workflows simplified #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'validate and build draft OCI Image' | |
| on: | |
| push: | |
| branches-ignore: | |
| - 'master' | |
| paths-ignore: | |
| - '.github' | |
| jobs: | |
| buildImage: | |
| runs-on: 'ubuntu-24.04' | |
| permissions: | |
| contents: 'read' | |
| packages: 'write' | |
| steps: | |
| - name: 'checkout code' | |
| uses: 'actions/[email protected]' | |
| with: | |
| fetch-depth: 0 | |
| - name: 'install mdq' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| curl -LO https://github.com/yshavit/mdq/releases/download/v0.9.0/mdq-linux-x64.tar.gz | |
| tar -xf mdq-linux-x64.tar.gz | |
| rm mdq-linux-x64.tar.gz | |
| - name: 'populate env vars' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| BUILD_DATE="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" | |
| GIT_COMMIT="$(git rev-parse HEAD)" | |
| GIT_TAG="$(./mdq -o json "#" CHANGELOG.md | jq -r .items[0].section.body[0].section.title)" | |
| LDFLAGS="-X 'github.com/sapcc/concourse-netbox-resource/internal/helper.gitCommit=${GIT_COMMIT}' -X 'github.com/sapcc/concourse-netbox-resource/internal/helper.buildDate=${BUILD_DATE}' -X 'github.com/sapcc/concourse-netbox-resource/internal/helper.gitVersion=${GIT_TAG}'" | |
| GO_VERSION="$(go list -f {{.GoVersion}} -m)" | |
| echo "GIT_COMMIT=${GIT_COMMIT}" >> "$GITHUB_ENV" | |
| echo "GIT_TAG=${GIT_TAG}" >> "$GITHUB_ENV" | |
| echo "BUILD_DATE=${BUILD_DATE}" >> "$GITHUB_ENV" | |
| echo "LDFLAGS=${LDFLAGS}" >> "$GITHUB_ENV" | |
| echo "GO_VERSION=${GO_VERSION}" >> "$GITHUB_ENV" | |
| - name: 'validate env vars' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| if [[ ! "${GIT_TAG}" =~ ^v(0|[1-9]+)\.(0|[1-9]+)\.(0|[1-9]+)$ ]]; then | |
| echo "Invalid version format: ${GIT_TAG} does not match pattern vX.Y.Z" | |
| echo 'Examples:' | |
| echo -e " valid:\tv0.0.1" | |
| echo -e " invalid:\t0.0.1" | |
| echo -e " invalid:\tv00.0.1" | |
| echo -e " invalid:\tv01.0.1" | |
| echo -e " valid:\tv1.0.1" | |
| echo 'Please check the CHANGELOG.md for a valid version heading' | |
| exit 1 | |
| fi | |
| if git tag --list "${GIT_TAG}" | grep -q "${GIT_TAG}";then | |
| echo "A Git tag already exists for the version ${GIT_TAG} found in the CHANGELOG.md" | |
| exit 1 | |
| fi | |
| - name: 'setup go' | |
| uses: 'actions/[email protected]' | |
| with: | |
| go-version: "${{ env.GO_VERSION }}" | |
| - name: 'golangci-lint' | |
| uses: 'golangci/[email protected]' | |
| with: | |
| version: 'v2.4.0' | |
| - name: 'govulncheck' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck -format text -show verbose ./... | |
| - name: 'go test' | |
| shell: 'bash' | |
| run: 'go test -ldflags "${LDFLAGS}" -cover ./...' | |
| - name: 'go build' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| go build -ldflags "${LDFLAGS}" -o check main.go | |
| - name: 'validate version' | |
| shell: 'bash' | |
| run: | | |
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| ./check -v | grep -q "${GIT_TAG}" | |
| ./check -c in -v | grep -q "${GIT_TAG}" | |
| ./check -c out -v | grep -q "${GIT_TAG}" | |
| - name: 'container registry login' | |
| uses: 'docker/[email protected]' | |
| with: | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| registry: 'ghcr.io' | |
| username: "${{ github.actor }}" | |
| - name: 'fetch metadata for the image build' | |
| id: 'meta' | |
| uses: 'docker/[email protected]' | |
| with: | |
| images: "ghcr.io/${{ github.repository }}" | |
| tags: | | |
| type=raw,value=${{ env.GIT_TAG }} | |
| type=raw,value=draft | |
| - name: 'build and push image' | |
| uses: 'docker/[email protected]' | |
| with: | |
| context: '.' | |
| build-args: | | |
| BUILDER_VERSION=${{ env.GO_VERSION }}-bookworm | |
| GIT_COMMIT=${{ env.GIT_COMMIT }} | |
| GIT_TAG=${{ env.GIT_TAG }} | |
| BUILD_DATE=${{ env.BUILD_DATE}} | |
| labels: "${{ steps.meta.outputs.labels }}" | |
| tags: "${{ steps.meta.outputs.tags }}" | |
| platforms: 'linux/amd64' | |
| push: true |