/mfridman/tparse/releases/latest/download/tparse_linux_x86_64 -O tparse && chmod 777 tparse && ./tparse -all -file=/root/test.json
        if: always()
      - uses: guyarb/golang-test-annotations@96fc379b171c49932041d6c789e73331a7bdeec1 # v0.9.0
        if: always()
        with:
          test-results: /root/test.json
  frontend:
    runs-on: ubuntu-latest
    container: node:24-alpine
    steps:
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install and build frontend
        working-directory: frontend
        run: npm install && npm run build
  helm-test:
    runs-on: ubuntu-latest
    container: alpine/helm
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - run: helm lint helm
  trivy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
        with:
          scan-type: fs
          scan-ref: .
          format: table
          exit-code: '1'
          ignore-unfixed: true
          severity: HIGH,CRITICAL
          skip-dirs: frontend
  govulncheck:
    runs-on: ubuntu-latest
    container: golang:alpine
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - run: apk update && apk add git
      - run: go install golang.org/x/vuln/cmd/govulncheck@latest
      - run: govulncheck ./...